Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNS Service not working properly - Vista Home Premium


  • Please log in to reply
19 replies to this topic

#1 elfmagic

elfmagic

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:29 AM

Posted 13 April 2016 - 12:04 PM

I'm pretty sure I ran a bad copy of malwarebytes and it did something to my DNS service.

No browsers will resolve names anymore, nor can I ping or traceroute to any named website from the command line. I can ping the DNS, and any other working IP  address,  though.

 

I can run dns services, and surf websites  from linux when i boot slax, or lubunto from a CD, just fine on the same network from the same PC. 

 

I've run several anti-virus programs against the windows system, and there appears no malware in it now. But the damage is done. Can anyone please help me methodically try to repair the problem?

 

What should I do first?



BC AdBot (Login to Remove)

 


#2 TheJokerz

TheJokerz

  • Members
  • 286 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:02:29 PM

Posted 13 April 2016 - 12:28 PM

Have you tried flushing the dns?

 

Open a cmd prompt and type this ipconfig /flushdns, I would then follow with ipconfig /release then ipconfig /renew

 

Hopefully this will help!


utl8q0-5.png


#3 JohnC_21

JohnC_21

  • Members
  • 23,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 PM

Posted 13 April 2016 - 12:41 PM

If you ran malwarebytes and it found malware or adware and removed it then it's possible your Winsock is corrupted. If TheJokerz suggestion does not work then type CMD in your Search Box > Right click Run As Administrator and type the following commands.

netsh winsock reset
netsh int ip reset c:\resetlog.txt

Reboot the computer.



#4 elfmagic

elfmagic
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:29 AM

Posted 13 April 2016 - 04:25 PM

Have you tried flushing the dns?

 

Open a cmd prompt and type this ipconfig /flushdns, I would then follow with ipconfig /release then ipconfig /renew

 

Hopefully this will help!


Yes, I had - I did it again and restarted and still nothing.


Have you tried flushing the dns?

 

Open a cmd prompt and type this ipconfig /flushdns, I would then follow with ipconfig /release then ipconfig /renew

 

Hopefully this will help!

Thanks, by the way!



#5 elfmagic

elfmagic
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:29 AM

Posted 13 April 2016 - 04:30 PM

If you ran malwarebytes and it found malware or adware and removed it then it's possible your Winsock is corrupted. If TheJokerz suggestion does not work then type CMD in your Search Box > Right click Run As Administrator and type the following commands.

netsh winsock reset
netsh int ip reset c:\resetlog.txt

Reboot the computer.


I did this and noted the following.

Microsoft Windows [Version 6.0.6002]
Copyright © 2006 Microsoft Corporation.  All rights reserved.
 
C:\Users\bruce>netsh winsock reset
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
C:\Users\bruce>netsh int ip reset c:\resetlog.txt
Reseting Echo Request, failed.
Access is denied.
 
There's no user specified settings to be reset.
 
 
Then I rebooted and it still isn't working...;. Thanks though.


#6 JohnC_21

JohnC_21

  • Members
  • 23,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 PM

Posted 13 April 2016 - 04:41 PM

I am not sure you ran those commands at an elevated command prompt. The prompt would be C:\Windows\System32 not C:\Users as in your case.



#7 elfmagic

elfmagic
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:29 AM

Posted 13 April 2016 - 07:49 PM

I am not sure you ran those commands at an elevated command prompt. The prompt would be C:\Windows\System32 not C:\Users as in your case.

Thanks for your input.
 
I thought of that after I posted, thinking it was some kind of permissions problem, and then found out how to show the administrator login and logged in directly as administrator,
typed in the commands (and even invoked cmd.exe as administrator)  and still got the same messages. Also it still doesn't work.
 
Do you know what the logfile.txt is?

I would have taken a screen snapshot but the capture program i'm using doesn't run under admiinistrator because it needs the web to initialize and I can't get the web to work without DNS...


#8 JohnC_21

JohnC_21

  • Members
  • 23,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 PM

Posted 13 April 2016 - 08:04 PM

There would be a text file on the root of C: called resetlog.txt . The access denied message means you have a permissions problem with the registry or files. This was a know problem with Windows 8 but I never heard Vista having an access denied error trying to reset TCP/IP. Does the resetlog.txt file show anything?

 

See this page, post #18. Look at the registry key as noted. Is this key in your registry? Does it have Full Control Privileges?

 

You can try the following utility. Run it and select Advanced Repair.

 

http://www.bleepingcomputer.com/download/netadapter-repair-all-in-one/

 

Edit: Are you using the Windows Firewall or a Security Suite?


Edited by JohnC_21, 13 April 2016 - 08:08 PM.


#9 elfmagic

elfmagic
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:29 AM

Posted 13 April 2016 - 09:43 PM

I can't prove it, necessarily, but I think I ran a counterfeit version of malwarebytes just before this problem manifested.... 

Does that help?

I might even be able to dig up the suspected offending prgram, if anyone is interested.



