[Last Call] Learn how to a build a cloud-first strategyRegister Now


Sonicwall VPN Client and Hosts files are not working... I think its spyware

Posted on 2004-11-03
Medium Priority
Last Modified: 2012-06-22
One of our users laptops stopped resoulving host file entries correctly. For example:

Hosts entry    SVRHOME

The public IP for that private network is and is set as the Gateway IP Address for the VPN connection.

When I ping SVRHOME it resolves the public address instead of the entry that is in the hosts file,
I checked for spyware and did find mysearch bar installed. So I ran hijackthis and removed the entries and then ran Adaware to find anything else.
I then booted into safemode under the local admin account and deleted the files in Temp, Temp Internet, and PreFetch.
Booted back up, adaware again which came back clean and then ran winsockfix.
After the reboot I tested it again and it was doing the same thing. So I then uninstalled the VPN client software and rebooted then reinstalled it.

Still resolving the wrong IP. Any ideas? I saw this one other time and gave up and just built the use a new laptop. Since this is the second time this has happend I would like to find a solution.
Question by:noodleNT

Expert Comment

ID: 12490582
has you vpn connection got "allow netbios traffic" set ?
try a tracert to svrhome


Expert Comment

ID: 12491033
I'd just double check a few things. Make sure there's no extra extension on the file it shold just be called "hosts", sometimes programs like to add .txt or whatever to the end of it. Also, make sure that nothing apart from "hostname ip"
appears in it, except for the comments of course.

Fqiling that, can you post it so we can have a look? remove the IPs if you're worried.

Author Comment

ID: 12495589
The host file was fine. I even gave the guy mine thinking his got corrupted. There is no file extension on the host file or anything in the file.

Example of the host file:       localhost      svrmail      svrmail.mydomain.com      ftp.city.mydomain.com      svrfiles      svrfiles.mydomain.com
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.


Author Comment

ID: 12560029
Any Ideas?

Expert Comment

ID: 12563804
are both his laptop and the domain using class C subnet masks ?

Author Comment

ID: 12570542
I got it working:

TCP/IP Properties\Advanced\Options Tab
TCP/IP Filtering was Enabled and set to Permit only for chech port and protocal with each field blank. In essence blocking everything. (I think spyware did this.)

Then replaced all files in c:\windows\sytem32\drivers\etc with ones from a working laptop. (For the hell of it.)

Accepted Solution

DarthMod earned 0 total points
ID: 12983119
Submitted to PAQ with points refunded (500)

Community Support Moderator

Author Comment

ID: 13863160
Happend to someone new today and the damn fix above wont fix it!! ARG!

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question