Suspected DNS Poisoning (Help Please)
Dear Microsoft,
I need your help.
I had recently downloaded ErrorFix unknowingly that it was a Rogue Program because it had a high rating in McAfee's SiteAdvisor
and had used Malwarebytes' AntiMalware to remove it after realising that it was a rogue program.
After I removed it, I went to check my DNS Resolver Cache.
It came up websites which seem to be malicious.
I managed to copy some of the addresses using a Screen Recording Software.
These are the information that appeared on the DNS Cache list.
Also, there were several porn sites in there.
I flushed my DNS Resolver Cache Frequently but it still came back.
Here is the list of websites suspected to be malicious
www.rrepubblica.it
www.rootago.com
www.powereuroprime.net
porno-codec.com
www.porndatez.info
panda-hq.com
www.online-new--daily.org
flirttipps.de
www.ocslab.com
mydailyaap28.com
moviedownloadworld.com
mountfab.ru
megapornix.com
malvorlagen.de
luxbonuscasinos.net
www.klitepro.com
keratomir.biz
jede-frau-abschleppen.de
hugeporn4u.net
www.xxokoriq.com
www.webslots2009.com
virgiio.it
virdgilio.it
www.sitestickets.net
theoffice.downloads-free.us
www.theveganprince.com
truth-is-out-there.org
tuttoavolonta.com
www.upgrade-soft-ware-now.com
vazanvl.cn
vidaaccess.net
viewimageonline.com
www.websoft.codedriver.com
winlivechat.com
www-free-tunes.com
xpasswordmanager.com
yim-stop.com
www.yohovff.cn
zxlinks.com
4repubblica.it
www.5iscali.it
www.tuttograatis.it
www.theworldaccordingtoash.com
smart-antivirus2008buy.com
sexmultis.info
www.searchfromyourbrowser.net
www.paraisotam.com
www.paginegialler.it
p2p-paradies.com
liberok.it
www.lehrstellen-infos.de
internet-optimizer.com
www.pruefung.beginnen.net
www.plibero.it
mydailyaap01.com
www.mediaactivex.com
www.malware-scanner.com
directpharmbase.com
digitword.com
www.corrieref.it
casinokingdice.net
bluestateing.com
blackcodec.com
adsonwww.com
adsextend.net
tattoo-motive2008.de
tabnoland.ru
suopereva.it
www.smutgates.com
www.searchdom.net
katawerb.it
kaquvytpe.com
jhzjyj.bigwww.com
frrari.it
www.flwview.com
flwsolution.com
dice-game.net
www.coqayen.cn
coldbut.ru
www.ace-webmaster.com
88vcd.com
www.1-domains.registrations.com
worldvegasplay.net
winddefender-2009.com
thosebread.ru
spywarestrike.com
spycut.com
referate-finden.com
httpwwwads.com
www.harddrevvagt.com
www.errari.it
www.e--online--daily.com
topneighbor.com
casinobonny.net
antivirus-2008-pro.com
www.antispywarexp.com
antispyware2008.name
buhartes.info
win-vip-club.net
wimapat.cn
ujporn7.info
ujnsex.info
topsitez.us
spyaxesupport.com
sgrunt.biz
sexy18.cc
qaz-codec.net
codec.net
www.onj2me.info
www.oemsoftwareshop.net
newlife-labjolla.com
meshalynn.com
www.meine-wunderbare-katze.com
www.mega-adult.com
libdero.it
lib4ro.it
kayaweb.it
formatmpeg.com
vwdqwnmwk.cn
www.findsparkling.org
clubcasinobonus.net
www.bigcodecadult2008.com
baptogbyog.com
antispywork.com
www.accessvid.net
7939.com
edgestorm.net
500sex.info
3xclipsonline.com
www.sexy-models.net
www.yohovff.cn
wim-stop.com
xpasswordmanager.com
sitestickets.net
slifporn.info
Also, my cousin had recently used my computer to surf porn sites while I was out.
Please help me to get rid of the DNS Cache Poisoning.
Also, I would like to know if by doing a system restore get rid of the DNS Cache Poisoning.
Thanks.
April 29th, 2011 1:02pm
Hello,
perform a restore operation using a restore point that dates before the install of the malware program and check if all is okay or not.
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner
Microsoft Certified Professional
Microsoft Certified Systems Administrator: Security
Microsoft Certified Systems Engineer: Security
Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Free Windows Admin Tool Kit Click here and download it now
April 29th, 2011 1:30pm
Hi,
Thanks for posting in Microsoft TechNet forums.
If there is any antivirus installed, I suggest we perform the following steps to protect the system:
Step 1: Update the definition file for the antivirus program.
If you do not have an antivirus program installed, I would suggest install
Microsoft Security Essentials to protect the system from being infected with virus.
Step 2: Disable and Enable System Restore to clear the virus permanently.
