?
Solved

DNS not working on a Home XP Client station

Posted on 2008-10-26
3
Medium Priority
?
1,817 Views
Last Modified: 2012-05-05
Hi,
I'm stuck on my niece's Home XP. Apparently, the DNS query engine isn't working and it's very annoying. This is the same problem as in ID:20932429, but no real solution was post there.

I can nslookup almost anything, but other programs can't do any successful query.  Check out the code fragment.
This is a home based PC with a DHCP connection. Apparently the DHCP works, the DNS server works and the connection works. I can nslookup resolve an establish an ip-number based connection.
I've been digging this a while now. Apparently DNS functionality is being hyjacked, but I don't know how.
I did find a browser helper that worked as a "url filter" and managed to do more things adding this to the hosts file: avg.urlseek.vmn.net. I disabled the helper and some others, but I'm still getting problems.

I even installed a local BIND server but the simptoms stays the same: BIND do resolve names, but the application can't reach them. Applications are: IE7, Firefox2, ping, ftp. Other tools provided by BIND like "dig" and "host" also can resolve just right.



C:\WINDOWS\>ftp ftp.isc.com
Unknown host ftp.isc.com.
 
C:\WINDOWS\>nslookup ftp.isc.com
Server:  resolver.gtdinternet.com
Address:  200.75.0.4
 
Non autoritative answer:
Nombre:  ftp.isc.com
Address:  208.97.178.54
 
C:\WINDOWS\>ftp 208.97.178.54
Connected to 208.97.178.54.
220 ProFTPD 1.3.1 Server (DreamHost FTP) [208.97.178.54]
Usuario (208.97.178.54:(none)):

Open in new window

0
Comment
Question by:estrelow
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 22809248
remove all malware first

malware - Leetutor list
Have you tried running virus scans and spyware scans  This could be a problem with viruses/trojans/spyware or other malware. Some free online virus scanners:

http://housecall.antivirus.com 

http://www.pcpitstop.com/antivirus/default.asp

http://www.pandasoftware.com/activescan/com/activescan_principal.htm

Also try these free programs to rid your system of spyware, trojans, and other malware:

http://download.com.com/3000-2144-10194058.html?tag=lst-0-1
Spybot - Search & Destroy

http://download.com.com/3000-2094-10045910.html?legacy=cnet
LavaSoft Ad-aware  

I use BOTH of the above programs on my 3 Windows systems; what one program misses, the other catches.  Also make sure to download the most up-to-date data before you run the programs.

Another very good freeware program for ridding yourself of spyware is this:

http://www.superantispyware.com/
SuperAntiSpyware

You might also try this free program (HijackThis) -- install it in its own folder, don't download to your Desktop:

http://www.spychecker.com/download/download_hijackthis.html

HijackThis is a tool that is for advanced users, because it lists all the installed browser add-on and startup items, allowing you to inspect them and then optionally remove any ones you select.  You must be careful in choosing what to remove, although the program can create a backup of your original settings.  But put a check mark to fix any home page or search page setting that HijackThis detects which you have not entered yourself.  The program has an option to download online updates of the hijack data.

You should first post the log at this site:  

http://www.hijackthis.de/index.php?langselect=english

and it will be automatically analyzed for you (after you click on the button labeled "Analyze" near the bottom of the page), telling you which entries (called "Nasty") should be fixed.  You will also be told if you have any items that are "Possibly Nasty", or "Unnecessary", or "Unknown". If you don't know what to do about these, you might find something on the module name by doing a Google search of the internet.

If you have any questions about what it is asking you to fix that you would like the E-E experts to comment on, then do this:  right above the Analyze button you will see this message: "The following analyses has been stored temporarily", and there will be a link where the analysis file will be saved (for a period of three days). Click on it and then copy the link of that page from the address bar of your browser and paste it here, and experts can check it for you.  (Please DON'T post the entire log itself in your question.)

In case you would like to learn more yourself how to use HijackThis, here are a couple of urls:

http://www.tomcoyote.org/hjt/
HijackThis Quick Start


-------------

rebuild TCPIP stack after that if needed

XP TCPIP fixes reset NIC and TCPIP reset  Fix TCPIP reset
From johnb6767

What I like to do on any network problem....Is to reset it ALL....

netsh int ip reset reset.log
netsh firewall reset
netsh winsock reset

Then remove ALL NIC's from the device manager..
In the Device Manager, select View>Show Hidden Devices

(If the Show Hidden devices is not presetn, do the following command from a command prompt..)

start>run>cmd
set devmgr_show_nonpresent_devices=1

More information on that command here....
Device Manager does not display devices that are not connected to the Windows XP-based computer
http://support.microsoft.com/kb/315539
http://support.microsoft.com/kb/317518/en-us


Go back to Network Adapters, and make sure your adapters are all gone, including any older ones. (there will be several ' miniport' devices that are not able to be uninstalled....)
Once they are all gone, reboot and let Windows reinstall them...

Thats a total rebuild of your network connections, to hopefully correct any problems with Basic connectivity.

0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 1000 total points
ID: 22809887
I find when this occurs most often it is a Winsock issue, caused by malware. If you cannot access a web site by IP, such as Google  http://64.233.187.99/  it is usually the case. You can try the Winsock repair tool:
http://www.softpedia.com/progDownload/WinSock-XP-Fix-Download-7144.html
or the Winsock and TCP reset tool:
http://www.softpedia.com/get/Tweak/Network-Tweak/XP-TCP-IP-Repair.shtml

Failing that, my preference for malware removal is
http://www.malwarebytes.com
0
 
LVL 1

Author Closing Comment

by:estrelow
ID: 31510154
I haven't been able to get back to the PC to continue fixing it, but RobWill's answer I think is right on the thick of the problem.
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question