mattronic

Q: why is mDNSresponder connecting to cyberghost servers? (continuously)

I noticed a lot of activity through TCPblock after running CyberGhost VPN.  TCPblock is reporting frequent (almost continuous) connections both out going and incoming to Manchester and Frankfurt servers for CyberGhost through mDNSresponder.  So I trashed the app, but the connections continue.  Probably no big deal, but why is mDNSresponder connecting to CyberGhost servers?  How do I stop it?  Blocking the connections results in no internet connection at all.  This is a Bonjour service, and it is like CyberGhost has hi-jacked it.  Thanks for any help on this.

iMac (24-inch Mid 2007), OS X Yosemite (10.10.5)

Posted on May 16, 2016 11:18 PM

Close

Q: why is mDNSresponder connecting to cyberghost servers? (continuously)

  • All replies
  • Helpful answers

  • by leroydouglas,

    leroydouglas leroydouglas May 17, 2016 9:57 AM in response to mattronic
    Level 7 (23,578 points)
    Notebooks
    May 17, 2016 9:57 AM in response to mattronic

    There is a Mac DNS Changer malware from years ago.

     

    DNSChanger

  • by mattronic,

    mattronic mattronic May 17, 2016 2:54 PM in response to leroydouglas
    Level 1 (8 points)
    Mac OS X
    May 17, 2016 2:54 PM in response to leroydouglas

    Thanks leroydouglas,

     

    I looked through the links and downloaded the checker / remover and it was not the problem.  However something related that I read lead me to check my DNS settings (kind of an obvious thing I realise) and there I found the 2 Cyberghost servers listed.  So I gather that Cyberghost replaced my default server with two of their own, and mDNSResponder was just doing its job.  No Malware, just a hangover from running Cyberghost.  A little annoying, given the time spent trying to figure this out, that Cyberghost doesn't mention it will be doing this, and that to uninstall their product you need to remove their servers from the DNS settings.  I haven't found anything related to this in their support documentation, and you need to be a premium user to contact them.

    I don't have a great understanding of what this is all about, and if there is any reason not to leave their servers in my DNS settings, but at least I know how to solve this now.

     

    Thanks again.

  • by leroydouglas,

    leroydouglas leroydouglas May 17, 2016 4:06 PM in response to mattronic
    Level 7 (23,578 points)
    Notebooks
    May 17, 2016 4:06 PM in response to mattronic

    mattronic wrote:

     

    and if there is any reason not to leave their servers in my DNS settings, but at least I know how to solve this now.

     

    As long as the Cyberghost is not slowing you down i.e. a bottleneck in your internet speed. 

     

    You can compare speeds of DNServers. Especially compare openDNS and GooglePublicDNS

     

    https://code.google.com/archive/p/namebench/downloads

    see: namebench-1.3.1-Mac_OS_X.dmg