Many viruses infect restore points. In order to clear the infected files permanently, we should clear the restore points. Please use the steps below
to do so:
1. Click "Start, input "SYSDM.CPL" (without quotation marks) and press "Enter".
2. On the "System Protection" tab, click to turn off System Restore on all drives, and click "OK".
3. Please repeat the above steps to enable System Restore again.
Step 3:Boot your computer into Safe Mode and then run your antivirus software on your computer to scan for and remove any possible Virus and Malware
infections.
1. Restart the computer.
2. Keep pressing the F8 key until the Windows Startup menu appears.
3. Choose "Safe Mode", and press "Enter".
4. Run the computer in Safe Mode.
5. Start your antivirus program and scan the system in Safe Mode.
Step 4: Scan for virus in Safe Mode with Networking
Note: If you are using a cable modem or home LAN connection, please start from item 1 below. If not, please skip items 1~3 and go to item 4 directly.
1. Restart the computer.
2. After "POST" (the Power On Self Test usually has a text mode screen at the beginning when a system boots up), keep pressing the F8 key until the
Windows Startup menu appears.
3. Choose "Safe Mode with Networking" and press Enter.
4. Please open Internet Explorer and visit
http://safety.live.com
5. Please click the "Full Service Scan" button and follow the instructions on screen to scan for viruses on the computer.
Please check if you can remove the Trojan now.
Best Regards,
Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
May 4th, 2011 1:09pm
Hi,
randomperson_456 was also created by me, and I created this account because I forgot the password on this account but has since retrieve it back.
Please reply to this post in future.
I ran a Full Scan using Malwarebytes' Anti-Malware and they found no threats.
Here's the log -
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6517
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 9.0.8112.16421
6/5/2011 4:50:18 PM
mbam-log-2011-05-06 (16-50-18).txt
Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 309354
Time elapsed: 46 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
As for the Microsoft Safety Scanner, I can't connect to the Internet in Safe Mode in Networking.
I am using a Dial-up modem to connect to the internet, called Mobile Broadband Modem from Huawei Technologies.
It says "Connection Terminated" so I went back to Normal Mode to download the Scanner and ran it in Safe Mode.
And the following result says -
The scan completed successfully and no viruses, spyware, and other potentially unwanted software were detected.
But my DNS Resolver Cache is still poisoned. What should I do?
Free Windows Admin Tool Kit Click here and download it now
May 6th, 2011 3:03pm
Hi,
We can use hijackthis to help us troubleshoot the issue.
1. Please download the Internet Explorer analyzer HijackThis from the following link:
http://www.techspot.com/download317.html
Please Note: The third-party product discussed here is manufactured by a company that is independent of Microsoft. We make no warranty, implied or otherwise, regarding this product's performance or reliability.
2. Save the zip file to your Desktop.
3. Right-click the zip file, choose "Extract All", select the path to save the file (you may leave it as the default value), and then you will receive the extracted file.
4. Double click the extracted file to run HiJackThis. (Note: If there is a notification message, please click OK.)
5. In the HijackThis window, click "Do a system scan and save a log file". (Note: If there is a notification message, please click OK.)
6. HijackThis will scan the system and generate a log file in Notepad.
7. On the log file menu, please click File and choose Save As. Please save the file to the Desktop.
8. Please copy and post the file content.
Regards,Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
May 9th, 2011 5:35am
Hi, There isn't a button to attach files, so I used copy and paste.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:02:46 PM, on 9/5/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Acc\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Mobile Broadband Modem\Mobile Broadband Modem.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Users\Acc\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Acc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Acc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Acc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Acc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Acc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Users\Acc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Iobit\Advanced SystemCare 4\Suc12_Uninstaller.exe
C:\Users\Acc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Acc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Acc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\Acc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Acc\AppData\Local\Google\Chrome\Application\chrome.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=81&bd=Presario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=81&bd=Presario&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://sg.search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [rstrui.exe] C:\WINDOWS\System32\rstrui.exe
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe" /m
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4037726902-3923505747-165423213-1005\..\Run: [Google Update] "C:\Users\Acc\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'Acc')
O4 - S-1-5-21-4037726902-3923505747-165423213-1005 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Acc')
O4 - S-1-5-21-4037726902-3923505747-165423213-1005 User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Acc')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://www.eset.com.sg/softdown/files/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FCC230D-E8E3-4E20-9B55-B9BB8244B15A}: NameServer = 203.116.1.94 203.116.254.150
O17 - HKLM\System\CS1\Services\Tcpip\..\{2FCC230D-E8E3-4E20-9B55-B9BB8244B15A}: NameServer = 203.116.1.94 203.116.254.150
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - (no file)
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - C:\Program Files\Stardock\ObjectDockFree\ODMenu.dll (file missing)
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.199\McCHSvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10646 bytes
*========================================================EDIT========================================================* Hi, can you read this -
http://news.cnet.com/8301-1009_3-9998625-83.html Is this a DNS Cache Poisoning Test? And is it reliable? There are 2 website to test whether your DNS system is vulnerable. I have run the test in DNS Operations,
Analysis, and Research Center and they found nothing but my problem is not solved, However, I can't find the test in Dan Kaminsky Website. Dan Kaminsky was the person who discovered DNS Cache Poisoning. And this -
http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx They said it was included in Windows Update, but I did not receive it. I found this on the internet -
http://www.ehow.com/how_6301824_fix-dns-cache-windows-vista.html The steps are 1. Open "Start" and type "cmd" in the "Search" box. 2. Press "Enter" to display a DOS prompt. 3. Type "ipconfig /release" and press
"Enter," flushing your DNS cache information. 4. Type "ipconfig /renew" and press "Enter," reconfiguring the cache. But I get the following Errors (3 of them)
(1st) No operation can be performed on Local Area Connection* 15 while it has its media disconnected. (2nd) No operation can be performed on Wireless Network Connection while it has its media disconnected.
