IE (DNS error?) and ns14.attbi.com ?? HELP!

I'm a Firefox user but keep IE on my machine for use when needed. IE won't open (Page cannot be displayed) and Zone Alarm Professional version 6.0.667 detects that Windows Explorer is attempting to connect to ns11.attbi.com or ns14.attbi.com (63.240.76.193:53 or 204.27.199.8:53) Research turns up nothing I can figure out. (I'm running Win98)

I ran the cleaning/scans you recommended in the "READ AND RUN ME FIRST" Post. Made somewhat of difference but still didn't resolve the IE/Explorer issues. I downloaded HijackThis and saved the log (see attached).

Please go easy on me fellas, I'm totally new at this and hope I've done everything I needed to up to this point. My firerwall was active when I created the log. Please let me know if I need to re-scan minus the firewall. Thanks in advance.

The Wench

 

Thanks for the reply....

Because IE won't open, only Firefox is accesible so I used the alternative scan in Step #5 for Firefox users: Trend Micro. I then followed the directions in Step #6 while booted in safe mode with the internet cable unplugged. I ran Ccleaner, Ad-Aware SE and Spybot. It did remove several spyware programs and two trojans.

The ISP for comcast is mine. I do not use AT&T for an ISP and have no idea why or how it is acessing my machine. In the research I've done I find information that says AT&T is merging with Comcast so I called Comcast. They knew nowthing about it. I'm concerned about giving the attbi.com address access to my machine until I know what it is.

Any suggestions as to what I should try next?

 

I was able to get IE working, somehow. Previously it would not connect to anything however I was not typing in the IP. Seems to be working fine now after I did some more scanning.

I ran Bit Defender which was terminated early and I received this message: Microsoft Visual C++ Runtime Library: Run Time Error C:\WINDOWS\EXPLORER.EXE terminated in an unusual way.

I ran Trojan Scan which found: Program Files\DesktopManager\8876480\6.1.0.155-8876480L\PAROGRAM\runner.exe but did not remove it. I'd like to remove it but using the add/remove program tool it does not appear on the list.

Active scan found nothing so there was no log to save.

I reran HJT with the firewall (Zone Alarm) OFF and attached the log file here. I'm still having trouble with Explorer.exe wanting to connect to ns14.attbit.com or ns11.attbi.com. When I have the firewall on, the connection is blocked however, I receive many pop-ups from Zone Alarm requesting access. When I deny access, sometimes my connection will work, sometimes it won't. I don't know how the attbi addresses are connected to my machine (or WHY they got connected since I didn't allow it) and I want to remove it but don't know how. Zone alarm is telling me I can't delete an active network. The machine is running pretty slow and keeps trying to load explorer.

Is there a reason explorer.exe would be trying to connect to the internet? I thought this was windows explorer but perhaps I'm wrong?

Thanks so much for your help...I rally appreciate it. I'm in unknown territory here!

 

Yep, Zone Alarm is telling me that EXPLORER.EXE is trying to connect, not Iexplorer. I thought it was odd too Any suggestions?

I'll print out your instruction from my office and make the fixes when I get home. I'll re-post with my results after the fixes.

Thanks again for your assitance!

 

I've attached a screen capture of ZA and the message info I get when explorer.exe tries to connect. PTSnoop has been a prblem to keep from starting even though I thought I deleted it, but the explorer issue began about a month ago when this mysterious network connection to attbi showed up.

 

OKay, ran SpySweeper. Attached is the log. Removed a few nasties but have still not resolved the Explorer.exe problem. Even though I am already connected to the internet, ZA keeps sending pop ups requesting permission to connect. I attached a screen shot of ZA in an earlier post. Hopefully this will help?

 

Okay, I thought I would clarify what my IP address actually is with Comcast and did the following:

I went to the start menu, clicked "run" typed in "winipcfg", selected my network card (SiS NIC SISNIC) from the drop down window and there was my comacst IP in the "Ethernet Adapter" window. However, when I click on "more info" in the top window under "Host Information" and in the box "DNS Servers" are two IP's belonging to attbi.com which are not associated with comcast. The DNS Server IP's are 204.127.199.8 and 63.240.76.198 both acessing through port 53. These are the two addresses I have blocked with ZA but are causing severe slow down and are the adresses that explorer.exe is trying to connect to. In the Box "Node Type" it says "Broadcast". I connect to the internet using a broadband connection through a modem. (If you'd like a screen shot of that let me know. Just not sure how wise it is to post my real IP here?)

I did not knowingly download anything from attbi.com and am completly flummoxed as to how they ended up as a DNS. At one time I did download a program from COmcast, videomail, but that was ages ago and it never worked properly do I deleted it.

Because this is all so foreign to me, a friend who is much more savvy about this sort of thing is coming over tomorrow to have a look. I'll show him our discussion and all the notes I've printed from the forums that have been VERY helpful. We'll try removing the unkown server in safe mode. Don't need PTSnoop and will try again to blast it off the drive.

Thanks, again, for all your help! I'll owe you something for this...hmmmmm... maybe I'll send you a pizza from Dominic's in Haworth? Sicilian of course....