dns cache problem. sasser virus may have caused this.

F

Fred

How can I clear the dns cache that is pointing everything
to the local host address 127.0.0.1? Is it a file? I
removed the sasser virus but, when I go to symantec.com
or run live update, or go to mcafee.com it resolves to my
pc. "ipconfig /flushdns" does not work. I added ttl
settings to disable caching and still no go. still comes
up with the same 20+ bogus entries in the dns cache
ipconfig /displaydns.

Help please...

Thanks...

:) Fred...
--

see bogus entries from ipconfig /displaydns below:

Windows IP Configuration

f-secure.com
----------------------------------------
Record Name . . . . . : f-secure.com
Record Type . . . . . : 1
Time To Live . . . . : 602189
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1


www.mcafee.com
----------------------------------------
Record Name . . . . . : www.mcafee.com
Record Type . . . . . : 1
Time To Live . . . . : 602189
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1


mast.mcafee.com
----------------------------------------
Record Name . . . . . : mast.mcafee.com
Record Type . . . . . : 1
Time To Live . . . . : 602189
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1


updates.symantec.com
----------------------------------------
Record Name . . . . . : updates.symantec.com
Record Type . . . . . : 1
Time To Live . . . . : 602189
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1


www.ca.com
----------------------------------------
Record Name . . . . . : www.ca.com
Record Type . . . . . : 1
Time To Live . . . . : 602189
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1


sophos.com
----------------------------------------
Record Name . . . . . : sophos.com
Record Type . . . . . : 1
Time To Live . . . . : 602189
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1


kaspersky-labs.com
----------------------------------------
Record Name . . . . . : kaspersky-labs.com
Record Type . . . . . : 1
Time To Live . . . . : 602189
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1


1.0.0.127.in-addr.arpa
----------------------------------------
Record Name . . . . . : 1.0.0.127.in-addr.arpa.
Record Type . . . . . : 12
Time To Live . . . . : 602189
Data Length . . . . . : 4
Section . . . . . . . : Answer
PTR Record . . . . . : localhost


Record Name . . . . . : 1.0.0.127.in-addr.arpa.
Record Type . . . . . : 12
Time To Live . . . . : 602189
Data Length . . . . . : 4
Section . . . . . . . : Answer
PTR Record . . . . . : www.symantec.com


Record Name . . . . . : 1.0.0.127.in-addr.arpa.
Record Type . . . . . : 12
Time To Live . . . . : 602189
Data Length . . . . . : 4
Section . . . . . . . : Answer
PTR Record . . . . . :
ecurityresponse.symantec.com


Record Name . . . . . : 1.0.0.127.in-addr.arpa.
Record Type . . . . . : 12
Time To Live . . . . : 602189
Data Length . . . . . : 4
Section . . . . . . . : Answer
PTR Record . . . . . : symantec.com


Record Name . . . . . : 1.0.0.127.in-addr.arpa.
Record Type . . . . . : 12
Time To Live . . . . : 602189
Data Length . . . . . : 4
Section . . . . . . . : Answer
PTR Record . . . . . : www.sophos.com


Record Name . . . . . : 1.0.0.127.in-addr.arpa.
Record Type . . . . . : 12
Time To Live . . . . : 602189
Data Length . . . . . : 4
Section . . . . . . . : Answer
PTR Record . . . . . : sophos.com


Record Name . . . . . : 1.0.0.127.in-addr.arpa.
Record Type . . . . . : 12

Time To Live . . . . : 602189

Data Length . . . . . : 4

Section . . . . . . . : Answer

PTR Record . . . . . : www.mcafee.com





Record Name . . . . . : 1.0.0.127.in-addr.arpa.

Record Type . . . . . : 12

Time To Live . . . . : 602189

Data Length . . . . . : 4

Section . . . . . . . : Answer

PTR Record . . . . . : mcafee.com





Record Name . . . . . : 1.0.0.127.in-addr.arpa.

Record Type . . . . . : 12

Time To Live . . . . : 602189

Data Length . . . . . : 4

Section . . . . . . . : Answer

PTR Record . . . . . :
liveupdate.symantecliveupdate.com





Record Name . . . . . : 1.0.0.127.in-addr.arpa.

Record Type . . . . . : 12

Time To Live . . . . : 602189

Data Length . . . . . : 4

Section . . . . . . . : Answer

PTR Record . . . . . : www.viruslist.com





Record Name . . . . . : 1.0.0.127.in-addr.arpa.

Record Type . . . . . : 12

Time To Live . . . . : 602189

Data Length . . . . . : 4

Section . . . . . . . : Answer

PTR Record . . . . . : viruslist.com





Record Name . . . . . : 1.0.0.127.in-addr.arpa.

