John said:
I issued the command "ipconfig /displaydns" from a command prompt
and saw many records. I then issued "ipconfig /flushdns" followed
by "ipconfig /displaydns". I saw even more records, including
doubleclick.net.
Is it a good idea to eliminate those records from dns? If so, how?
Ipconfig /displaydns is the command that displays the contents of the DNS
Client cache (Not to be confused with the DNS server cache). Flushing the
cache should not have displayed more records in the cache, flushing the
cache then displaying the cache should only show the contents of the HOSTS
file because the HOSTS file is loaded to the DNS Client cache.
If you are showing a lot of records in the HOSTS file can be caused by a
hijacked HOSTS file. Although some anti-spyware software itself hijacks the
HOSTS file to prevent known spyware sites from being accessed. You should
very carefully look at the HOSTS file and make sure it has not been hijacked
by a virus or Trojan. If it has been hijacked by a virus or a Trojan it will
have entries that can prevent antivirus software from accessing update
sites.
As for the doubleclick.net entry, this site is well known for adware and
spyware, I block that domain myself by adding a doubleclick.net zone to DNS.
But to say one way or the other whether it is caused by malware or adware, I
would have to see what the contents of the HOSTS file actually is.
