Virus stopping dns from finding ip address

T

tshad

I am trying to get an Anti virus program (Vipre) loaded but the virus is
somehow forcing the company address to become 127.0.0.1.

I looked in the hosts file but it isn't there. I also tried to put the
actual address with the company name in the hosts file and it worked then
until I reinstalled the AV program. Then pinging the address came up with
127.0.0.1 again.

Where else would this be forced to 127.0.0.1?

Is there a way to find out where the IP address translation came from such
as hosts, lmhosts, dns etc?

Thanks,

Tom
 
D

David H. Lipman

From: "tshad" <[email protected]>

| I am trying to get an Anti virus program (Vipre) loaded but the virus is
| somehow forcing the company address to become 127.0.0.1.

| I looked in the hosts file but it isn't there. I also tried to put the
| actual address with the company name in the hosts file and it worked then
| until I reinstalled the AV program. Then pinging the address came up with
| 127.0.0.1 again.

| Where else would this be forced to 127.0.0.1?

| Is there a way to find out where the IP address translation came from such
| as hosts, lmhosts, dns etc?

| Thanks,

| Tom


The chances are you are infected. Possibly with a TDSserv RootKit.



Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

Then post the contents of the HJT log in your post with a full explanation of your problem
and what you have done to date in one of the below expert forums...

{ Please - Do NOT post the HJT Log here ! }

Forums where you can get expert advice for HiJack This! (HJT) Logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://www.malwarebytes.org/forums/index.php?showforum=7

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Probable virus redirecting DNS queries 9
hosts file to block or correct ip address 2
DNS or HOSTS file problem? 5
HOST FILE BYPASSED FOR SOME REASON 3
HOSTS FILE NOT WORKING 4
XP Network - No DNS? 7
Destination Host Unreachable 2
Runaway DNS in XP! 1

Top