the difference between nslookup and ping?
Deadgame
www.sysinternals.com. I have localized it to a single computer having a
name resolution issue with just these two domain names. I can get the
address using nslookup but when I ping, I get a loopback response. I have
two computers behind a BEFSR41. One machine is Windows 2000 Pro, the other
is Windows .Net Server 2003 running DNS. I have my DNS setup with
forwarders to my ISP's DNS server. here are the results of my queries. You
may find this interesting that I am not experiencing this problem on the
.Net server it'self. I have also attempted to change the DNS addresses on
my 2k pro box to my ISP's DNS and this did not produce the desired result.
Funny thing is, AFAIK, I pretty much get around fine everywhere else. At
this moment I am not sure what makes the winternals site so special. My
Hosts file is clean, my lmhosts file is clean. I have no WINS. Any ideas
as to what I could try to troubleshoot my name resolution problem?
C:\>nslookup
Default Server: w2ksrv1.net-domain1.com
Address: 192.168.1.101
> www.winternals.com
Server: w2ksrv1.net-domain1.com
Address: 192.168.1.101
Name: winternals.com
Address: 216.142.16.240
Aliases: www.winternals.com
>
C:\>ping www.winternals.com
Pinging www.winternals.com [127.0.0.1] with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<10ms TTL=128
Reply from 127.0.0.1: bytes=32 time<10ms TTL=128
Reply from 127.0.0.1: bytes=32 time<10ms TTL=128
Reply from 127.0.0.1: bytes=32 time<10ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
x y
AFAIK, NSLOOKUP doesn't bother to look at the cached information, whereas
ping does. With Windows 2000, that would be IPCONFIG /FLUSHDNS and
NBTSTAT -R Looking at the cache using IPCONFIG /DISPLAYDNS and
NBTSTAT -c might also be interesting.
If that doesn't work, you could try using a sniffer to see what is going on:
http://securityadmin.info/faq.htm#sniffer
"Deadgame" <el...@mindless.com> wrote in message
news:3b43835b.03020...@posting.google.com...
bob bobbson
Nslookup would send the request to the DNS server but ping would
follow the normal path for name resolution and could use a hosts file
if it were on the machine.
=)
bob bobbson
file. =)
Daniel Tan
having nslookup instead of using ping ? Thanks.
Regards,
Daniel
"x y" <levin...@despammed.com> wrote in message news:<uwDq4KiyCHA.2288@TK2MSFTNGP09>...
Deadgame
/displaydns was quite surprising. it appears that many domain names
have this 127.0.0.1. /Flushdns does not appear to be able to clear
these listings out though. Any clues as to how I can accomplish this?
Thanks again to both of you.
bob bobbson <b...@bob.com> wrote in message news:<iscp3vsk55n6v30ik...@4ax.com>...
Deadgame
with entries I can only assume was caused by a trojan or virus or some
other mechanism I would not have any idea how this happened. the
entries are added just below where you would have to scroll down a bit
to get to them.
Thanks for the help!
example below:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host
name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
127.0.0.1 download.mcafee.com www.download.mcafee.com
ftp.download.mcafee.com update.download.mcafee.com
support.download.mcafee.com centralcommand.com www.centralcommand.com
#fwav
127.0.0.1 www.centralcommand.com ftp.centralcommand.com
update.centralcommand.com support.centralcommand.com popup.msn.com
www.popup.msn.com ftp.popup.msn.com #fwav
127.0.0.1 ftp.popup.msn.com update.popup.msn.com support.popup.msn.com
ads.msn.com www.ads.msn.com ftp.ads.msn.com update.ads.msn.com #fwav
127.0.0.1 update.ads.msn.com support.ads.msn.com sygate.com
www.sygate.com ftp.sygate.com update.sygate.com support.sygate.com
#fwav
127.0.0.1 support.sygate.com wingate.deerfield.com
www.wingate.deerfield.com ftp.wingate.deerfield.com
