Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
 
 
 

Affiliate link: Looking at switching to a new broadband provider?
tigercorp
643 posts

Ultimate Geek


  #533153 13-Oct-2011 23:23
Send private message

Lets use nslookup to see if your current dns server is giving you this dodgy ip address for google, and then we'll see what the telecom dns server returns.
 
In the command prompt type the following and press enter after each word:

nslookup 
google.com
server 202.27.158.40
google.com


Then copy and paste (or type) all the results back here.

As an example my output when I do this is:

C:\>nslookup
Default Server: DIR-825
Address: 192.168.1.253

> google.com
Server: DIR-825
Address: 192.168.1.253

Non-authoritative answer:
Name: google.com
Addresses: 74.125.237.82
74.125.237.81
74.125.237.80
74.125.237.84
74.125.237.83

> server 202.27.158.40
Default Server: dnsc1.xtra.co.nz
Address: 202.27.158.40

> google.com
Server: dnsc1.xtra.co.nz
Address: 202.27.158.40

Non-authoritative answer:
Name: google.com
Addresses: 74.125.237.81
74.125.237.83
74.125.237.84
74.125.237.80
74.125.237.82

> exit
 

Straycat

16 posts

Geek


  #533196 14-Oct-2011 08:29
Send private message

Hi there,

Copy / paste doesnt work, so hopefully I've typed everything as it says....

------------------------------------------------------
Default Server: dsldevice.lan
Address: 192.168.1.254

Non-authoritative answer:
Name: google.com
Address: 64.125.87.101

server 202.27.158.40
Default Server: dnsc1.xtra.co.nz
Address: 202.27.158.40

google.com
Server: dnsc1.xtra.co.nz
Address: 202.27.158.40

DNS request timed out.
     timeout was 2 seconds.
*** Request to dnsc1.xtra.co.nz timed-out
--------------------------------------------------------------


There you go...




 
 
 
 


jonb
1570 posts

Uber Geek

Trusted

  #533217 14-Oct-2011 09:08
Send private message

As another potential solution, try using malwarebytes

http://www.malwarebytes.org/products/malwarebytes_free


Straycat

16 posts

Geek


  #533233 14-Oct-2011 09:59
Send private message

I've ran Malwarebytes about 4 times, and it keeps coming up with no errors found (apart from the first time when it found 3 errors)

tigercorp
643 posts

Ultimate Geek


  #533277 14-Oct-2011 11:21
Send private message

Straycat: Hi there,

------------------------------------------------------
Default Server: dsldevice.lan
Address: 192.168.1.254

Non-authoritative answer:
Name: google.com
Address: 64.125.87.101


So it looks like your router is giving you the dodgy IP for google.  Can you log onto the router and check that what the DNS servers are set to?   


server 202.27.158.40
Default Server: dnsc1.xtra.co.nz
Address: 202.27.158.40

google.com
Server: dnsc1.xtra.co.nz
Address: 202.27.158.40

DNS request timed out.
     timeout was 2 seconds.
*** Request to dnsc1.xtra.co.nz timed-out



This is weird how it times out against the Telecom server.  Could be an be a number of things.

Between that nslookup and hosts file missing, you've had some major weirdness going on at your place.

The easiest path to a solution here  is to reset the router and start again.
Use this page to help configure - http://telecom.custhelp.com/app/answers/detail/a_id/1180 

Straycat

16 posts

Geek


  #533346 14-Oct-2011 13:32
Send private message

Before I do that, I must point out that this is on my DESKTOP computer, to which the wireless router is plugged into. I also run 3 laptops off the same router wirelessly, and they are all fine.

Shall I still do the reset with the router?

tigercorp
643 posts

Ultimate Geek


  #533470 14-Oct-2011 18:58
Send private message

Straycat: Before I do that, I must point out that this is on my DESKTOP computer, to which the wireless router is plugged into. I also run 3 laptops off the same router wirelessly, and they are all fine.

