noodleNT
asked on
Sonicwall VPN Client and Hosts files are not working... I think its spyware
One of our users laptops stopped resoulving host file entries correctly. For example:
Hosts entry
192.168.1.10 SVRHOME
The public IP for that private network is 26.120.23.5 and is set as the Gateway IP Address for the VPN connection.
When I ping SVRHOME it resolves the public address 26.120.23.5 instead of the entry that is in the hosts file, 192.168.1.10.
I checked for spyware and did find mysearch bar installed. So I ran hijackthis and removed the entries and then ran Adaware to find anything else.
I then booted into safemode under the local admin account and deleted the files in Temp, Temp Internet, and PreFetch.
Booted back up, adaware again which came back clean and then ran winsockfix.
After the reboot I tested it again and it was doing the same thing. So I then uninstalled the VPN client software and rebooted then reinstalled it.
Still resolving the wrong IP. Any ideas? I saw this one other time and gave up and just built the use a new laptop. Since this is the second time this has happend I would like to find a solution.
Hosts entry
192.168.1.10 SVRHOME
The public IP for that private network is 26.120.23.5 and is set as the Gateway IP Address for the VPN connection.
When I ping SVRHOME it resolves the public address 26.120.23.5 instead of the entry that is in the hosts file, 192.168.1.10.
I checked for spyware and did find mysearch bar installed. So I ran hijackthis and removed the entries and then ran Adaware to find anything else.
I then booted into safemode under the local admin account and deleted the files in Temp, Temp Internet, and PreFetch.
Booted back up, adaware again which came back clean and then ran winsockfix.
After the reboot I tested it again and it was doing the same thing. So I then uninstalled the VPN client software and rebooted then reinstalled it.
Still resolving the wrong IP. Any ideas? I saw this one other time and gave up and just built the use a new laptop. Since this is the second time this has happend I would like to find a solution.
I'd just double check a few things. Make sure there's no extra extension on the file it shold just be called "hosts", sometimes programs like to add .txt or whatever to the end of it. Also, make sure that nothing apart from "hostname ip"
appears in it, except for the comments of course.
Fqiling that, can you post it so we can have a look? remove the IPs if you're worried.
appears in it, except for the comments of course.
Fqiling that, can you post it so we can have a look? remove the IPs if you're worried.
ASKER
The host file was fine. I even gave the guy mine thinking his got corrupted. There is no file extension on the host file or anything in the file.
Example of the host file:
127.0.0.1 localhost
192.168.10.10 svrmail
192.168.10.10 svrmail.mydomain.com
192.168.10.10 ftp.city.mydomain.com
192.168.10.50 svrfiles
192.168.10.50 svrfiles.mydomain.com
Example of the host file:
127.0.0.1 localhost
192.168.10.10 svrmail
192.168.10.10 svrmail.mydomain.com
192.168.10.10 ftp.city.mydomain.com
192.168.10.50 svrfiles
192.168.10.50 svrfiles.mydomain.com
ASKER
Any Ideas?
are both his laptop and the domain using class C subnet masks ?
ASKER
I got it working:
TCP/IP Properties\Advanced\Option s Tab
TCP/IP Filtering was Enabled and set to Permit only for chech port and protocal with each field blank. In essence blocking everything. (I think spyware did this.)
Then replaced all files in c:\windows\sytem32\drivers \etc with ones from a working laptop. (For the hell of it.)
TCP/IP Properties\Advanced\Option
TCP/IP Filtering was Enabled and set to Permit only for chech port and protocal with each field blank. In essence blocking everything. (I think spyware did this.)
Then replaced all files in c:\windows\sytem32\drivers
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Happend to someone new today and the damn fix above wont fix it!! ARG!
try a tracert to svrhome