DNS Problem

J

John F

My problem seems to be specifically for accessing www.google.com or sites
that use google such as yahoo (the Yahoo site loads, search will not work).
So far I have no problem accessing any other website.

When I try to access www.google.com from my browser (IE or Firebird) the
browser attempts to open a site with the IP address 207.44.194.56 . When I
try pinging Google, I get the same address. But when I use NSLOOKUP to find
www.google.com, it gives the me correct IP address, 216.239.41.99. Entering
this address in IE loads the Google webpage.

I've tried running ipconfig /flushdns and ipconfig /registerdns. This had
no affect. Neither did releasing and renewing my adapter. Running
"ipconfig /displaydns" produces the message "Could not display the DNS
Resolver Cache." EArlier when I ran this it gave a very long list, the last
10 or so entries being Google ones and a MSN one.

Running ipconfig /all, the only peculiarity is the DHCP Server address,
172.19.105.13, because all of the other addresses are 68.x.x.x

If anyone has any ideas on how I can go about fixing this I'd appreciate.
As I've said, everything else works fine, this is just really annoying.

Also of note, DNS problems on my machine originally began yesterday, i fixed
the problem when I noticed that the TCP/IP properties had changed to "Use
the following DNS server addresses". Changing it back to "obtain DNS server
address automatically" got things working right again.
 
S

Steve Duff [MVP]

Two things to check:

1) Check your "hosts" and "lmhosts" files
and make sure there are no entries in them.
These are in the system32\drivers\etc subfolder
of your Windows directory.

2) There is a spyware app that redirects DNS
requests. Sadly, I can't remember the name, but
do an ad-aware scan on the machine to see if
something is hijacking you.


Steve Duff, MCSE
Ergodic Systems, Inc.
 
C

clint

I'm having the same problem but a little different. Please
read my post which should be a few topics up from this one
called 'DNS hacked/hijacked'. I documented all the steps I
took and some strange info I found too. Take a look at my
post and see what you think.
 
J

Jonathan de Boyne Pollard

S

Steve Duff [MVP]

If you have an active hosts file in \Help I would
imagine you almost certainly have a virus and/or
spyware at work on your machine.

Delete that hosts file, get current signatures and
start a-scannin'.

Steve Duff, MCSE
Ergodic Systems, Inc.
 
J

Jonathan de Boyne Pollard

JF> the address that my DNS was changed to was 69.57.146.14, which
JF> is different from the 207.44.194.56 used in the Hosts file.

That should come as no surprise. The former was where the attacker intended
to provide his/her own proxy DNS service to you, publishing name->address
mappings of his/her choosing; and the latter was part of one of those very
mappings, directing you to where the attacker intended to provide his/her own
content HTTP service (amongst others), providing web pages of his/her choosing
and impersonating other entities.

This ploy has been well-known for years. The only novelty of this attack, if
there can be said to be any at all, is that someone found a means of having a
large number of people execute the trojan unwittingly.

And, of course, one question that affected people should be asking themselves
is why they were running Microsoft's Internet Explorer under the aegis of a
user account that is allowed to reconfigure their machine.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

strange DNS client problem 1
internal/external DNS resolution problem 9
Can't flush bad DNS entries from cache 3
GUID DNS name could not be resolved 3
DNS resolves wrong when vpn connects 5
dns client cache 5
DNS Problems 23
win client not attempting dns update 2

Top