(3rd) No operation can be performed on Local Area Connection while it has its media disconnected.
Free Windows Admin Tool Kit Click here and download it now
May 9th, 2011 12:15pm
Hi,
We can use hijackthis to help us troubleshoot the issue.
1. Please download the Internet Explorer analyzer HijackThis from the following link:
http://www.techspot.com/download317.html
Please Note: The third-party product discussed here is manufactured by a company that is independent of Microsoft. We make no warranty, implied or otherwise, regarding this product's performance or reliability.
2. Save the zip file to your Desktop.
3. Right-click the zip file, choose "Extract All", select the path to save the file (you may leave it as the default value), and then you will receive the extracted file.
4. Double click the extracted file to run HiJackThis. (Note: If there is a notification message, please click OK.)
5. In the HijackThis window, click "Do a system scan and save a log file". (Note: If there is a notification message, please click OK.)
6. HijackThis will scan the system and generate a log file in Notepad.
7. On the log file menu, please click File and choose Save As. Please save the file to the Desktop.
8. Please copy and post the file content.
It has been 13days (Almost 2 weeks) since i replied to your post earlier. Are you people looking into it or simply forgot about my post?
I had 5 replies from Malwarebytes Forum and 3 replies in TechNet Forum.
Here's an Animated GIF Image of what's inside my DNS Resolver Cache -
http://forums.malwarebytes.org/uploads/monthly_05_2011/post-78746-0-61161900-1306063950.gif
May 22nd, 2011 2:53pm
Hi,
Thank you very much for providing the HiJackThis log file.
After analyzing the HiJackThis log file you provided, I recommend we remove the following suspicious items in
HiJackThis program to see if our issue can be resolved.
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://sg.search.yahoo.com/search?fr=mcafee&p=%s
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKCU\..\Run: [rstrui.exe] C:\WINDOWS\System32\rstrui.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -
http://www.eset.com.sg/softdown/files/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FCC230D-E8E3-4E20-9B55-B9BB8244B15A}: NameServer = 203.116.1.94 203.116.254.150
O17 - HKLM\System\CS1\Services\Tcpip\..\{2FCC230D-E8E3-4E20-9B55-B9BB8244B15A}: NameServer = 203.116.1.94 203.116.254.150
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - (no file)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.199\McCHSvc.exe
To do this, please refer to the following steps:
1. Run HiJackThis. (Note: If there is a notification message, please click OK.)
2. In the HiJackThis Window, click "Do a system scan only". (Note: If there is a notification message, please click OK.)
3. Check the checkboxes beside the malicious entries listed above and click the "Fix Checked" button.
4. Click Yes to begin fixing the infected files.
Please check if the issue persists.
Regards,
Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
May 23rd, 2011 8:28am
O4 - HKCU\..\Run: [rstrui.exe] C:\WINDOWS\System32\rstrui.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://www.eset.com.sg/softdown/files/OnlineScanner.cab
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.199\McCHSvc.exe
Hi, the problem still persists.
These 3 files were not found during the HiJackThis Scan.
I think it is because of the recent system restore Startup Repair did after my computer failed to start. I tried to undo the system restore but did not see the undo button.
The rest of them were removed by HiJackThis.
The problem is when i flush the dns resolver cache and type ipconfig /displaydns the list returns to the state before it was flushed or newly accessed again. I also tried ipconfig /release
but that dosen't help.
I also reset the Winsock Catalog as told by Malwarebytes Forum and that didn't help.
May 23rd, 2011 12:54pm
Hi, The issue has been solved by Malwarebytes.
I won't be replying back so please close this thread as well for this thread -
http://social.technet.microsoft.com/Forums/en-US/itprovistasecurity/thread/600c3cb2-d492-4fa4-92f2-739e8ca67d1c
Thank you for the help that was offered.
- randomperson456
Free Windows Admin Tool Kit Click here and download it now
May 29th, 2011 3:48pm