Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Something is hijacking my DNS and it's not the HOSTS file

Status
Not open for further replies.
irbk

irbk

MIS
Joined
Oct 20, 2004
Messages
578
Location
US
I'm having some kind of spyware infection going on and I just can't figure out where else to look. I go to nslookup and lookup say (home of spybot S&D) and it resolves the ip correctly. However, when I go to ping (or any 1 of many other security related sites) it resolves to localhost (127.0.0.1). It's not in the hosts file. The only thing in the hosts file is LocalHost. I've also checked the registry setting HKLM\System\CurrentControlSet\Services\Tcpip\Parameters and made sure that the "DataBasePath" was correct and it is. I've tested adding things to the hosts file and the system IS in fact reading the hosts file. I'm totally lost as to where else to look to try and diagnose this. Any help would be much appreshated!
 
Sort by date Sort by votes
Looks like it was a rootkit and a trojan that were causing all the problems. Don't know how, but sdfix.exe got them nailed and cleaned up. Had to download sdfix.exe from saved the file into a C:\Temp dir and then booted into safe mode. In safe mode I ran the sdfix.exe which extracts itself to %SystemDrive%\sdfix
I then ran the RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
Press any Key and it will restart the PC. When the PC rebooted, I went into safe mode again and let sdfix finish it's run. It found the rootkit and trojan and removed them. Once it was done, I ran it a second time and found another round of trojans. Rebooted into safe mode again and ran the SDFix for a 3rd time, one last reboot into safe mode to finish the SDFix run and now it looks like I'm good. I don't know how the rootkit or trojan was redirecting my DNS, but it seems fixed now.
 
Upvote 0 Downvote
Thanks for finding the solution, that fixed your problem, and for posting it here, so that others may find it useful...

Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

hamburg18w
  • Locked
  • Question Question
Task Host is Stopping the Shutdown
Replies
1
Views
1K
Ign3us
Ign3us
Flinx
  • Locked
  • Question Question
backup fails with error code 0x81000019 and possible fix
Replies
5
Views
2K
Flinx
Flinx
Flinx
  • Locked
  • Question Question
the SAGA of trying to get a computer to sleep and wake up on a schedule
Replies
1
Views
3K
Flinx
Flinx
pmonett
  • Locked
  • Question Question
What is this now ?
Replies
8
Views
2K
pmonett
pmonett
pjw001
  • Locked
  • Question Question
Programs not loading on Windows 11 Version 22H2.
Replies
9
Views
2K
pjw001
pjw001

Part and Inventory Search

Sponsor

Back
Top