Author Topic: PUM.dns after scan: Question about DHCPNameServer value on REG key  (Read 4212 times)

0 Members and 1 Guest are viewing this topic.

December 06, 2015, 07:58:12 PM

Cerulean Fish

  • Newbie

  • Offline
  • *

  • 1
  • Reputation:
    0
    • View Profile
Hello Group, thanks Adlice for offering the RogueKiller tool. I'm running a laptop with Win7 Home Premium SP1 patched current, 64bit. My roomate lets me leech his WIFI, AT&T U-verse on a 18/3 line. I've been seeing gateway.pace.com come up a lot. May I ask a question about results here please, specifically PUM.dns.

I had PUM.dns come up reporting three keys:
My Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{...long ID string...}
                                                                  ...\ControlSet001\...
                                                                  ...\ControlSet002\...
The value label is: DhcpNameServer/ Value is a pair of IPs: 198.224.171.135 198.224.168.135
whois on the IP yeilded: Service Provider Corporation

Question: Why is this config flagged as a PUM? I have a generic understanding of networking, DHCP and DNS. But I'm curious why I have the REG key entries on my system. My goal is to understand the risk presented and re-config if needed.

Thank you for your time reading this. /Cie

Reply #1December 07, 2015, 02:10:27 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: PUM.dns after scan: Question about DHCPNameServer value on REG key
« Reply #1 on: December 07, 2015, 02:10:27 PM »
Hi Cerulean Fish,

Welcome to Adlice.com Forum.
Theses lines match the adress of the Domain Name System and DHCP servers used by your computer to access Internet.

RogueKiller is currently unable to check if these values are legit or not. That's why they are flagged as PUMs.
In your case, they are perfectly safe. ;)

Regards.

Note : This thread has been moved to the "RogueKiller" section for clarity.