Strangeness.......PLEASE HELP!

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have seen this one on a few different machines and am TOTALLY stumped: I
get a call from a client who is having trouble getting to certain websites.
Ran Spybot and AdAware and they cleaned up a few things (nothing major)....no
viruses either. Checked the restricted sites and there were A TON of them
that the user did not put there. I removed them but was unable to get to the
certain sites. I did an nslookup and in some cases WAS able to go to the
site using the address and not the name so I figured there was something
wrong with the DNS settings. When I change the DNS settings to another DNS
(from Comcast to Qwest for example) I was able to get to some of the sites.
I checked the HOSTS file and it was normal. I decided to add some entries in
the HOST file for some of the critical sites and then it started working ok
but again, could not get to ALL of the sites that I wanted by name. Checked
the restricted sites list again and it had some ADDED to it that were not
there before. I have now had this happen on three different PCs on three
different networks so I am running out of ideas......any one heard of this
before??? Nothing on SARC about it....I figure it is Spyware but it did not
find anything. Also ran HiJack This but it was unable to fix it also.
HELP!!!! Please reply to (e-mail address removed)
 
what are the sites that are being added to the restricted sites?? there
used to be a virus that would add anti-virus web sites to the hosts file
with 127.0.0.1 ip addresses so you could not get to them, maybe this is a
similar attack. you should probably boot those machines to safe mode and
try a virus scan with a tool tha is not installed on the machine now to be
sure it hasn't been corrupted or disabled by a virus.
 
I tried safe mode scanning as well. The entries were not beinbg made in the
host file they were showing up under tools, Internet options, security,
restricted sites. I have recently heard of a M$ product that is a spy-ware
detector that is memory resident and is in BETA and one of the machines had
this installed and I am wondering if it was adding these sites to the list
but that was my only idea. (Can't believe anyone would install a M$ BETA
product--let alone a SPYWARE scanner! ha ha)
 
I have now determined that it is a DNS problem. When I do a NSLOOKUP from a
differetn (fully functional) machine and use that IP address to surf on the
"infected" machine, the page comes up ok. So it looks like a DNS issue to me
but how it is getting the wrong DNS info on just SOME of the websites....I do
not know.
 
Back
Top