Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Name: Analyst
Have run into an odd situation. Have a computer that I cleaned off some viruses already. But now, when I try to go to some websites, like Microsoft update or antivirus, I still can't bring up the pages. If I ping update.microsoft.com, I get a return of 127.0.0.1. I checked NSLookup and the PC seems to be using the DNS settings from the DHCP server (192.168.0.1). I checked the HOSTS file and it's empty. (Also checked the LMHOSTS file, just for giggles.) I tried reinstalling Service Pack 3, but still same problem.
Anyone know where else the problem may lie or what the solution may be? Thanks.
Assume that I already did an Internet search.
Have you also checked the Internet Explorer add-ons.
Some viruses will install as an add-on for Internet Explorer.
0 
post the results of a route print
review all settings in network properties especially dns listings
Guantanamo bay is a National Disgrace! End it NOW!
0
I looked for Internet Explorer Add-Ons and deleted or disabled any suspicious looking ones (a couple game looking ones), so only verified ones from Microsoft, Sun, or Adobe should be loaded.
But, the problem is not just in Internet Explorer. In the command prompt window itself without IE open, pinging update.microsoft.com returns 127.0.0.1.I did a tracert to update.microsoft.com and it just returns 1 hop coming back to the host name itself at 127.0.0.1- doesn't even try to go out the gateway.
Assume that I already did an Internet search.
0
Forgot to mention, already tried "netsh winsock reset all" a couple times.
Assume that I already did an Internet search.
0
Internet Explorer is one of the mail parts of Windows. It's not only the Browser as you can think.
Anyway, have you also tried the following in a dos box?
ipconfig /flushdns
arp -dAlso what's about the
route print
in a dos box, as WANDERER mentioned?
0
I tried ipconfig /flushdns and arp -d. Didn't work, but thanks.
Sorry, I thought Wanderer was talking about a tracert, never used the route print before.
The router print is as follows,
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 07 e9 cf 08 77 ...... Intel(R) PRO/100 M Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.15 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.15 192.168.0.15 20
192.168.0.15 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.15 192.168.0.15 20
224.0.0.0 240.0.0.0 192.168.0.15 192.168.0.15 20
255.255.255.255 255.255.255.255 192.168.0.15 192.168.0.15 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
NoneWhat I'm also trying to do in the meantime is slipstream XP service pack 3 into the CD files so I can try doing a sfc /scannow to see if it can maybe restore any replaced system files.
Assume that I already did an Internet search.
0
Your routing table is ok.
Another question.
Is there a number in brackets in the name of your LAN network connection?
Someting like:
LAN-Connection(2)
0
Nope, no brackets, just "Local Area Connection 2". Probably says 2 because I tried uninstalling the NIC and reinstalling it. No other adapters are present.
Also looked in Adapters and Bindings and Provider Order and don't see anything odd in them.
I have SFC /SCANNOW running and it's about halfway done, but open to any other ideas in the meantime.
Assume that I already did an Internet search.
0
sfc /scannow did not fix it. Unless other ideas, last effort is to run setup in repair mode.
Assume that I already did an Internet search.
0
do a system state restore to a period before the virus.
Otherwise do a repair install. Seems to me your registry is corrupted from the virus removal.
This is assuming you aren't running a 3rd party firewall.
Guantanamo bay is a National Disgrace! End it NOW!
0
Back to "Local Area Connection 2".
Are there 2 network cards installed?Normally the connection is named "Local Area Connetion".
So maybe it's an registy issue.
0
Paulsep you will find if you delete a network interface, reboot and let windows rebuild it you end up with "Local Area Connection X" x being any number past 1.
My wireless connection is 4 since I have gone thru 3 different wireless cards.Never has been a problem...until you try to reuse a static ip assignment. Windows tracks that also :-)
Guantanamo bay is a National Disgrace! End it NOW!
0
Wanderer:
You sometimes get in trouble, when using a PCMCIA network card in different slots.
So Windows stores this information in the registry.
So now there are 2 entries for the same hardware with the same MAC-Address and Windows sometimes gets confused.
I have had this problem several times.
I deleted the whole configuration information for the "Local Area Connection X" entries manually from the registry, get back to the Networkplaces, pressing the F5 and got back "Local Area Connection" and it worked.
0
Thanks for your help, guys. System Restore wasn't an option as I normally turn that off and delete all previous restore points with a virus infection. In my experiance viruses have become smart enough to infect previous restore points. You can try and restore before the virus, but it'll just reinfect the system.
Running Windows setup in repair mode did not work either, so I ended up just reinstalling Windows from scratch and am almost finished reinstalling apps and restoring data. I was under a time crunch so couldn't spend too much more time on it. Normally I would have done it sooner, but that was a really odd sympton I never encountered before and I really wanted to know what was causing it. (Maybe a counterfeit winsock dll.. I don't know).
Thanks again for trying.
Assume that I already did an Internet search.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
