Posted 15 January 2009 - 09:41 AM
Just came across another computer with the same thing. Ping avg.com replies with 127.0.0.1. This is the third computer I have come across with this and I have spent hours and days trying to figure this thing out. I know it would be easier to just rebuild but I just need to know how it is doing this. It canít be a fluke I added entries like lenny.com to the host and the resolve as expected. I added avg.com in host and it still resolves to 127.0.0.1 no matter what. I turn of dns cahce, I change dns server priority, I even try adding to lmhost and always pings to 127.0.0.1 no matter what.
I have checked intenet zones, my computer zone, hostname aliases and find nothing. HJT log looks clean., tcpip.sys dnsrsvl.dll all seem legit even copied from know good computer. I have used netdiag, ipseccmd /debug and nothing.
I would love any sugestions. I really would love to track this down before a system rebuild
The only thing I can figure is some type of iis server with root aliases. All three computers have the same similarities a bunch of open TCP 1516 port local computer to local host, and the google results links are being hijacked from some active script, (not java) to goto random search pages.
Turn off active scripting and google results work fine, (would like to find which script is causing it but not sure how to do that). I added an IPSEC filter to block TCP 1516 both inbound and outbound and still pings to 127.0.0.1
I am going to do a command level virus scan using panda and sfc /scannow and see what it finds. Avg, spybot, found nothing.