update.wingate.deerfield.com support.wingate.deerfield.com moosoft.com
#fwav
127.0.0.1 moosoft.com www.moosoft.com ftp.moosoft.com
update.moosoft.com support.moosoft.com kryptocrew.de www.kryptocrew.de
#fwav
127.0.0.1 www.kryptocrew.de ftp.kryptocrew.de update.kryptocrew.de
support.kryptocrew.de kaspersky.com www.kaspersky.com
ftp.kaspersky.com #fwav
127.0.0.1 ftp.kaspersky.com update.kaspersky.com support.kaspersky.com
internais.com www.internais.com ftp.internais.com update.internais.com
#fwav
127.0.0.1 update.internais.com support.internais.com tinysoftware.com
www.tinysoftware.com ftp.tinysoftware.com update.tinysoftware.com
support.tinysoftware.com #fwav
127.0.0.1 support.tinysoftware.com danu.ie www.danu.ie ftp.danu.ie
update.danu.ie support.danu.ie zonelabs.com #fwav
127.0.0.1 zonelabs.com www.zonelabs.com ftp.zonelabs.com
update.zonelabs.com support.zonelabs.com update.zonelabs.com
www.update.zonelabs.com #fwav
127.0.0.1 www.update.zonelabs.com ftp.update.zonelabs.com
support.update.zonelabs.com zonealarm.com www.zonealarm.com
ftp.zonealarm.com update.zonealarm.com #fwav
127.0.0.1 update.zonealarm.com support.zonealarm.com networkice.com
www.networkice.com ftp.networkice.com update.networkice.com
support.networkice.com #fwav
127.0.0.1 support.networkice.com winproxy.com www.winproxy.com
ftp.winproxy.com update.winproxy.com support.winproxy.com
www3.winproxy.com #fwav
127.0.0.1 www3.winproxy.com www.www3.winproxy.com
ftp.www3.winproxy.com update.www3.winproxy.com
support.www3.winproxy.com ositis.com www.ositis.com #fwav
127.0.0.1 www.ositis.com ftp.ositis.com update.ositis.com
support.ositis.com proxyplus.cz www.proxyplus.cz ftp.proxyplus.cz
#fwav
127.0.0.1 ftp.proxyplus.cz update.proxyplus.cz support.proxyplus.cz
signal9.com www.signal9.com ftp.signal9.com update.signal9.com #fwav
127.0.0.1 update.signal9.com support.signal9.com consealfirewall.com
www.consealfirewall.com ftp.consealfirewall.com
update.consealfirewall.com support.consealfirewall.com #fwav
127.0.0.1 support.consealfirewall.com cc-software.com
www.cc-software.com ftp.cc-software.com update.cc-software.com
support.cc-software.com candc1.golden.net #fwav
127.0.0.1 candc1.golden.net www.candc1.golden.net
ftp.candc1.golden.net update.candc1.golden.net
support.candc1.golden.net linkbyte.com www.linkbyte.com #fwav
127.0.0.1 www.linkbyte.com ftp.linkbyte.com update.linkbyte.com
support.linkbyte.com networkproxy.com www.networkproxy.com
ftp.networkproxy.com #fwav
127.0.0.1 ftp.networkproxy.com update.networkproxy.com
support.networkproxy.com infopulse.net www.infopulse.net
ftp.infopulse.net update.infopulse.net #fwav
127.0.0.1 update.infopulse.net support.infopulse.net proxy-pro.com
www.proxy-pro.com ftp.proxy-pro.com update.proxy-pro.com
support.proxy-pro.com #fwav
127.0.0.1 support.proxy-pro.com sharptechnology.com
www.sharptechnology.com ftp.sharptechnology.com
update.sharptechnology.com support.sharptechnology.com csm-usa.com
#fwav
127.0.0.1 csm-usa.com www.csm-usa.com ftp.csm-usa.com
update.csm-usa.com support.csm-usa.com exectech-va.com
www.exectech-va.com #fwav
127.0.0.1 www.exectech-va.com ftp.exectech-va.com
update.exectech-va.com support.exectech-va.com virusmd.com
www.virusmd.com ftp.virusmd.com #fwav
127.0.0.1 ftp.virusmd.com update.virusmd.com support.virusmd.com
avirt.com www.avirt.com ftp.avirt.com update.avirt.com #fwav
127.0.0.1 update.avirt.com support.avirt.com plasmateksoftware.com
www.plasmateksoftware.com ftp.plasmateksoftware.com
update.plasmateksoftware.com support.plasmateksoftware.com #fwav
127.0.0.1 support.plasmateksoftware.com clearice.hypermart.net
www.clearice.hypermart.net ftp.clearice.hypermart.net
update.clearice.hypermart.net support.clearice.hypermart.net
wyvernworks.homepage.com #fwav
