Can't flush bad DNS entries from cache

[Ted]

In Win2K I type the following to illistrate the problem.
I can not figure out how to remove the bad entries from
the DNS cache. Can you help?

Comment: Ping and IE resolve Domain name to a bad IP
address.
C:>ping www.altavista.com

Pinging www.altavista.com [207.44.194.56] with 32 bytes of
data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 207.44.194.56:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Comment: nslookup gets the right address.
C:>nslookup www.altavista.com
Server: dns2.wideopenwest.com
Address: 64.233.207.2

Non-authoritative answer:
Name: altavista.com
Addresses: 209.73.164.91, 209.73.180.8
Aliases: www.altavista.com

Comment: the local DNS cache has the bad address. It's got
a time-to-live of 1 year.
C:>ipconifg /displaydns
www.altavista.com.
------------------------------------------------------
Record Name . . . . . : www.altavista.com
Record Type . . . . . : 1
Time To Live . . . . : 31103737
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 207.44.194.56

Comment: try and get rid of the bad address
C:>ipconfig /flushdns

Windows 2000 IP Configuration

Successfully flushed the DNS Resolver Cache.

Comment: it doesn't work, the bad address is still there.
C:>ipconfig /displaydns
www.altavista.com.
------------------------------------------------------
Record Name . . . . . : www.altavista.com
Record Type . . . . . : 1
Time To Live . . . . : 31103737
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 207.44.194.56


Comment: stoping "DNS Client" has no effect.

 

[Kevin D. Goodknecht]

In

In Win2K I type the following to illistrate the problem.
I can not figure out how to remove the bad entries from
the DNS cache. Can you help?

Comment: Ping and IE resolve Domain name to a bad IP
address.
C:>ping www.altavista.com

Pinging www.altavista.com [207.44.194.56] with 32 bytes of
data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 207.44.194.56:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Comment: nslookup gets the right address.
C:>nslookup www.altavista.com
Server: dns2.wideopenwest.com
Address: 64.233.207.2

Non-authoritative answer:
Name: altavista.com
Addresses: 209.73.164.91, 209.73.180.8
Aliases: www.altavista.com

Comment: the local DNS cache has the bad address. It's got
a time-to-live of 1 year.
C:>ipconifg /displaydns
www.altavista.com.
------------------------------------------------------
Record Name . . . . . : www.altavista.com
Record Type . . . . . : 1
Time To Live . . . . : 31103737
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 207.44.194.56

Comment: try and get rid of the bad address
C:>ipconfig /flushdns

Windows 2000 IP Configuration

Successfully flushed the DNS Resolver Cache.

Comment: it doesn't work, the bad address is still there.
C:>ipconfig /displaydns
www.altavista.com.
------------------------------------------------------
Record Name . . . . . : www.altavista.com
Record Type . . . . . : 1
Time To Live . . . . : 31103737
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 207.44.194.56


Comment: stoping "DNS Client" has no effect.

Hmm. must be in a hosts file.

 

[Rahul Indurkar [MS]]

Yes, that sounds correct. I did a search on this, and this appears to be a
known trojan. Check out below

http://lists.netsys.com/pipermail/full-disclosure/2003-October/011259.html

You should probably do a full virus scan.

--
-Rahul.
---
This posting is provided "AS IS" with no warranties, and confers no rights.
---

In

In Win2K I type the following to illistrate the problem.
I can not figure out how to remove the bad entries from
the DNS cache. Can you help?

Comment: Ping and IE resolve Domain name to a bad IP
address.
C:>ping www.altavista.com

Pinging www.altavista.com [207.44.194.56] with 32 bytes of
data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 207.44.194.56:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Comment: nslookup gets the right address.
C:>nslookup www.altavista.com
Server: dns2.wideopenwest.com
Address: 64.233.207.2

Non-authoritative answer:
Name: altavista.com
Addresses: 209.73.164.91, 209.73.180.8
Aliases: www.altavista.com

Comment: the local DNS cache has the bad address. It's got
a time-to-live of 1 year.
C:>ipconifg /displaydns
www.altavista.com.
------------------------------------------------------
Record Name . . . . . : www.altavista.com
Record Type . . . . . : 1
Time To Live . . . . : 31103737
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 207.44.194.56

Comment: try and get rid of the bad address
C:>ipconfig /flushdns

Windows 2000 IP Configuration

Successfully flushed the DNS Resolver Cache.

Comment: it doesn't work, the bad address is still there.
C:>ipconfig /displaydns
www.altavista.com.
------------------------------------------------------
Record Name . . . . . : www.altavista.com
Record Type . . . . . : 1
Time To Live . . . . : 31103737
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 207.44.194.56


Comment: stoping "DNS Client" has no effect.

Hmm. must be in a hosts file.

 

[Ted]

Rahul, Kevin;
Yes, you are correct.
It was the QHosts-1 Trojan.
I'm well now.
Thank you for helping me.
Ted

-----Original Message-----
Yes, that sounds correct. I did a search on this, and this appears to be a
known trojan. Check out below

http://lists.netsys.com/pipermail/full-disclosure/2003- October/011259.html

You should probably do a full virus scan.

--
-Rahul.
---
This posting is provided "AS IS" with no warranties, and confers no rights.
---

In

In Win2K I type the following to illistrate the problem.
I can not figure out how to remove the bad entries from
the DNS cache. Can you help?

Comment: Ping and IE resolve Domain name to a bad IP
address.
C:>ping www.altavista.com

Pinging www.altavista.com [207.44.194.56] with 32 bytes of
data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 207.44.194.56:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Comment: nslookup gets the right address.
C:>nslookup www.altavista.com
Server: dns2.wideopenwest.com
Address: 64.233.207.2

Non-authoritative answer:
Name: altavista.com
Addresses: 209.73.164.91, 209.73.180.8
Aliases: www.altavista.com

Comment: the local DNS cache has the bad address. It's got
a time-to-live of 1 year.
C:>ipconifg /displaydns
www.altavista.com.
--------------------------------------------------- ---
Record Name . . . . . : www.altavista.com
Record Type . . . . . : 1
Time To Live . . . . : 31103737
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 207.44.194.56

Comment: try and get rid of the bad address
C:>ipconfig /flushdns

Windows 2000 IP Configuration

Successfully flushed the DNS Resolver Cache.

Comment: it doesn't work, the bad address is still there.
C:>ipconfig /displaydns
www.altavista.com.
--------------------------------------------------- ---
Record Name . . . . . : www.altavista.com
Record Type . . . . . : 1
Time To Live . . . . : 31103737
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 207.44.194.56


Comment: stoping "DNS Client" has no effect.

Hmm. must be in a hosts file.

.