Solved

DNS not working on a Home XP Client station

Posted on 2008-10-26
3
1,809 Views
Last Modified: 2012-05-05
Hi,
I'm stuck on my niece's Home XP. Apparently, the DNS query engine isn't working and it's very annoying. This is the same problem as in ID:20932429, but no real solution was post there.

I can nslookup almost anything, but other programs can't do any successful query.  Check out the code fragment.
This is a home based PC with a DHCP connection. Apparently the DHCP works, the DNS server works and the connection works. I can nslookup resolve an establish an ip-number based connection.
I've been digging this a while now. Apparently DNS functionality is being hyjacked, but I don't know how.
I did find a browser helper that worked as a "url filter" and managed to do more things adding this to the hosts file: avg.urlseek.vmn.net. I disabled the helper and some others, but I'm still getting problems.

I even installed a local BIND server but the simptoms stays the same: BIND do resolve names, but the application can't reach them. Applications are: IE7, Firefox2, ping, ftp. Other tools provided by BIND like "dig" and "host" also can resolve just right.



C:\WINDOWS\>ftp ftp.isc.com

Unknown host ftp.isc.com.
 

C:\WINDOWS\>nslookup ftp.isc.com

Server:  resolver.gtdinternet.com

Address:  200.75.0.4
 

Non autoritative answer:

Nombre:  ftp.isc.com

Address:  208.97.178.54
 

C:\WINDOWS\>ftp 208.97.178.54

Connected to 208.97.178.54.

220 ProFTPD 1.3.1 Server (DreamHost FTP) [208.97.178.54]

Usuario (208.97.178.54:(none)):

Open in new window

0
Comment
Question by:estrelow
3 Comments
 
LVL 63

Expert Comment

by:SysExpert
Comment Utility
remove all malware first

malware - Leetutor list
Have you tried running virus scans and spyware scans  This could be a problem with viruses/trojans/spyware or other malware. Some free online virus scanners:

http://housecall.antivirus.com  

http://www.pcpitstop.com/antivirus/default.asp

http://www.pandasoftware.com/activescan/com/activescan_principal.htm

Also try these free programs to rid your system of spyware, trojans, and other malware:

http://download.com.com/3000-2144-10194058.html?tag=lst-0-1
Spybot - Search & Destroy

http://download.com.com/3000-2094-10045910.html?legacy=cnet
LavaSoft Ad-aware  

I use BOTH of the above programs on my 3 Windows systems; what one program misses, the other catches.  Also make sure to download the most up-to-date data before you run the programs.

Another very good freeware program for ridding yourself of spyware is this:

http://www.superantispyware.com/
SuperAntiSpyware

You might also try this free program (HijackThis) -- install it in its own folder, don't download to your Desktop:

http://www.spychecker.com/download/download_hijackthis.html

HijackThis is a tool that is for advanced users, because it lists all the installed browser add-on and startup items, allowing you to inspect them and then optionally remove any ones you select.  You must be careful in choosing what to remove, although the program can create a backup of your original settings.  But put a check mark to fix any home page or search page setting that HijackThis detects which you have not entered yourself.  The program has an option to download online updates of the hijack data.

You should first post the log at this site:  

http://www.hijackthis.de/index.php?langselect=english

and it will be automatically analyzed for you (after you click on the button labeled "Analyze" near the bottom of the page), telling you which entries (called "Nasty") should be fixed.  You will also be told if you have any items that are "Possibly Nasty", or "Unnecessary", or "Unknown". If you don't know what to do about these, you might find something on the module name by doing a Google search of the internet.

If you have any questions about what it is asking you to fix that you would like the E-E experts to comment on, then do this:  right above the Analyze button you will see this message: "The following analyses has been stored temporarily", and there will be a link where the analysis file will be saved (for a period of three days). Click on it and then copy the link of that page from the address bar of your browser and paste it here, and experts can check it for you.  (Please DON'T post the entire log itself in your question.)

In case you would like to learn more yourself how to use HijackThis, here are a couple of urls:

http://www.tomcoyote.org/hjt/
HijackThis Quick Start


-------------

rebuild TCPIP stack after that if needed

XP TCPIP fixes reset NIC and TCPIP reset  Fix TCPIP reset
From johnb6767

What I like to do on any network problem....Is to reset it ALL....

netsh int ip reset reset.log
netsh firewall reset
netsh winsock reset

Then remove ALL NIC's from the device manager..
In the Device Manager, select View>Show Hidden Devices

(If the Show Hidden devices is not presetn, do the following command from a command prompt..)

start>run>cmd
set devmgr_show_nonpresent_devices=1

More information on that command here....
Device Manager does not display devices that are not connected to the Windows XP-based computer
http://support.microsoft.com/kb/315539
http://support.microsoft.com/kb/317518/en-us


Go back to Network Adapters, and make sure your adapters are all gone, including any older ones. (there will be several ' miniport' devices that are not able to be uninstalled....)
Once they are all gone, reboot and let Windows reinstall them...

Thats a total rebuild of your network connections, to hopefully correct any problems with Basic connectivity.

0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 250 total points
Comment Utility
I find when this occurs most often it is a Winsock issue, caused by malware. If you cannot access a web site by IP, such as Google  http://64.233.187.99/  it is usually the case. You can try the Winsock repair tool:
http://www.softpedia.com/progDownload/WinSock-XP-Fix-Download-7144.html
or the Winsock and TCP reset tool:
http://www.softpedia.com/get/Tweak/Network-Tweak/XP-TCP-IP-Repair.shtml

Failing that, my preference for malware removal is
http://www.malwarebytes.com
0
 
LVL 1

Author Closing Comment

by:estrelow
Comment Utility
I haven't been able to get back to the PC to continue fixing it, but RobWill's answer I think is right on the thick of the problem.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Scan IP address, obtain info 7 69
Hiding a site page from being searchable 3 51
DNS A record 4 19
MX Backup 4 35
Sometimes people don't understand why download speed shows differently for Windows than Linux.Specially, this article covers and shows the solution for throughput difference for Windows than a Linux machine. For this, I arranged a test scenario.I…
If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now