127.0.0.1 wyvernworks.homepage.com www.wyvernworks.homepage.com
ftp.wyvernworks.homepage.com update.wyvernworks.homepage.com
support.wyvernworks.homepage.com support.wyvernworks.homepage.com
www.support.wyvernworks.homepage.com #fwav
127.0.0.1 www.support.wyvernworks.homepage.com
ftp.support.wyvernworks.homepage.com
update.support.wyvernworks.homepage.com carbosoft.com
www.carbosoft.com ftp.carbosoft.com update.carbosoft.com #fwav
127.0.0.1 update.carbosoft.com support.carbosoft.com flowprotector.com
www.flowprotector.com ftp.flowprotector.com update.flowprotector.com
support.flowprotector.com #fwav
127.0.0.1 support.flowprotector.com checkflow.net www.checkflow.net
ftp.checkflow.net update.checkflow.net support.checkflow.net
agnitum.com #fwav
127.0.0.1 agnitum.com www.agnitum.com ftp.agnitum.com
update.agnitum.com support.agnitum.com jammer.comset.net
www.jammer.comset.net #fwav
127.0.0.1 www.jammer.comset.net ftp.jammer.comset.net
update.jammer.comset.net support.jammer.comset.net hackerwacker.com
www.hackerwacker.com ftp.hackerwacker.com #fwav
127.0.0.1 ftp.hackerwacker.com update.hackerwacker.com
support.hackerwacker.com y2kbrady.com www.y2kbrady.com
ftp.y2kbrady.com update.y2kbrady.com #fwav
127.0.0.1 update.y2kbrady.com support.y2kbrady.com sybergen.com
www.sybergen.com ftp.sybergen.com update.sybergen.com
support.sybergen.com #fwav
127.0.0.1 support.sybergen.com download1.sybergen.com
www.download1.sybergen.com ftp.download1.sybergen.com
update.download1.sybergen.com support.download1.sybergen.com
download2.sybergen.com #fwav
127.0.0.1 download2.sybergen.com www.download2.sybergen.com
ftp.download2.sybergen.com update.download2.sybergen.com
support.download2.sybergen.com download3.sybergen.com
www.download3.sybergen.com #fwav
127.0.0.1 www.download3.sybergen.com ftp.download3.sybergen.com
update.download3.sybergen.com support.download3.sybergen.com
spytech-web.com www.spytech-web.com ftp.spytech-web.com #fwav
127.0.0.1 ftp.spytech-web.com update.spytech-web.com
support.spytech-web.com netcplus.com www.netcplus.com ftp.netcplus.com
update.netcplus.com #fwav
127.0.0.1 update.netcplus.com support.netcplus.com yamasoft.com
www.yamasoft.com ftp.yamasoft.com update.yamasoft.com
support.yamasoft.com #fwav
127.0.0.1 support.yamasoft.com midpoint.com www.midpoint.com
ftp.midpoint.com update.midpoint.com support.midpoint.com
midcore.co.uk #fwav
127.0.0.1 midcore.co.uk www.midcore.co.uk ftp.midcore.co.uk
update.midcore.co.uk support.midcore.co.uk citadel.com www.citadel.com
#fwav
127.0.0.1 www.citadel.com ftp.citadel.com update.citadel.com
support.citadel.com ikarus-software.com www.ikarus-software.com
ftp.ikarus-software.com #fwav
127.0.0.1 ftp.ikarus-software.com update.ikarus-software.com
support.ikarus-software.com ikarus.at www.ikarus.at ftp.ikarus.at
update.ikarus.at #fwav
127.0.0.1 update.ikarus.at support.ikarus.at benchmarx.com
www.benchmarx.com ftp.benchmarx.com update.benchmarx.com
support.benchmarx.com #fwav
127.0.0.1 support.benchmarx.com winproxy.net www.winproxy.net
ftp.winproxy.net update.winproxy.net support.winproxy.net
nms.lanprojekt.cz #fwav
127.0.0.1 nms.lanprojekt.cz www.nms.lanprojekt.cz
ftp.nms.lanprojekt.cz update.nms.lanprojekt.cz
support.nms.lanprojekt.cz web.oxi.net www.web.oxi.net #fwav
127.0.0.1 www.web.oxi.net ftp.web.oxi.net update.web.oxi.net
support.web.oxi.net oxi.net www.oxi.net ftp.oxi.net #fwav
127.0.0.1 ftp.oxi.net update.oxi.net support.oxi.net netsiren.com
www.netsiren.com ftp.netsiren.com update.netsiren.com #fwav
127.0.0.1 update.netsiren.com support.netsiren.com wingate.co.nz
www.wingate.co.nz ftp.wingate.co.nz update.wingate.co.nz
support.wingate.co.nz #fwav
127.0.0.1 support.wingate.co.nz ntguard.com www.ntguard.com
ftp.ntguard.com update.ntguard.com support.ntguard.com kf6ope.dhs.org
