Re: Strangeness.......PLEASE HELP!
From: Fizzasist (Fizzasist_at_discussions.microsoft.com)
Date: 01/28/05
- Next message: Tomas.Bell: "Lost write permission to Network Share (Home folder)"
- Previous message: Dave: "Re: target computer locks itself when using RD"
- In reply to: Fizzasist: "Re: Strangeness.......PLEASE HELP!"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 28 Jan 2005 06:45:05 -0800
I have now determined that it is a DNS problem. When I do a NSLOOKUP from a
differetn (fully functional) machine and use that IP address to surf on the
"infected" machine, the page comes up ok. So it looks like a DNS issue to me
but how it is getting the wrong DNS info on just SOME of the websites....I do
not know.
"Fizzasist" wrote:
> I tried safe mode scanning as well. The entries were not beinbg made in the
> host file they were showing up under tools, Internet options, security,
> restricted sites. I have recently heard of a M$ product that is a spy-ware
> detector that is memory resident and is in BETA and one of the machines had
> this installed and I am wondering if it was adding these sites to the list
> but that was my only idea. (Can't believe anyone would install a M$ BETA
> product--let alone a SPYWARE scanner! ha ha)
>
> "Dave" wrote:
>
> > what are the sites that are being added to the restricted sites?? there
> > used to be a virus that would add anti-virus web sites to the hosts file
> > with 127.0.0.1 ip addresses so you could not get to them, maybe this is a
> > similar attack. you should probably boot those machines to safe mode and
> > try a virus scan with a tool tha is not installed on the machine now to be
> > sure it hasn't been corrupted or disabled by a virus.
> >
> > "Fizzasist" <Fizzasist@discussions.microsoft.com> wrote in message
> > news:89EA0CA8-B868-4EE5-B3DA-613541CAA956@microsoft.com...
> > > I have seen this one on a few different machines and am TOTALLY stumped:
> > I
> > > get a call from a client who is having trouble getting to certain
> > websites.
> > > Ran Spybot and AdAware and they cleaned up a few things (nothing
> > major)....no
> > > viruses either. Checked the restricted sites and there were A TON of them
> > > that the user did not put there. I removed them but was unable to get to
> > the
> > > certain sites. I did an nslookup and in some cases WAS able to go to the
> > > site using the address and not the name so I figured there was something
> > > wrong with the DNS settings. When I change the DNS settings to another
> > DNS
> > > (from Comcast to Qwest for example) I was able to get to some of the
> > sites.
> > > I checked the HOSTS file and it was normal. I decided to add some entries
> > in
> > > the HOST file for some of the critical sites and then it started working
> > ok
> > > but again, could not get to ALL of the sites that I wanted by name.
> > Checked
> > > the restricted sites list again and it had some ADDED to it that were not
> > > there before. I have now had this happen on three different PCs on three
> > > different networks so I am running out of ideas......any one heard of this
> > > before??? Nothing on SARC about it....I figure it is Spyware but it did
> > not
> > > find anything. Also ran HiJack This but it was unable to fix it also.
> > > HELP!!!! Please reply to randycarr@pobox.com
> >
> >
> >
- Next message: Tomas.Bell: "Lost write permission to Network Share (Home folder)"
- Previous message: Dave: "Re: target computer locks itself when using RD"
- In reply to: Fizzasist: "Re: Strangeness.......PLEASE HELP!"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
