Link to home
Start Free TrialLog in
Avatar of danielwebb
danielwebb

asked on

After malware removal Windows XP machine can not resolve DNS name's from network. Can resolve IP fine.

So I removed a pretty bad case of malware on an employees machine the other day.  Two employees to be exact.  I used combofix, malwarebytes, spybot sd, and advanced system care 4.  After the removal everything seemed fine and I was pleased to see the performance dramatically increased.  However,  a few days later both of these employees were having trouble printing.  I went into their printers and saw that under each printer that is located on a server it said "unable to connect".  I tried connecting via tcpip port and they printed fine.  I started to dig more and reallized that the computer was unable to resolve any dns names, only the ip address.  For one of the machines I did a repair install and that worked fine but took a while.  I know I can fix this problem without a repair install though and would like you guys to help me get to the bottom of it.  I have ran lspfix.exe, netsh winsock reset, sfc /scannow and advanced system care again with no luck.  Any suggestions?  Is there a service or something I should be looking at?
Avatar of steinmto
steinmto
Flag of United States of America image
Did you check the host file under c:\windows\system32\hosts?  It sounds like something got left.  Did you check the dns servers?  Also try this

http://support.microsoft.com/kb/299357
Avatar of danielwebb
danielwebb

ASKER

what should i be looking for in the host files?

Another note, I can ping the server name through the command prompt which seems odd to me.
Avatar of danielwebb
danielwebb

ASKER

under the system32 folder i don't see a hosts subfolder.  The closest thing I see is a hostname.exe file
Avatar of danielwebb
danielwebb

ASKER

ok found the host file.  The only text in it is "127.0.0.1      local host".  Is this normal?
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image
C:\Windows\System32\Drivers\etc

Then there's a text file call Hosts (it has no extension, so you'll have to choose Notepad to open it).

Chris
Avatar of danielwebb
danielwebb

ASKER

yeah I opened it and there was only that one line in my previous post but that looks normal.
Avatar of danielwebb
danielwebb

ASKER

another note....  when i try to remote desktop into it, it will connect to the machine and open up a remote desktop window but it just sits there with a blue background and never actually loads the logon prompt.  It eventually times out and gives an error which I am currently waiting on.
Avatar of danielwebb
danielwebb

ASKER

when i try and go run -->  \\servername it says "no network provider can access the given path"
ASKER CERTIFIED SOLUTION
Avatar of danielwebb
danielwebb
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of danielwebb
danielwebb

ASKER

found this comment in another thread.  It ended up being the netbios helper service that was disabled.