Solved

DNS not working on a Home XP Client station

Posted on 2008-10-26
3
1,810 Views
Last Modified: 2012-05-05
Hi,
I'm stuck on my niece's Home XP. Apparently, the DNS query engine isn't working and it's very annoying. This is the same problem as in ID:20932429, but no real solution was post there.

I can nslookup almost anything, but other programs can't do any successful query.  Check out the code fragment.
This is a home based PC with a DHCP connection. Apparently the DHCP works, the DNS server works and the connection works. I can nslookup resolve an establish an ip-number based connection.
I've been digging this a while now. Apparently DNS functionality is being hyjacked, but I don't know how.
I did find a browser helper that worked as a "url filter" and managed to do more things adding this to the hosts file: avg.urlseek.vmn.net. I disabled the helper and some others, but I'm still getting problems.

I even installed a local BIND server but the simptoms stays the same: BIND do resolve names, but the application can't reach them. Applications are: IE7, Firefox2, ping, ftp. Other tools provided by BIND like "dig" and "host" also can resolve just right.



C:\WINDOWS\>ftp ftp.isc.com

Unknown host ftp.isc.com.
 

C:\WINDOWS\>nslookup ftp.isc.com

Server:  resolver.gtdinternet.com

Address:  200.75.0.4
 

Non autoritative answer:

Nombre:  ftp.isc.com

Address:  208.97.178.54
 

C:\WINDOWS\>ftp 208.97.178.54

Connected to 208.97.178.54.

220 ProFTPD 1.3.1 Server (DreamHost FTP) [208.97.178.54]

Usuario (208.97.178.54:(none)):

Open in new window

0
Comment
Question by:estrelow
3 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 22809248
remove all malware first

malware - Leetutor list
Have you tried running virus scans and spyware scans  This could be a problem with viruses/trojans/spyware or other malware. Some free online virus scanners:

http://housecall.antivirus.com 

http://www.pcpitstop.com/antivirus/default.asp

http://www.pandasoftware.com/activescan/com/activescan_principal.htm

Also try these free programs to rid your system of spyware, trojans, and other malware:

http://download.com.com/3000-2144-10194058.html?tag=lst-0-1
Spybot - Search & Destroy

http://download.com.com/3000-2094-10045910.html?legacy=cnet
LavaSoft Ad-aware  

I use BOTH of the above programs on my 3 Windows systems; what one program misses, the other catches.  Also make sure to download the most up-to-date data before you run the programs.

Another very good freeware program for ridding yourself of spyware is this:

http://www.superantispyware.com/
SuperAntiSpyware

You might also try this free program (HijackThis) -- install it in its own folder, don't download to your Desktop:

http://www.spychecker.com/download/download_hijackthis.html

HijackThis is a tool that is for advanced users, because it lists all the installed browser add-on and startup items, allowing you to inspect them and then optionally remove any ones you select.  You must be careful in choosing what to remove, although the program can create a backup of your original settings.  But put a check mark to fix any home page or search page setting that HijackThis detects which you have not entered yourself.  The program has an option to download online updates of the hijack data.

You should first post the log at this site:  

http://www.hijackthis.de/index.php?langselect=english

and it will be automatically analyzed for you (after you click on the button labeled "Analyze" near the bottom of the page), telling you which entries (called "Nasty") should be fixed.  You will also be told if you have any items that are "Possibly Nasty", or "Unnecessary", or "Unknown". If you don't know what to do about these, you might find something on the module name by doing a Google search of the internet.

If you have any questions about what it is asking you to fix that you would like the E-E experts to comment on, then do this:  right above the Analyze button you will see this message: "The following analyses has been stored temporarily", and there will be a link where the analysis file will be saved (for a period of three days). Click on it and then copy the link of that page from the address bar of your browser and paste it here, and experts can check it for you.  (Please DON'T post the entire log itself in your question.)

In case you would like to learn more yourself how to use HijackThis, here are a couple of urls:

http://www.tomcoyote.org/hjt/
HijackThis Quick Start


-------------

rebuild TCPIP stack after that if needed

XP TCPIP fixes reset NIC and TCPIP reset  Fix TCPIP reset
From johnb6767

What I like to do on any network problem....Is to reset it ALL....

netsh int ip reset reset.log
netsh firewall reset
netsh winsock reset

Then remove ALL NIC's from the device manager..
In the Device Manager, select View>Show Hidden Devices

(If the Show Hidden devices is not presetn, do the following command from a command prompt..)

start>run>cmd
set devmgr_show_nonpresent_devices=1

More information on that command here....
Device Manager does not display devices that are not connected to the Windows XP-based computer
http://support.microsoft.com/kb/315539
http://support.microsoft.com/kb/317518/en-us


Go back to Network Adapters, and make sure your adapters are all gone, including any older ones. (there will be several ' miniport' devices that are not able to be uninstalled....)
Once they are all gone, reboot and let Windows reinstall them...

Thats a total rebuild of your network connections, to hopefully correct any problems with Basic connectivity.

0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 250 total points
ID: 22809887
I find when this occurs most often it is a Winsock issue, caused by malware. If you cannot access a web site by IP, such as Google  http://64.233.187.99/  it is usually the case. You can try the Winsock repair tool:
http://www.softpedia.com/progDownload/WinSock-XP-Fix-Download-7144.html
or the Winsock and TCP reset tool:
http://www.softpedia.com/get/Tweak/Network-Tweak/XP-TCP-IP-Repair.shtml

Failing that, my preference for malware removal is
http://www.malwarebytes.com
0
 
LVL 1

Author Closing Comment

by:estrelow
ID: 31510154
I haven't been able to get back to the PC to continue fixing it, but RobWill's answer I think is right on the thick of the problem.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DNS records 18 83
Computer Browsing across subnets Server 2012 12 74
Active directory upgrade to DFSR 4 32
repairing Windows XP on a different partition 17 46
Step by step guide to Clean and Sort your windows registry! Introduction: Always remember: A Clean registry = Better performance = Save your invaluable time In this article we're going to clear our registry manually! Yes, manually! The e…
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

948 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now