DNS hijack? or malicious firmware on Netgear R7000? or just Ok?

Highlighted
Scholar

DNS hijack? or malicious firmware on Netgear R7000? or just Ok?

After router check it says everything seems to be ok, but check interrupted.
 
Netgear R7000, Firmware:V1.0.9.6_1.2.19
Domain Name Server (DNS) Address
Get Automatically from ISP <-- selected
 
 
F-Secure Router Checker | Onko Internet-yhteytesi turvallinen?

DNS:n IP
91.233.116.241
AS-numero
51765
AS-organisaatio
Oy Crea Nova Russia LTD
ISP
Oy Crea Nova Russia LTD
Organisaatio
Oy Crea Nova Russia LTD
Maanosan koodi
EU
Maanosan nimi
Europe
Maan koodi
FI
Maan nimi
Finland
Rekisteröity maan koodi
FI
Rekisteröity maan nimi
Finland
Tunnettu julkinen DNS-palvelin
 
IfI put manually dns 8.8.8.8 everythin, then router check says everything is ok.
 
Im using elisa internet and I think it should use these: 195.197.54.100 212.54.0.3
or something else from Elisa, but with "Get automatically from ISP" it uses that dns
pointing to Oy Crea Nova Russia LTD.

1 ACCEPTED SOLUTION

Accepted Solutions
Scholar

Re: DNS hijack? or malicious firmware on Netgear R7000? or just Ok?

Thanks Ukko, it is Avast. I didn't know this feature and after changing settings in router, and restarting it, it showed everything ok. So after restarting the router there was some time before Avast set up that dns again.
2 REPLIES 2
Superuser

Re: DNS hijack? or malicious firmware on Netgear R7000? or just Ok?

Hello,

 

Sorry for my reply (I'm only F-Secure user);

Maybe you able to contact Elisa and ask them about this situation (?!).

 

Because AS-number/IP and organization-name looks as valid things (based on Google); With all abilities to be "just OK";

And maybe Elisa able to use their DNS-servers (?! or so);

Also looks like that 'Oy Crea Nova' partly can be related with VPN-services --> because some of IPs/Servers related with some VPN-services (not check it more -> but some VPN Service; And this certain IP from your log -> previously used by Avast VPN?!); So, quite likely that they able to provide different services and resources;

 

Good if there will be official response or suggestion from more experienced users.

 

Thanks!

Scholar

Re: DNS hijack? or malicious firmware on Netgear R7000? or just Ok?

Thanks Ukko, it is Avast. I didn't know this feature and after changing settings in router, and restarting it, it showed everything ok. So after restarting the router there was some time before Avast set up that dns again.