Comments on whether my PC has a virus/malware & suggestions for management sought

[Perplexed]

Over the weekend I started having problems with my PC (HP Media centre PC)
accessing the internet . If I select a web site/address I initially get an
error message, "Cannot find server. The page cannot be displayed". I need
to refresh the page for the website to be viewable. Sometimes this only
requires one refresh, but others might require more than one refresh.

I have been more concerned because I have tried to run a couple of online
virus scans to see if they can pick anything up. Initially this morning I
wasn't able to download Trend Micro online scan to run it. I seemed to have
lost administrator access. Just now, when I went back to the page to try
the Trend on-line scan, it came up with a save as box for "hcimpl.cab" and
the Publisher is :Trend Micro Deutschland GMBH". Is this file the correct
one to download.
I have used Trend Micro before and I don't recall it having a "Deutschland
GMBH"
in the download file.

The PC is reasonably new and had a trial version of Nortons.
Immediately after Norton's trial period expired, I downloaded Trend Micro's
evaluation PC-illin internet security 2007. I used it for a week or two,
decided it wasn't what I was after and was looking for other options this
weekend. I am unable to uninstall Trend Micro. I get an uninstall error
message.

I have tried to download Kapersky to see if this might pick anything up.
When I click on download trial version, it gives me the message, "Cannot
find server. The page cannot be displayed". If I refresh this page,
instead of taking me to the web site to download the trial version, it
brings up a save as dialogue box without having taken me to the page to
select the download I want. The dialogue box asks me to save/run the file
"kisk6.0.0.303_au.exe". I'm not sure whether I'm being paranoid, but I
usually get to select what I'm downloading. When I try to run the free
on-line scan I get an error message "Please wait to update the virus
definitions...Kaspersky On-line Scanner license has expired!" I've not used
Kapersky before so this is an interesting message.

What's going on with my PC???? Help sought.

I've also run Spy Sweeper and it didn't pick up anything of great note.

Thanks all for advice

Anne

 

[pnbalaji]

Hi,

Since this is a brand new PC, I would suggest to use the recovery
option that comes with HP PC and then install the necessary softwares
that you need.

Alternatively, if you have created a system restore point previously,
you could use that option. To me, Norton is a resource hog and I
uninstalled it after the 60 days trial period. Now I am using Avast and
did not have any problems till now.

Thanks,
Balaji.

 

[Virus Guy]

Over the weekend I started having problems with my PC (HP Media
centre PC) accessing the internet . If I select a web site
address I initially get an error message, "Cannot find server.
The page cannot be displayed".

Set your DNS server in your network TCP/IP properties to 4.2.2.2.

What's going on with my PC?

Your computer is not obtaining a dynamically-assigned DNS server
address from either your router/modem or your ISP. I've found that
setting a fixed DNS server address to be more reliable than obtaining
one dynamically. One example of a generally reliable and
high-performance DNS server is 4.2.2.2. Your ISP probably has a list
of their own DNS servers, and you should set a few of those to be you
secondary DNS entries. You could always set 4.2.2.1 to be a secondary
DNS server.

One other thing is to check and see if you have a file called simply
"hosts".

It should be located in your \winnt\system32\drivers\etc folder. You
probably have one, but it should be a small file with an old file
date. If it's more than, say, 2kb in size, or if it has a recent file
date, then it could have been planted there by malware. You can do a
google search on "windows hosts file" to learn more about what it's
for and how it can be abused by malware.

 

[John Coutts]

Over the weekend I started having problems with my PC (HP Media centre PC)
accessing the internet . If I select a web site/address I initially get an
error message, "Cannot find server. The page cannot be displayed". I need
to refresh the page for the website to be viewable. Sometimes this only
requires one refresh, but others might require more than one refresh.

What's going on with my PC???? Help sought.

I've also run Spy Sweeper and it didn't pick up anything of great note.

Thanks all for advice

Anne

************** REPLY SEPARATER **************
The problem is not a virus; it is a problem with DNS translation. That is to
say that your browser is timing out trying to find a particular web site. When
you refresh the page, your DNS has had sufficient time to find the page and
place it in cache (on the server). When you make the second request, the
server responds relatively quickly, because it is already in cache. You can
change the default timeout on DNS translation, but it is unlikely that your ISP
is that slow and should only be considered as a last resort.

It is also possible that you are using too many DNS servers (more than 2 not
recommended). If you use more than 2 and one of them is invalid, your system
must timeout on the faulty one before it rolls over to a functional one. To
check what your DNS servers are, use the command line:

ipconfig /all

If you are using a NAT router, I recommend only a single DNS server (the router
itself). If the router fails, you won't get DNS translation anyway.

J.A. Coutts

 

[louise]

Set your DNS server in your network TCP/IP properties to 4.2.2.2.


Your computer is not obtaining a dynamically-assigned DNS server
address from either your router/modem or your ISP. I've found that
setting a fixed DNS server address to be more reliable than obtaining
one dynamically. One example of a generally reliable and
high-performance DNS server is 4.2.2.2. Your ISP probably has a list
of their own DNS servers, and you should set a few of those to be you
secondary DNS entries. You could always set 4.2.2.1 to be a secondary
DNS server.

One other thing is to check and see if you have a file called simply
"hosts".

It should be located in your \winnt\system32\drivers\etc folder. You
probably have one, but it should be a small file with an old file
date. If it's more than, say, 2kb in size, or if it has a recent file
date, then it could have been planted there by malware. You can do a
google search on "windows hosts file" to learn more about what it's
for and how it can be abused by malware.

I've been using Treewalk and 127.0,0.1. I just replaced
that with 4.2.2.2 and it seems more responsive. What is
this DNS?

Thanks.

Louise

 

[Virus Guy]

I've been using Treewalk and 127.0,0.1.

I have no idea what "Treewalk" is in this context. Is that a piece of
software? Is it your ISP?

127.0.0.1 is your local host - it's your own computer. It is not the
address of an external DNS server.

I just replaced that with 4.2.2.2 and it seems more responsive.
What is this DNS?

It's a DNS server that I think is on GTE's (or Genuity's?) network.
It's been rock solid for at least the past 3 years that I've been
using it.

 

[NeoPhyte_Rep]

I have no idea what "Treewalk" is in this context. Is that a piece of
software? Is it your ISP?

127.0.0.1 is your local host - it's your own computer. It is not the
address of an external DNS server.

http://treewalkdns.com/
"TreeWalk DNS is a Domain Name Server program which fetches and converts
Web Site human-readable names into the numbered addresses your computer
needs so that your browser, email, instant messenger, and FTP programs
can surf the Web."

It is installed on your machine so that the first opportunity to resolve
a name does not have to access the network. So, 127.0.0.1 (localhost)
is its Internet Protocol (IP) address.