Got a virus on an XP SP3 computer the other day.
Have run Malwarebytes to remove bad registry and file entries. Have deleted a hidden Hosts file from the etc directory.
Whenever I ping www.google.com
on the pc, it's trying to go to either 220.127.116.11 or 18.104.22.168
NSLookup cannot resolve www.google.com
it tries to look at my local dns server, then does a 2 second time out ... seeming not ever trying to go the outside world to check the non-authoritative dns servers
I have NO idea where it's getting these IPs from, file, registry or what. Doesn't matter what user I'm logged in as either, so if it's registry, must be in the Local Machine area.
Anyone else ever deal with this and resolve? I don't want to re-image the machine yet as I'm extremely curious as to how the el' a setting like this could be set on searching type websites only.
I say that because I can go to yahoo.com , but if I do an actual search, it fails out as if it was being redirected to a bad site that is obviously down now.