#10 elfmagic

elfmagic
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:29 AM

Posted 13 April 2016 - 09:50 PM

There would be a text file on the root of C: called resetlog.txt . The access denied message means you have a permissions problem with the registry or files. This was a know problem with Windows 8 but I never heard Vista having an access denied error trying to reset TCP/IP. Does the resetlog.txt file show anything?

 

See this page, post #18. Look at the registry key as noted. Is this key in your registry? Does it have Full Control Privileges?

 

You can try the following utility. Run it and select Advanced Repair.

 

http://www.bleepingcomputer.com/download/netadapter-repair-all-in-one/

 

Edit: Are you using the Windows Firewall or a Security Suite?

I hadn't seen this post, until after my subsequent one.
The Suite was disabled and much of it deleted apparently from what I gathered from the last rkill I did.


Thank you for replying. I'll check my registry and get back to  you. It's going to be a long day tomorrow and I'll be exhausted by the end of it, and won't be able to succinctly reply probably until after tomorrow afternoon, or Friday (Pacific Time), at best.

I've tried to restart windows firewall services several times and it's broken and I get messages to tell me to look at the event log. 

 

Thanks for replying :)  Have a great day!


 



#11 JohnC_21

JohnC_21

  • Members
  • 23,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 PM

Posted 14 April 2016 - 07:37 AM

Open a command prompt and type

 

sfc /scannow

 

It will look for and try to replace missing or corrupt system files.



#12 elfmagic

elfmagic
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:29 AM

Posted 15 April 2016 - 01:20 AM

Open a command prompt and type

 

sfc /scannow

 

It will look for and try to replace missing or corrupt system files.

That was one of the first things I did. It didn't find anything wrong..

 

It's been a rough couple of days... Thank all of you for trying to help. I'll try to catch up on Friday..  

Thanks all of you... 



#13 elfmagic

elfmagic
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:29 AM

Posted 16 April 2016 - 02:28 AM

 

There would be a text file on the root of C: called resetlog.txt . The access denied message means you have a permissions problem with the registry or files. This was a know problem with Windows 8 but I never heard Vista having an access denied error trying to reset TCP/IP. Does the resetlog.txt file show anything?
 
See this page, post #18. Look at the registry key as noted. Is this key in your registry? Does it have Full Control Privileges?
 
You can try the following utility. Run it and select Advanced Repair.
 
http://www.bleepingcomputer.com/download/netadapter-repair-all-in-one/
 
Edit: Are you using the Windows Firewall or a Security Suite?

I hadn't seen this post, until after my subsequent one.
The Suite was disabled and much of it deleted apparently from what I gathered from the last rkill I did.


Thank you for replying. I'll check my registry and get back to  you. It's going to be a long day tomorrow and I'll be exhausted by the end of it, and won't be able to succinctly reply probably until after tomorrow afternoon, or Friday (Pacific Time), at best.

I've tried to restart windows firewall services several times and it's broken and I get messages to tell me to look at the event log. 
 
Thanks for replying :)  Have a great day!

 

John, Thanks again... I'm new to this group and don't know how to upload a picture of the registry entries regarding #18... ..

With great respect to your observation, I don't access to any of those entries.... Please give me a day or two to get one of my web spaces accessible to me from windows, as I try use this slax system as a stopgap.  Thanks for asking, though.. :) later

 



#14 JohnC_21

JohnC_21

  • Members
  • 23,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 PM

Posted 16 April 2016 - 08:06 AM

I don't think your problem is what is shown. Go to this key in the registry. Type registry in the search box and drill down to the following registry key.

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a00-9b1a-11d4-9123-0050047759bc}

 

If you do not see a subkey named 26 then the solution will not work for you. I would first recommend you download and run Windows All In One Repair. Only check the firewall repair and see if that solves the problem of being able to disable your firewall.

 

From your post #10 The Suite was disabled and much of it deleted apparently from what I gathered from the last rkill I did

Have you tried uninstalling your Security Suite. Was this a Rouge Security Suite that rkill deleted or a legitimate Security Suite? 



#15 elfmagic

elfmagic
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:29 AM

Posted 20 April 2016 - 03:23 AM

There would be a text file on the root of C: called resetlog.txt . The access denied message means you have a permissions problem with the registry or files. This was a know problem with Windows 8 but I never heard Vista having an access denied error trying to reset TCP/IP. Does the resetlog.txt file show anything?

 

See this page, post #18. Look at the registry key as noted. Is this key in your registry? Does it have Full Control Privileges?

 

You can try the following utility. Run it and select Advanced Repair.

 

http://www.bleepingcomputer.com/download/netadapter-repair-all-in-one/

 

Edit: Are you using the Windows Firewall or a Security Suite?


Thanks for you patience. It's very difficult not being able to access the net from the windows side. (Again i'm using a linux (Slax) CD to boot and access the web.  The registry keys are not there. I can show you what I have, it's at 

http://elfmagic.byethost16.com/discrepancynsi.png  - I've downloaded the repair utility you mentioned to a directory that I'll run it from in Windows the next time I boot. I want to thank you from the bottom of my heart for your advice.  I'll fill you in later. Thanks so much, again.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users