Shall I still do the reset with the router?


In that case, hold off with the reset.

In the command prompt do an ipconfig /all on your desktop and one of the laptops.  Compare the 2 and note the discrepancies (its likely only the IP address should be different) and report back your  desktop's dns servers.

 
 
 
 


Straycat

16 posts

Geek


  #533478 14-Oct-2011 19:28
Send private message

OK, so i did that, and these are the results:-

My desktop PC (which is plugged into a wireless router):-

Windows IP Configuration
      
             Host Name.............................: owner-bc2576970
             Primary Dns Suffix...................:
             Mode Type.............................: Unknown
             IP Routing Enabled..................: No
             WINS Proxy Enabled................: No
             DNS Suffix Search List..............: lan

Ethernet adapter Local Area Connection:

            Connection-specific DNS Suffix....: lan
            Description...............................: Intel(R) 82566DC-2 Gigabit Network
Connection
            Physical Address.......................: 00-19-D1-8B-22-43
            Dhcp Enabled...........................: Yes
            Autoconfiguration Enabled..........: Yes
            IP Address...............................: 192.160.1.65
            Subnet Mask............................: 255.255.255.0
            Default Gateway........................: 192.168.1.254
            DHCP Server.............................: 192.168.1.254
            DNS Servers.............................: 192.168.1.254
            Lease Obtained........................: Friday 14 October 2011 10:16:10 a.m


Now, the laptop says this:-

Windows IP Configuration

            Host Name..............................: Flint
            Primary Dns Suffix....................:
            Node Type...............................: Hybrid
            IP Routing Enabled...................: No
            WINS Proxy Enabled..................: No
            DNS Suffix Search List................: lan

Wireless LAN adapter Wireless Network Connection 2:

            Media State..............................: Media disconnected
            Connection-specific DNS Suffix....:
            Description...............................: Microsoft Virtual WiFi Miniport Adapter
            Physical Address.......................: E0-2A-82-16-E9-3A
            DHCP Enabled..........................: Yes
            Autocinfiguration Enabled...........: Yes

Wireless LAN adapter Wireless Network Connection:

           Connection-specific DNS Suffix......: lan
           Description.................................: Ralink RT3090 802.11b/g/n WiFi adapter
           Physical Address.........................: E0-2A-82-16-E9-3B
           DHCP Enabled............................: Yes
           Autoconfiguration Enabled............: Yes
           Link-Local IPv6 Address...............: fe80::8c1a:4111:7b2e:e8dbx12<pre
           IPv4 Address..............................: 192.168.1.67<preferred>
           Subnet Mask..............................: 255.255.255.0
           Lease Obtained..........................: Friday, 14 October 2011 6:24:50 p.m
           Lease Expires.............................: Saturday, 15 October 2011 7:05:40 p
           Default Gateway..........................: 192.168.1.254
           DHCP Server...............................: 192.168.1.254
           DHCPv6 IAID..............................: 333458050
           DHCPv6 Client DUID....................: 00-01-00-01-14-23-90-49-64-31-
50-5A-DA-7E
           DNS Servers................................: 192.168.1.254
           NetBIOS over Tcpip......................: Enabled

Then it goes on with "Tunnel adapter etc:"

tigercorp
643 posts

Ultimate Geek


  #533513 14-Oct-2011 21:36
Send private message

The IP settings were all normal and nothing else made much sense, so I googled :)

A couple of very relevant threads:
http://www.experts-exchange.com/Software/Internet_Email/Anti_Spyware/Q_27240605.html
http://www.experts-exchange.com/Software/Internet_Email/Anti_Spyware/Q_27384237.html

These cases point to rootkit running rogue processes that are responsible for the redirects.

From the threads you can see (scroll down to the very bottom of the pages) several options for the solution which is to stop the process then remove it with an anti-malware like Malwarebytes.

IMO the one to try is:
RogueKiller - http://www.geekstogo.com/forum/files/file/413-roguekiller/
followed by Malwarebytes.