Record Type . . . . . : 12

Time To Live . . . . : 602189

Data Length . . . . . : 4

Section . . . . . . . : Answer

PTR Record . . . . . : viruslist.com





Record Name . . . . . : 1.0.0.127.in-addr.arpa.

Record Type . . . . . : 12

Time To Live . . . . : 602189

Data Length . . . . . : 4

Section . . . . . . . : Answer

PTR Record . . . . . : f-secure.com





Record Name . . . . . : 1.0.0.127.in-addr.arpa.

Record Type . . . . . : 12

Time To Live . . . . : 602189

Data Length . . . . . : 4

Section . . . . . . . : Answer

PTR Record . . . . . : www.f-secure.com





Record Name . . . . . : 1.0.0.127.in-addr.arpa.

Record Type . . . . . : 12

Time To Live . . . . : 602189

Data Length . . . . . : 4

Section . . . . . . . : Answer

PTR Record . . . . . : kaspersky.com





Record Name . . . . . : 1.0.0.127.in-addr.arpa.

Record Type . . . . . : 12

Time To Live . . . . : 602189

Data Length . . . . . : 4

Section . . . . . . . : Answer

PTR Record . . . . . : kaspersky-labs.com





Record Name . . . . . : 1.0.0.127.in-addr.arpa.

Record Type . . . . . : 12

Time To Live . . . . : 602189

Data Length . . . . . : 4

Section . . . . . . . : Answer

PTR Record . . . . . : www.avp.com





Record Name . . . . . : 1.0.0.127.in-addr.arpa.

Record Type . . . . . : 12

Time To Live . . . . : 602189

Data Length . . . . . : 4

Section . . . . . . . : Answer

PTR Record . . . . . : www.kaspersky.com





Record Name . . . . . : 1.0.0.127.in-addr.arpa.

Record Type . . . . . : 12

Time To Live . . . . : 602189

Data Length . . . . . : 4

Section . . . . . . . : Answer

PTR Record . . . . . : avp.com





Record Name . . . . . : 1.0.0.127.in-addr.arpa.

Record Type . . . . . : 12

Time To Live . . . . : 602189

Data Length . . . . . : 4

Section . . . . . . . : Answer

PTR Record . . . . . : www.networkassociates.com





Record Name . . . . . : 1.0.0.127.in-addr.arpa.

Record Type . . . . . : 12

Time To Live . . . . : 602189

Data Length . . . . . : 4

Section . . . . . . . : Answer

PTR Record . . . . . : networkassociates.com





Section . . . . . . . : Answer

PTR Record . . . . . : www.ca.com





Section . . . . . . . : Answer
 
R

Richard G. Harper

Did you check for a rogue HOSTS file? Check C:\Windows\System32\Drivers\etc
and see if there are bogus entries in there.
 
F

Fred

Did you check for a rogue HOSTS file? Check
C:\Windows\System32\Drivers\etc
Click to expand...

Yes, I did. Checked teh lmhosts and hosts files. No
bogus entries.

Thanks for the try...

:) Fred....
 
D

Dan

Try again.
This is what usually proves to be my problem as well.

Check Folder Options, and uncheck "Hide extensions for
known file types." Make sure that you can see hidden files
and protected operating system files.

Make certain that you're not looking at the HOSTS.SAM file
first. Sometimes the rogue HOSTS file is hidden.

And when you're sure you're looking at the "HOSTS." file
(no extension), scroll down. Some machines I've seen have
a bunch of blank lines so it LOOKS empty if you check too
quickly.

Also check something other than antivirus sites; the dummy
lines block AVG, Norton, McAfee, and (I believe) even
trendmicro. Try google, msn, slashdot, abcnews -- if these
work, the hosts file is the likely cause.

Now, if you're using norton antivirus, they have a
fabulous "Automated Support Assistant" on their site
(under support and home/small business) and it's wonderful
for troubleshooting. If only we had something like this
for Windows XP!!! :)
 
L

Luke

I have exactly the same problem, I have checked all hosts files and
even done a text search for files containing "127.0.0.1" and
"symantec.com". I cant find files containing either. I have flushed
the DNS cache and still when I try to visit an antivirus website or
ping the site or traceroute it, I am being directed to 127.0.0.1

If anyone can offer any advice I would be gratefull.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Unable to resolve names 3
IE can't pull up several web sites; FQDN is pointed to localhost I 1
Vista name resolution issues (nslookup OK, ping/ie bad) 4
cannot ping XP from W98 in home network 2
ipconfig /displaydns interpretation 1
DNS poison on XP . 1
Why these DNS entries please? 3
Slow DNS response to Ping 1

Top