Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNS_PROBE_FINISHED_NXDOMAIN issue


  • Please log in to reply
10 replies to this topic

#1 ixy

ixy

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 08 January 2016 - 09:17 PM

Hello.

 

I've been having issues with network connectivity on my computer in the last few weeks.

It started with infecting my computer with some kind of adware. Due to that, I have opened a similar thread for the same issue in the appropriate forum.

 

However, after cleaning my computer and following instructions in the linked thread, the NXDOMAIN issue stays active.

At this point I'm unsure if the issue is still caused by malware, my network settings or something else.

 

There are no proxies in the LAN settings, my network seems to be properly configured as far as I can see (I get the same issue when automatically obtaining DNS server address as well as when using Google's DSN servers) and I can't find any suspicious software, processes or services running.

 

As advised in the other thread, I ran the MiniToolBox analysis and am attaching the log file here.

 

Thanks for any help in advance.

 

 

Attached Files

  • Attached File  MTB.txt   58.17KB   3 downloads


BC AdBot (Login to Remove)

 


#2 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:07 AM

Posted 08 January 2016 - 10:03 PM

G'day ixy, and Welcome to BC

 

Please run this for me.

 

Copy and paste the resulting log into your reply

 

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.

    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. This gives a preliminary reading, and clears your Antivirus/Antimalware programs.
    You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
    Double-click on the Rkill desktop icon to run the tool.
    If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    A black DOS box will briefly flash for a minute or so, and then disappear. This is normal and indicates the tool ran successfully.
    If not, delete the file, then download and use the one provided in Link 2.
    Do not reboot until you run the next few tools.
    If the tool does not run from any of the links provided, please let me know.
    If normal mode still doesn't work, run the tool from safe mode.
    When the scan is done Notepad will open with Rkill log.
    Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#3 ixy

ixy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 10 January 2016 - 10:17 AM

I have run RKill. The log is attached to the post.

Attached Files



#4 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:07 AM

Posted 10 January 2016 - 08:33 PM

I would be 99% certain this is not malware related.....nasdaq concurs....(post #8 of your previous topic)

 

I would totally uninstall "LogMeIn Hamachi"

 

Download and use Revo Uninstaller    to do the uninstallation.

 

Hamachi has a few problems showing in google searches re DNS....


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#5 ixy

ixy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 11 January 2016 - 04:01 AM

Yeah, it's probably not malware related anymore. At least not related to the adware I had.

However, the problem started occuring after cleaning the computer with MalwareBytes, so it must have changed something.

 

I uninstalled Hamachi using Revo, but it didn't help.

 

Any ideas on what to try next?



#6 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:07 PM

Posted 11 January 2016 - 04:15 AM

Your FRST log at your other topic shows that:

Tcpip\Parameters: [NameServer] 
Tcpip\..\Interfaces\{4C351ABB-A636-4A51-B812-FD8A1F77C2CD}: [NameServer] 
Tcpip\..\Interfaces\{5D14FFBB-DD50-436F-9D0A-27E1C6C04090}: [NameServer] 
Tcpip\..\Interfaces\{61BE3C46-E335-4373-B26A-64945D3AD4CE}: [NameServer] 
Tcpip\..\Interfaces\{9CF7CC2B-829B-4EF1-96BF-4AFD9BA11F8C}: [NameServer] 
Tcpip\..\Interfaces\{B97CC93A-80FD-4808-A675-95EE708BCA0E}: [NameServer] 
This is due to the dnslocker ip's that were removed by a tool like MBAM.
In the "NameServer" value, a space was left in the empty value, like this:

"NameServer"=" "

I'm sure nasdaq could review and fix it...

Edited by Jo*, 11 January 2016 - 04:25 AM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 ixy

ixy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 11 January 2016 - 04:27 AM

That does look promising. I linked your reply in the original thread, so hopefully nasdaq will see it.

 

Thanks for taking the time and helping me out with this! <3



#8 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:07 AM

Posted 11 January 2016 - 05:09 AM

Just for something to do while you wait.....

 

Follow the instructions HERE   Look to see if the settings are as suggested ....also be sure to clear the Chrome Cache....instructions on the same page

 


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,540 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:07 AM

Posted 11 January 2016 - 09:19 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-1802380458-132828128-3351205960-1000\...\Run: [AdobeBridge] => [X]
Tcpip\Parameters: [NameServer]
Tcpip\..\Interfaces\{2E35359F-D32B-4766-B5BE-B5C834838EA5}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{4C351ABB-A636-4A51-B812-FD8A1F77C2CD}: [NameServer]
Tcpip\..\Interfaces\{5D14FFBB-DD50-436F-9D0A-27E1C6C04090}: [NameServer]
Tcpip\..\Interfaces\{61BE3C46-E335-4373-B26A-64945D3AD4CE}: [NameServer]
Tcpip\..\Interfaces\{9CF7CC2B-829B-4EF1-96BF-4AFD9BA11F8C}: [NameServer]
Tcpip\..\Interfaces\{B97CC93A-80FD-4808-A675-95EE708BCA0E}: [NameServer]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#10 ixy

ixy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 11 January 2016 - 03:21 PM

That seems to have done the trick. Everything works fine now.

 

Thanks everyone for all the help, I really appreciate it.

I'm still attaching the fixlog to this post, for posterity's sake.

 

I think it's now safe to lock this thread (as well as the original one). 


Once again, thanks!

Attached Files



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,540 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:07 AM

Posted 12 January 2016 - 10:29 AM

Glad we could help.


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users