Windows 2003 Server unable to resolve any DNS queries after spyware disinfect
Posted on 2013-01-29
I have a Windows 2003 server that has been infected with a DNS hijack malware. We removed it (ACTION ALERT malware which had a dll hooked into the registry somewhere called pgdns8.dll). After removing the DLL and MALWARE hook, DNS no longer resolves ANYTHING.
Does anyone know how to verify that the name resolution side of TCP/IP is linked correctly in the registry? This seems like something that was intentionally fouled to redirect search engine results etc...and now that we removed it, it's not resolving the most BASIC item, even host file entries.
I have tried "netsh ip int reset log.txt" and "netsh winsock reset" or whatever the winsock command was, and it got me to where the server booted and saw Active Directory (it's a DC running it's own DNS and DNS is listening on the correct IP, AND other workstations can use the DNS server if I connect to it manually, just NOT the TCP/IP stack of the local server).