Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess Residual Effect DNS Problem


  • This topic is locked This topic is locked
6 replies to this topic

#1 iamseven

iamseven

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 27 October 2011 - 05:07 PM

Laptop got infected with the 0Access rootkit virus this past Monday. After a lot of research and effort (thanks to all on forums who post help!) I was able to remove the virus. But now have a VERY odd issue. I am able to gain an IP Address through DHCP, and DNS is properly assigned. However, I cannot go to any website by name. If I attempt to goto google.com I get the address not valid error. If I do an NSLookup to google or any website address it resolves correctly. If I ping by IP address it pings fine. If I ping by name it fails. I also can connect to websites or servers by IP Address but not by name.

I have run several Microsoft Fix-It programs with no success. I have run OTL and an NS checker posted on another topic. The resulting txt files are attached.

Any help is most appreciated! Thank you!!!!

Attached Files


Edited by hamluis, 27 October 2011 - 05:47 PM.
Moved from XP to Malware Removal Logs.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:34 AM

Posted 27 October 2011 - 08:20 PM

:welcome:

Download the HostsXpert 4.2 - Hosts File Manager.
  • Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
  • Run HostsXpert 4.2 - Hosts File Manager from its new home
  • Click on "File Handling".
  • Click on "Restore MS Hosts File".
  • Click OK on the Confirmation box.
  • Click on "Make Read Only?"
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Please open a command prompt (Start -> Run, type CDM and click OK). At the prompt type the following commands (you can also Copy and paste) and press Enter after each line:

ipconfig /release
ipconfig /renew
netsh winsock reset catalog
netsh int ip reset reset.log


Restart the computer and test.

If the issue persists, please attach the following files:

C:\ComboFix.txt
C:\TDSSKiller.2.6.12.0_24.10.2011_23.59.27_log.txt

Edited by JSntgRvr, 27 October 2011 - 08:28 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 iamseven

iamseven
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 28 October 2011 - 10:17 AM

No change. Still get the same address invalid error. Here are the other text files you asked for. The are in the zip file would not upload individually

Attached Files



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:34 AM

Posted 28 October 2011 - 12:33 PM

Can't see the problem. Try Open DNS and let me know the outcome.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 iamseven

iamseven
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 28 October 2011 - 01:41 PM

Same result incredibly. I even tried to uninstall and reinstall Kapersky thinking maybe it got messed up and was getting in the way.

#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:34 AM

Posted 28 October 2011 - 06:01 PM

Lets take a look at the registry.

Download the enclosed file

Save and extract its contents to the desktop. Once extracted, open the folder and click on the NicReqQuery.bat file. Post the contents of its report.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:34 AM

Posted 10 November 2011 - 05:33 PM

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users