Problems with DNS name resolving after Rootkit.Zero.Access!

Discussion in 'Malware Help (A Specialist Will Reply)' started by rabarbar, Jan 21, 2013.

  1. rabarbar

    rabarbar Private E-2

    Hi,

    I wonder if anyone could help me with this.
    I have had an infection with Rootkit.Zero.Access!, Google redirect and bunch of other rootkits and malware.
    My system is Windows 7 with SP1.
    I have run numerous antimalware, antirootkit, antispyware, antivirus programs and they all detected something and removed it.
    I have run:

    antizeroaccess
    adwcleaner
    aswMBR
    ComboFix
    FixTDSS
    FixZeroAccess
    GooredFix
    rootkitremover from Malwarebytes
    Sophos
    AVG
    Kaspersky tdsskiller
    Kaspersky online scanner
    ESET online scanner
    EmsisoftEmergencyKit
    Malwarebytes' Anti-Malware
    Malwarebytes Anti-Rootkit
    Spy Hunter
    Spybot

    I have actually taken the disk out and attached it to a different machine and scanned using all these programs.

    I have done the usual TCP/IP cleanups and TCP reset:

    ipconfig /release
    ipconfig /renew
    net stop dnscache
    net start dnscache
    ipconfig /flushdns
    netsh interface ip delete arpcache
    netsh int ipv6 reset reset1.log
    netsh int ipv4 reset reset2.log
    netsh int ip reset reset.log
    netsh winsock reset
    netsh winsock reset catalog

    Uninstalled couple of hidden drivers, refreshed my TCP settings from a different PC with Windows 7 (they are all installed using the same system image).

    done sfc /scannow

    I got to the point where I have internet connection but my DNS resolution does not work.
    I can do a nslookup to www.microsoft.com but I cannot do tracert www.microsoft.com:
    Unable to resolve target system name www.microsoft.com.

    I am able to use Cisco VPN, Microsoft OCS and Firefox.
    Firefox does not have any problems resolving host names to IP addresses.
    Internet Explorer however cannot reach any website.
    It looks as if it is not even trying to resolve the address and spits out the error message immediately.

    Any ideas?
    It is driving me crazy - have been trying to fix it for the last 4 days.
     

    Attached Files:

    rabarbar, Jan 21, 2013
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, Jan 21, 2013
    #2
  3. rabarbar

    rabarbar Private E-2

    Attached Files:

    rabarbar, Jan 21, 2013
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Are you using a proxy server?

    Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.
    • Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)
    • Now select the Start Repairs tab.
    • The click the Start button.
    • Create a System Restore point if prompted.
    • On the next screen, click the Unselect All button to first deselect all repairs.
    • Now select the following repair options:
      • Reset Registry Permissions
      • Reset File Permissions
      • Register System Files
      • Repair WMI
      • Repair Windows Firewall
      • Remove Policies Set By Infections
      • Repair Winsock & DNS Cache
      • Repair Proxy Settings
      • Repair Windows Updates
      • Set Windows Services To Default Startup
    • Now on the lower right side check the box to Restart/Shutdown System When Finished
    • Then make sure the Restart System radio button is enabled.
    • Shutdown any other programs that you are running now before continuing.
    • Now click the Start button.
    • Be patient while the tool repairs the selected items.
    • It should reboot automatically when finished.
     
    TimW, Jan 22, 2013
    #4
  5. rabarbar

    rabarbar Private E-2

    Hi,

    I am not using a proxy server.

    Unfortunately that did not solve my network problems.
    Still whenever I try to connect to a website or use Outlook it just immediately says no connection or page cannot be found and the trace route or pathping says: "Unable to resolve target system name...."

    It did solve however a problem with my DVD not being recognizable by Windows.
    Is there any other diagnostic tool I need to run and post the logs?
     
    rabarbar, Jan 22, 2013
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    This is not a malware problem. I suggest you post in the networking forum for additional assistance.

    Since you are not having any malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. You can uninstall RogueKiller and HitManPro.
    2. Go back to step 4 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    7. After doing the above, you should work thru the below link
    Malware removal from a National Chain = $149
    Malware removal from MajorGeeks = $0
     
    TimW, Jan 22, 2013
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds