Re: Local machine DNS failure in IE

anonymous_at_discussions.microsoft.com
Date: 09/09/04 

Date: Thu, 9 Sep 2004 15:44:29 -0700

Ace,

I may have stumbled on the culprit as I now have one of
the two WS back working and able to access the DNS
properly again. I found that the user in question had
just download the Living Marine Aquarium from
screensavers.com. On the WS I was spending my time on
this did not show up in add/remove programs sodidn't
realize this had been done. When I checked the other
system I spotted this and of course removed it as I have a
pet peeve about this kind of stuff. Immediately I had the
internet back on this system and my DNS was back to normal
response.

I have emailed screensavers.com for an uninstall utility
that I can use on ther other system to see if this holds
true for it also.

I will post back when I get and let know if this also
works on the other system.

Regards

Bill
>-----Original Message-----
>In news:89ae01c49625$14b09650$a301280a@phx.gbl,
>anonymous@discussions.microsoft.com
<anonymous@discussions.microsoft.com>
>made a post then I commented below
>> Ace,
>>
>> Thanks for the response, the issue experienced happened
>> all of a sudden and on the one WS since last Thursday.
>> The other WS affected either started late yesterday or
>> very early this am. On the 1st WS a user was on the net
in
>> the am then went to go back on after lunch and it
wouldn't
>> work.
>>
>> The one thing that is interesting is that the 2 WS this
is
>> happening on happens to have had the same user surfing
on
>> them. I suspect the same sites were visited by the
user.
>> I have cleared out IE but this didn't help.
>>
>> Two things that I forgot to mention in my origional post
>> are IE errors with a "cannot find DNS server" message.
>> The other is on boot and intialization of services NAV
is
>> returning a TCP error code 1003,13 and can't initialize
>> email scanning.
>>
>> It seems to me I am fighting a TCP/IP stack issue that I
>> haven't been able to resolve yet that is somehow
affecting
>> its DNS ability.
>>
>> I have forced the update of Norton with the latest
>> definition tables and ran a virus scan but nothing was
>> found.
>>
>> Does any of this further information trigger any more
>> thoughts or suggestions?
>>
>> Regards
>>
>> Bill
>
>Yes this does shine some light. I've been dealing with
hijacked machines
>lately with my clients and this sure sounds like it,
especially if the same
>user went to the same website. I have one client that
goes to orbitz.com
>(among many others) that are known spyware and adware
sites. Her machine was
>completely useless, can't go anywhere, DNS errors in the
browser, among many
>other things.
>
>If this is as I suspect, the machine needs to be cleaned
out using a combo
>of Adaware, Spybot, HIjackthis. Check the Run key in the
reg to see if
>there's anyother stuff than what should be there be
default or your current
>apps installed on it. If you see oddball stuff and not
sure what it is, use
>Google to search for it. Hijackthis can create a log that
you can upload to
>a site that is listed in the help and they can analyze it
for you.
>
>You'll have to come up with some sort of policy to stop
this in the future.
>Adaware Pro is a great tool to lock down machines, in
conjunction with AV
>software.
>
>--
>Regards,
>Ace
>
>Please direct all replies ONLY to the Microsoft public
newsgroups
>so all can benefit.
>
>This posting is provided "AS-IS" with no warranties or
guarantees
>and confers no rights.
>
>Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I,
MCT, MVP
>Microsoft Windows MVP - Windows Server - Directory
Services
>
>Security Is Like An Onion, It Has Layers
>HAM AND EGGS: A day's work for a chicken;
>A lifetime commitment for a pig.
>--
>=================================
>
>
>.
>

Relevant Pages

  • Re: How to enable communication between Two different lans (subnets)/ domains 2003 server based? Ass
    ... You will also almost certainly have DNS problems running a domain behind ... server domain, with a DHCP server running on one of the 2003 boxes. ... the "inner" subnet can see the original subnet and the Internet, ... The .227 machines can see the machines on the 192.168.1.0 subnet and the ...
    (microsoft.public.windows.server.networking)
  • RE: suspicious firewall rules in WinXP firewall
    ... When that site got taken down, DNS ... suspicious firewall rules in WinXP firewall ... I can ping out of these two machines, ... World renowned security experts reveal tomorrow's threats today. ...
    (Incidents)
  • Re: Removing "permanently offline" DC...
    ... Make sure that at least one of these machines is a Global Catalog ... In the DNS console, use the DNS MMC to delete the cname ... If this was a DNS server before you brought it down, ... Event 13516 OR 13509 which indicate successful replication. ...
    (microsoft.public.windows.server.active_directory)
  • Re: ISA 2006 and Listeners Part 2!
    ... All machines use only the internal AD/DNS ... No machine should ever use any other DNS ... The AD/DNS machine will use the ISP's DNS in the ... Microsoft Internet Security & Acceleration Server: ...
    (microsoft.public.isa.configuration)
  • Re: 2 PCs not visible in net view or network browsing - Why?
    ... > it is the SAME as the Primary DNS suffix -- but this is NOT ... :yes some are public but behind firewall, so only visible to local domain.. ... Between the working machines ... > Are you using a DC for a router (multiple NICs)? ...
    (microsoft.public.win2000.networking)