This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AFCd from LAN

I have seen some old posts regarding AFCd, but not one where it appears the source is on LAN. This is new. On about 2017-11-16 I started seeing this, where 192.168.25.52 is the LAN Domain Controller.

It looks to me like AFCd, whatever it is, is trying to resolve a domain to contact. 192.168.25.52 is the local DNS server also.

We scanned 192.168.25.52 multiple time with Webroot, Malwarebytes, SuperAntivirus and Sophos Virus Removal and found absolutely nothing. Could it be that some other computer is infected and the firewall only alerts when the local DNS forwards the request?

Has anyone been able to find and remove AFCd? If so, how?

This thread was automatically locked due to age.

Parents

0 mod2402 over 7 years ago

Hi Dean,

bobs hint is best. But if you don't have the ability to change your dns config you should activate debug logging on your windows dns server. If you have windows dns in place.

Then you can see which client asks for this destination.

regards

mod
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 mod2402 over 7 years ago

Hi Dean,

bobs hint is best. But if you don't have the ability to change your dns config you should activate debug logging on your windows dns server. If you have windows dns in place.

Then you can see which client asks for this destination.

regards

mod
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data