Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNS Resolver Cache infection?


  • Please log in to reply
8 replies to this topic

#1 GKI

GKI

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 05 September 2009 - 05:21 AM

2 older computers w/XP Home SP3 are unable to clear their DNS Resolver Caches with 'stuck' bad spyware & porn related URLs. My new machine clears completely in CMD prompt: ipconfig /flushdns. Same command on the 2 old machines won't clear undesired urls. One is mostly 'antivirus2008.com' type stuff, and I'd really like to clean it up. Have used Malwarebytes on them. Both use Windows Live One Care, but it's probably due to bad surfing or hijacking (av2008) behavior on users' parts. :thumbsup:
Is there a tool that can clean the dns up, or is registry hacking necessary? Thanks.

BC AdBot (Login to Remove)

 


#2 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:07:01 PM

Posted 05 September 2009 - 12:04 PM

Hmm, how are you determining that these addresses aren't being flushed? What, if any, is the error message?

#3 GKI

GKI
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 05 September 2009 - 12:32 PM

After 'flushing' the dns, I 'display' it, and those unwanted urls are still present in the old boxes. On my new one, present dns's are flushed out to nothing when I do that, so I have this good box for comparison, thus leading to my question.

#4 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:07:01 PM

Posted 05 September 2009 - 12:40 PM

Take a look at your C:\WINDOWS\system32\drivers\etc\HOSTS file. Are the addresses listed in there?

#5 GKI

GKI
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 05 September 2009 - 02:44 PM

It would appear that a day's time (or threat of intervention) enabled flushing of dns to work properly this time, as verified by drilling as you directed, AA. :flowers:
It will be next wednesday before I can try it on my friend's box. He's the one with the real bad stuff.
I see that on my old box, the backups in that 'etc' folder have all the bad stuff, and more stuff. May I delete them or is there a way to remove all entries in them?

Thanks for the help!! :thumbsup:

#6 GKI

GKI
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 10 September 2009 - 04:08 AM

:flowers: Amazing Andrew: I only have access to the box with the 'spyware-virus' urls in the dns once a week. They are still there, and can't be flushed this week. Very persistant. What can I do to get rid of them, possibly delete the hosts files that contain them? Will the hosts file rebuild itself?
Do you need more information from me? :thumbsup:

#7 circaal

circaal

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 10 September 2009 - 10:53 AM

The only two ways I know of how to reset the host file is with winsockfix and Spybot - Search & Destroy. There should be tutorials for boh of these programs in the tutorials tab.
-BTY

#8 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:10:01 PM

Posted 10 September 2009 - 11:47 AM

http://www.bleepingcomputer.com/virus-remo...se-smitfraudfix

might have to run twice
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#9 GKI

GKI
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 11 September 2009 - 10:54 AM

circaal: 'winsockfix' redirects to Windows Defender - is this correct? The box in question has SB S&D on it, and has cleaned smitfraud problems in the past, currently though, shows clean results.
garmanma: I'll see this box next wednesday, & try that removal tool. I'm thinking the same lines both of you are, re: smitfraud.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users