Why DNSAPI.DLL want to access internet?

Discussion in 'LnS English Forum' started by swbbbb, Dec 23, 2008.

Thread Status:
Not open for further replies.
  1. swbbbb

    swbbbb Registered Member

    Joined:
    Dec 23, 2008
    Posts:
    3
    11.PNG

    hi, guys

    I found this recently, some programs start DNSAPI.DLL to connect to internet(e.g. mediaplayer, flashget, Kmplayer), but some don't(e.g. IE, maxthon, kaspersky). Is this normal? I have used LNS for years but it never happend before, and I pretty sure my system(xp pro) is clean, is it cause by Windows update? I don't like it, what can I do to avoid it?

    Any suggestion would be appreciated.
    Sam
     
  2. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi swbbbb :)

    DNSAPI.dll : this is a Microsoft dynamic link library...

    See this for example: DNSAPI.DLL in MSKB

    Domain Name Service Application Programing Interface:

    This library is used in Internet connections for applications such as WMP, IE, etc.

    Don't worry about this.

    :)
     
  3. swbbbb

    swbbbb Registered Member

    Joined:
    Dec 23, 2008
    Posts:
    3
    Hi Climenole, thanks a lot.

    I know DNSAPI.DLL come from Microsoft and What's it used for, but why it never happened before(I am sure not because of the DLL Setting of my LNS) and why some network program dosn't invoke this file? I am concerned about if some malware or improper configuration cause this change, just 3 questions:

    1. Does this also happen to you guys who use XP pro? BTW my Win2k doesn't.
    2. Does this cause by Windows update?
    3. How to avoid it?

    Thanks again!
     
  4. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi swbbbb

    I'm using Wxp pro and I don't have this DLL detected by LnS...
    May be because I'm not using MS softwares such as WMP ou IE...

    One important remark:

    LnS check the DLL used by programs even these programs or the DLL associated with them
    do not actually make a connection to a Web site over Internet.

    This LnS checkup is used to calculate the checksum to identify the program or the dll in case they makes an actual connection to Internet i.e. connecting a web site of any kind. An example of this may be the windows explorer which is used to launch programs making actual connection to an Internet site such as browsers but windows explorer is a "RUN" program not an "EXE" program and, actually, it makes no connection external to your PC.

    Now:

    I found this security bulletin about this DLL but it was dated of July 2008...

    technet security Bulletin MS08-037 Important
    Vulnerabilities in DNS Could Allow Spoofing (953230)
    Published: July 8, 2008 | Updated: July 25, 2008


    Did your Windows is up-to-date?

    1)

    You may check it at the Secunia web site with the online scan or with their PSI software localy...

    Works in any browser + Java:

    secunia vulnerability scanning

    2)

    In LnS Option Tab, advanced options, DLL button:

    Check if this DLL is in the list and add the logging option for this DLL so you'll have a track of it in the log. Check with wich program this dll is detected by LnS...

    3) You may also check the checksum of this dll

    I have this DLL at these locations:

    (Updates files only)

    C:\windows\$hf_mig$\KB914388\SP2QFE\dnsapi.dll (144 Ko, 19/5/2006 09:16:51)
    C:\windows\$hf_mig$\KB920683\SP2QFE\dnsapi.dll (144 Ko, 26/6/2006 12:47:08 )
    C:\windows\$hf_mig$\KB945553\SP2QFE\dnsapi.dll (145 Ko, 20/2/2008 00:20:23)
    C:\windows\$hf_mig$\KB951748\SP2QFE\dnsapi.dll (145 Ko, 20/6/2008 12:37:01)
    C:\windows\$hf_mig$\KB951748\SP3GDR\dnsapi.dll (145 Ko, 20/6/2008 12:47:22)
    C:\windows\$hf_mig$\KB951748\SP3QFE\dnsapi.dll (145 Ko, 20/6/2008 12:44:02)
    C:\windows\$NtServicePackUninstall$\dnsapi.dll (146 Ko, 20/6/2008 12:41:06)
    C:\windows\$NtUninstallKB951748$\dnsapi.dll (145 Ko, 13/4/2008 18:33:24)
    C:\windows\$NtUninstallKB951748_0$\dnsapi.dll (145 Ko, 26/6/2006 12:41:32)
    C:\windows\ServicePackFiles\i386\dnsapi.dll (145 Ko, 13/4/2008 18:33:24)
    C:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\dnsapi.dll (145 Ko, 13/4/2008 21:33:22)
    C:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\backup\dnsapi.dll (136 Ko, 24/8/2001 07:00:00)
    C:\windows\SoftwareDistribution\Download\S-1-5-18\0e92ff5501f813d2ec95068424de2bb6\backup\dnsapi.dll (136 Ko, 24/8/2001 07:00:00)

    But this is OK if this DLL is in these two locations (and they must be the same):

    C:\windows\system32\dnsapi.dll (145 Ko, 20/6/2008 12:47:22)
    C:\windows\system32\dllcache\dnsapi.dll (145 Ko, 20/6/2008 12:47:22)

    This is the informations from FileAlyzer:

    ********************************************************************
    FileAlyzer © 2003-2006 Safer Networking Ltd. All Rights Reserved.
    ********************************************************************


    File: C:\WINDOWS\system32\dnsapi.dll
    Date: 25/12/2008 03:15:11


    Location: C:\WINDOWS\system32\
    Size: 147968
    Version: 5.1.2600.5625

    CRC-32: E98CB169
    MD5: 4107C23C8F44E28EFF27B7D92EDBA479
    SHA1: A90FDB91A6BE6674D575699D7EDFE3CFA069AE1D

    Date: friday, june 20 2008 12:47:22
    Creation: thursday, august 05 2004 07:00:00
    Last access: thursday, decembre 25 2008 02:39:26
    Last modif. friday, june 20 2008 12:47:22

    Normally, if your OS is Wxp and it is up-to-date the file must be exactly like this...

    FileAlyzer

    Hope this help. Let us know.

    :)
     
    Last edited: Dec 25, 2008
  5. swbbbb

    swbbbb Registered Member

    Joined:
    Dec 23, 2008
    Posts:
    3
    :thumb: Great! Climenole, very useful info.

    Yes, my Windows is up-to-date. And finally I figure it out the problem cause by Kaspersky Internet Security 7.0, I had disable it's buildin firewall so I guess it's anti phishing websites component trigger the LNS's prompt. In order to confirm that I uninstall KIS and the problem gone, quit KIS doesn't help. In my Win2k I had installed KAV not KIS so doesn't have the same problem.

    Cheers!:)
     
  6. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    HI swbbbb :)

    Okay... Having two firewall simultaneously is not a good idea...

    I guess you spot the problem like a pro. Great!

    Have a nice day!

    :)
     
Thread Status:
Not open for further replies.