Solved

Vista cannot resolve names to IPs after virus

Posted on 2010-11-20
2
269 Views
Last Modified: 2012-05-10
I am working on a vista pc which was badly infected. I scanned the hard drive as a slave using Malwarebytes, Comodo, and Bitdefender online scanner. Since sticking the hard dive back in the machine and booting it up I have also used Combofix (after realising the there was a name resolution issue). After that I manually updated the definitions in Malwarebytes (as no program can download updates) but the scan came up clean.

When I check the IP configuration it is all fine. I can connect to the router by IP address and can open up a website such as Google using their IP address but not the name.

I am guessing that one of the viruses has done the damage but cannot find out what!

I can post a Hijackthis log if anyone thinks it would help - please let me know.

Any suggestions would be appreciated.

TIA
0
Comment
Question by:WhoIsThatChild
2 Comments
 
LVL 31

Accepted Solution

by:
Frosty555 earned 500 total points
ID: 34179562
The hijackthis log will help, but these are the major things to check:

1) Check your HOSTS file in C:\Windows\system32\drivers\etc. You may need to show hidden files and folder in the explorer options to look at it. Some viruses will redirect many common search engines to their own malicious "spoof" pages.

2) Check if your proxy settings. Open Internet Explorer, and go to Tools->Interent Options->Connections->Lan Settings, ensure that "Use a proxy server" is unchecked. In Firefox go to Tools->Options->Advanced->Network->Settings, and ensure that "No proxy server" or "Use System Settings" is selected. Some malware will run as a local proxy server, and setup your proxy to use 127.0.0.1, this lets the malware inject search results / hijack your webpages

3) Check your DNS settings are correct. You can look at them by going to a command prompt window as an Administrator, and type "ipconfig /all", then look for your network device and the DNS settings. It should be the same as the DNS settings on your router, or to be safe you can set it to OpenDNS or Google DNS:
   208.67.222.222     or   8.8.8.8

The HijackThis logs will reveal all three of these things, so if you can post it here it will help.
0
 

Author Closing Comment

by:WhoIsThatChild
ID: 34179784
I feel such a dumb-dumb!! It was the IP configuration, specifically the DNS!!

Thanks for your help
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For some time some of our users experienced package loss on a couple of our Lenovo Thinkpad S531 machines running Windows 8 or Windows 8.1 64-bit OS. I was not able to find many answers online, but did after some investigation I began to suspect Blu…
The Samsung SSD 840 EVO and 840 EVO mSATA have a well-known problem with a drop in read performance. I first learned about this in an interesting thread here at Experts Exchange: http://www.experts-exchange.com/Hardware/Storage/Hard_Drives/Q_2852…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
In a recent question (https://www.experts-exchange.com/questions/28997919/Pagination-in-Adobe-Acrobat.html) here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question