Other rootkit process checkers suggested are:
http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixTDSS.exe
http://support.kaspersky.com/downloads/utils/tdsskiller.zip 

Or maybe Microsoft System Sweeper (beta)
http://connect.microsoft.com/systemsweeper 

Straycat

16 posts

Geek


  #533737 15-Oct-2011 16:10
Send private message

Ok, so I tried all the above, and the Kapersky rootkiller detected two problems.

Virus.Win32.Rloader.a
Service: ACPI
Malware object, high risk
        Service type:    Kernel driver (ox1)
        Service Start:   Boot (0x0)
        File:                C:\WINDOWS\system32\DRIVERS\ACPI.sys
        MD5:               d8fb7d1c3f5bfaf53fe9cc6367e9e99
        MD5 (forged):  8fd99680a539792a30e97944fdaecf17




Locked File
Service:sptd
Suspicious object, medium risk
        Service type:    Kernel Driver (ox1)
        Service start:    Boot (0x0)
        File:                C:\WINDOWS\system32\Drivers\sptd.sys
        MD5:               7f1b7c446cd3f926af45b8c48bd593



When I click "Copy all to quarantine", and then "continue", it says it will be complete after reboot, which I am about to do...

I'll let you know what happens in the next post.

Straycat

16 posts

Geek


  #533745 15-Oct-2011 16:21
Send private message

Righth, hopefully, this is the final post.

I ran the Kapersky one, did the reboot on my PC, and lo and behold, GOOGLE WORKS!!!

Can I just say a big THANK YOU to all of you guys who tried to help, and especially to TIGERCORP.

Many many thanks!!!

Derek.(Straycat)

l43a2
1607 posts

Uber Geek

Trusted

  #533767 15-Oct-2011 17:26
Send private message

yay :)





tigercorp
643 posts

Ultimate Geek


  #533790 15-Oct-2011 18:29
Send private message

Straycat: Righth, hopefully, this is the final post.

I ran the Kapersky one, did the reboot on my PC, and lo and behold, GOOGLE WORKS!!!

Can I just say a big THANK YOU to all of you guys who tried to help, and especially to TIGERCORP.

Many many thanks!!!

Derek.(Straycat)


Thanks for reporting back.  
Its worthwhile knowing someone may have to run all 3 rootkit killers to find the problem.

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic




News »

Slingshot offering ugly-modem to help reduce e-waste in New Zealand
Posted 30-Sep-2020 16:01


AWS launches new edge location in New Zealand
Posted 30-Sep-2020 15:35


Amazon introduces new Echo devices
Posted 25-Sep-2020 11:56


Mad Catz introduces new S.T.R.I.K.E. 13 Mechanical Gaming Keyboard
Posted 25-Sep-2020 11:34


Vodafone NZ upgrades international submarine network
Posted 25-Sep-2020 09:09


Jabra announces wireless noise-cancelling airbuds, upgrade existing model
Posted 24-Sep-2020 14:43


Nokia 3.4 to be available in New Zealand
Posted 24-Sep-2020 14:34


HP announces new HP ENVY laptops aimed at content creators
Posted 24-Sep-2020 14:02


Logitech introduce MX Anywhere 3
Posted 21-Sep-2020 21:17


Countdown unveils contactless shopping with new Scan&Go tech
Posted 21-Sep-2020 09:48


HP unveils new innovations for businesses adapting to rapidly evolving workstyles and workforces
Posted 17-Sep-2020 15:36


GoPro launches new HERO9 Black camera
Posted 17-Sep-2020 09:45


Telecommunications industry launches new 5G Facts website
Posted 17-Sep-2020 07:56


New Zealand ranks 3rd in world in GSMA index
Posted 15-Sep-2020 10:13


Trend Micro Security Suite adds web monitoring to prevent identity theft
Posted 14-Sep-2020 15:37



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.