Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Dns works with HOSTS file only

Status
Not open for further replies.
bonafide247

bonafide247

IS-IT--Management
May 28, 2003
76
US
I believe this is spyware/virus related. The problem laptop has been cleaned from an infection (no details on the virus name).

Here are the facts:

* Can retrive IP, DHCP, DNS
* Can ping IP addresses
* Can perform NSLOOKUP
* Can access URLs with manual HOST file entries; but not "automatically"
* Tried ipconfig /flushdns, and netsh reset int all

Any suggestions?
 
Sort by date Sort by votes
When you type in a web page address in your URL location bar the Browser (internet explorer, Firefox etc.) has to translate it in to an IP address. The IP address directs the browser to the exact location of the web page you typed in. If a Browser does not find a URL in your hosts file it will contact a DNS server and then connect the domain name (e.g. to an IP address.
Click to expand...
source: The Art of Hosts File Manipulation

what does this say... check your DNS settings under the NETWORK CONNECTIONS...

Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."
 
Upvote 0 Downvote
Ben, I can ping the DNS servers with no problems. I can also access a URL by IP address. My Ip settings are set for DHCP. I have no static settings for DNS on this laptop.

I did notice via protocl analyzer that whenever I ping a URL directly, it tries to resolve the name via Netbios over TCP/IP (NETBT). I tried disabling NETBT through the TCP/IP --> Advanced settings. After doing this, and trying to ping it flat doesn't attempt to resolve either by DNS or NETBT.

Only when I manually enter a URL in HOSTS, will it resolve correctly. Might have to wipe this puppy out and start over.
 
Upvote 0 Downvote
Ben, there is nothing in the HOSTS file except the loopback and a manual entry for Google.
 
Upvote 0 Downvote
Yes, the DNS Client Service is turned on, and also restarted. Forgot to mention that step in the above post.
 
Upvote 0 Downvote
can you list a IPCONFIG /ALL output?

and have you tried to deinstall the NIC, from the Device Manager, then rebooting... Windows will install the drivers for the NIC...

also just for peace of mind, have you reset the WINSOCKS? if not, then DL WinsockFix from the following link and run it, then reboot...




Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."
 
Upvote 0 Downvote
Yes, I previously removed the NICs, tried that exact same Winsock program. Still no good.
 
Upvote 0 Downvote
Nothing unusual in the IPCONFIG output:

Windows IP Configuration



Host Name . . . . . . . . . . . . : your-4105e587b6
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
DNS Suffix: mycompany.local



Ethernet adapter Local Area Connection 2:



Connection-specific DNS Suffix . : mycompany.local
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

Physical Address. . . . . . . . . : <users MAC>
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.14.121
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.14.1
DHCP Server . . . . . . . . . . . : 192.168.14.84
DNS Servers . . . . . . . . . . . : 192.168.14.84
192.168.1.84
Primary WINS Server . . . . . . . : 192.168.14.84
Secondary WINS Server . . . . . . : 192.168.1.84
Lease Obtained. . . . . . . . . . : Tuesday, September 23, 2008 9:22:01 AM

Lease Expires . . . . . . . . . . : Wednesday, September 24, 2008 9:22:01 AM



 
Upvote 0 Downvote
It appears from the IPCONFIG results that you might have a router in the equation. If you log into the router and check the status page does it show the actual DNS servers that the router gets from your ISP?
If so enter them into the settings of the network card and then try surfing.
Does it resolve DNS after making the settings?
 
Upvote 0 Downvote
The network I am using this laptop on has the same DNS/DHCP settings, and have no problems routing or resolving DNS names. The problem is on the laptop exclusively.

At this point, the customer is leaning towards a wipe and reimage, which I agree with.
 
Upvote 0 Downvote
At this point, the customer is leaning towards a wipe and reimage, which I agree with.
Click to expand...
I agree, pinpointing the problem may be more trouble than reinstalling the OS from scratch and the side benefit is that any lingering problem with remnants of malware are taken care off...

sorry, that I was no more help than in the above confirmation...

Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."
 
Upvote 0 Downvote
Not a problem Ben. I am very appreciative to you and everyone who attempted to help me with this problem. Have a great day.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

2ffat
  • Locked
  • News
Lenovo isn't the only one with bad certificates 5
Replies
6
Views
188
2ffat
2ffat
DrB0b
  • Locked
  • Question
Crytowall 3.0 and How I dealt with it 2
Replies
7
Views
146
DrB0b
DrB0b
BionicJohn
  • Locked
  • Question
URUASY.A Ransomware Trojan - Help needed with removal
Replies
6
Views
119
BionicJohn
BionicJohn
mscallisto
  • Locked
  • Question
Can I get a virus in a picture file (like .jpg etc.)? 3
Replies
5
Views
131
mscallisto
mscallisto
OsakaWebbie
  • Locked
  • Question
PHP file found on flash drive - how could it have been used? 1
Replies
12
Views
156
OsakaWebbie
OsakaWebbie

Part and Inventory Search

Sponsor

Back
Top