I'm helping a system recover from malware infection. It's a turnkey system that has no restore options, otherwise I'd blast it all and restore. "Personal Security" started it all, but several other trojans eventually came along.
IE tries to go to any web page, and displays the cannot open web page screen at the bottom of which says : "cannot find server or DNS error".
Nslookup *can* resolve names - nslookup www.google.com
gives the correct IP address, and nslookup of the resultant IP number gives www.google.com
FTP does not resolve with a mnemonic name such as ftp.mozilla.org
, but DOES connect when using the ip number instead of the name. Same for IE - it will go with an IP number, but mnemonics don't work.
Among the things I have tried:
- restored registry from several months ago, using the recovery console and going into the C:\System Volume Information\_restore area to copy in the registry from october 2009 (well before the infection) (this is what allowed me to boot the thing again)
- netsh int ip reset c:\resetlog.txt
- netsh winsock reset
- ipconfig /flushdns and ipconfig /registerdns.
- in-place reinstall of windows using the SP2 install disk
-Full all-file scans using adaware, malwarebytes, spybot, stinger, avira - all packages manually updated with current signatures, or run from fully updated CD boot disk
(and I did copious reboots at the appropriate times during all of the above).
I've been searching off and on for several days. Nothing seems to help. I'll try any suggestions, even ones I've already done.