pc virus?

**Catamer** · 01-18-2010, 01:08 PM

my friend brought his PC over and he wants me to fix it.

he has IE & Chrome installed.
if you bring up either it says the website is unavailable ( doesn't matter what website )
I can ping yahoo.com and google.com by name but none of the web browsers go anywhere.

Anyone have ideas as to what's up?

It's almost like the firewall is preventing all HTTP

**Ughmahedhurtz** · 01-18-2010, 03:55 PM

You'll probably have to create a USB or CD rescue disk to fix that as you can't install any antivirus and can't get to web sites to do online scans. There are plenty of good apps for this. McAfee Stinger is a decent one that targets all the popular current infections. Portable Apps has several popular AV apps setup for USB keys.

**Catamer** · 01-18-2010, 09:38 PM

well, I tried McAfee Stinger... it didn't help.

it's the most amazing thing, windows update can get to the internet but anything to do with web browsing is dead.

**Khatovar** · 01-19-2010, 12:38 AM

It vaguely sounds like something along the lines of Newdotnet. I haven't kept up on it because I don't work in DNS anymore, but it used to basically hijack DNS routing to put traffic through their servers so you could see domains using TLDs that they were selling, like .shop, .xxx and other TLDs that aren't actual ICANN registrations.

Not remotely saying that's the problem. Like I said, that's how it USED to work, and at a glance it doesn't look like much has changed, however it could be something else entirely. But if a program like that screwed up DNS routing and then was corrupted or removed incorrectly, it could cause issues like that.

http://en.wikipedia.org/wiki/New.net

http://www.pchell.com/support/savenow.shtml

**Catamer** · 01-19-2010, 12:44 PM

it's definately a DSN/winsock screwup.
if I ping yahoo.com from his pc I get 209.131.36.159 and if I do it from my pc I get 209.191.93.53
I tried a few places that said they had fixes to the registry to reset the winsock parameters but they haven't worked. I can only assume that whatever is infecting the PC is re-infecting it at reboot.

**TheFailTrain** · 01-19-2010, 06:19 PM

Both of those IP address for yahoo.com look valid to me. if you do an nslookup on yahoo.com it resolves to 3 IPs.

C:\Documents and Settings\********>nslookup yahoo.com
Server: den-entdc-002*****************************
Address: 10.101.150.26

Non-authoritative answer:
Name: yahoo.com
Addresses: 209.191.93.53, 69.147.114.224, 209.131.36.159

Have you checked the host file on that machine to see if anything was added to it?

also have you tried to telnet to yahoo.com on port 80. If you get a response from the yahoo server then you know its not a firewall issue.

**Catamer** · 01-20-2010, 04:42 PM

FOUND IT!
I had installed the latest IE8 and it's debug check told me to look at the proxy settings.

something ( possibly a virus ) had left his proxy settings turned on. the checkers had cleared the value though.
so the check boxes for bypass proxy for local addresses was checked as well as use proxy for all internet access and there was no proxy set.

**d0z3rr** · 01-20-2010, 04:53 PM

He probably tried some internet anonymizer. Is he viewing questionable materials on his machine? :P

Thread: pc virus?

Thread Tools

Search Thread

Display

pc virus?

Posting Rules

Dual-Boxing Community

Dual-Boxing.com Quick Links

About Us

Search

Connect With Us