#fwav
127.0.0.1 kf6ope.dhs.org www.kf6ope.dhs.org ftp.kf6ope.dhs.org
update.kf6ope.dhs.org support.kf6ope.dhs.org securetroy.com
www.securetroy.com #fwav
127.0.0.1 www.securetroy.com ftp.securetroy.com update.securetroy.com
support.securetroy.com sysinternals.com www.sysinternals.com
ftp.sysinternals.com #fwav
127.0.0.1 ftp.sysinternals.com update.sysinternals.com
support.sysinternals.com winternals.com www.winternals.com
ftp.winternals.com update.winternals.com #fwav
127.0.0.1 update.winternals.com support.winternals.com deerfield.com
www.deerfield.com ftp.deerfield.com update.deerfield.com
support.deerfield.com #fwav
127.0.0.1 support.deerfield.com deltadesignuk.com
www.deltadesignuk.com ftp.deltadesignuk.com update.deltadesignuk.com
support.deltadesignuk.com symantec.com #fwav
127.0.0.1 symantec.com www.symantec.com ftp.symantec.com
update.symantec.com support.symantec.com symantec.net www.symantec.net
#fwav
127.0.0.1 www.symantec.net ftp.symantec.net update.symantec.net
support.symantec.net symantec.org www.symantec.org ftp.symantec.org
#fwav
127.0.0.1 ftp.symantec.org update.symantec.org support.symantec.org
norton.com www.norton.com ftp.norton.com update.norton.com #fwav
127.0.0.1 update.norton.com support.norton.com security.norton.com
www.security.norton.com ftp.security.norton.com
update.security.norton.com support.security.norton.com #fwav
127.0.0.1 support.security.norton.com security1.norton.com
www.security1.norton.com ftp.security1.norton.com
update.security1.norton.com support.security1.norton.com
smallbiz.symantec.com #fwav
127.0.0.1 smallbiz.symantec.com www.smallbiz.symantec.com
ftp.smallbiz.symantec.com update.smallbiz.symantec.com
support.smallbiz.symantec.com enterprisesecurity.symantec.com
www.enterprisesecurity.symantec.com #fwav
127.0.0.1 www.enterprisesecurity.symantec.com
ftp.enterprisesecurity.symantec.com
update.enterprisesecurity.symantec.com
support.enterprisesecurity.symantec.com securityresponse.symantec.com
www.securityresponse.symantec.com ftp.securityresponse.symantec.com
#fwav
127.0.0.1 ftp.securityresponse.symantec.com
update.securityresponse.symantec.com
support.securityresponse.symantec.com symantecliveupdate.com
www.symantecliveupdate.com ftp.symantecliveupdate.com
update.symantecliveupdate.com #fwav
127.0.0.1 update.symantecliveupdate.com support.symantecliveupdate.com
liveupdate.symantecliveupdate.com
www.liveupdate.symantecliveupdate.com
ftp.liveupdate.symantecliveupdate.com
update.liveupdate.symantecliveupdate.com
support.liveupdate.symantecliveupdate.com #fwav
127.0.0.1 support.liveupdate.symantecliveupdate.com
pc-cillin.download.antivirus.com www.pc-cillin.download.antivirus.com
ftp.pc-cillin.download.antivirus.com
update.pc-cillin.download.antivirus.com
support.pc-cillin.download.antivirus.com download.antivirus.com #fwav
127.0.0.1 download.antivirus.com www.download.antivirus.com
ftp.download.antivirus.com update.download.antivirus.com
support.download.antivirus.com updates.pandasoftware.com
www.updates.pandasoftware.com #fwav
127.0.0.1 www.updates.pandasoftware.com ftp.updates.pandasoftware.com
update.updates.pandasoftware.com support.updates.pandasoftware.com
trendmicro.com www.trendmicro.com ftp.trendmicro.com #fwav
127.0.0.1 ftp.trendmicro.com update.trendmicro.com
support.trendmicro.com trendmicro.net www.trendmicro.net
ftp.trendmicro.net update.trendmicro.net #fwav
127.0.0.1 update.trendmicro.net support.trendmicro.net trendmicro.org
www.trendmicro.org ftp.trendmicro.org update.trendmicro.org
support.trendmicro.org #fwav
127.0.0.1 support.trendmicro.org trend.com www.trend.com ftp.trend.com
update.trend.com support.trend.com trend,net #fwav
127.0.0.1 trend,net www.trend,net ftp.trend,net update.trend,net
support.trend,net trend.org www.trend.org #fwav
127.0.0.1 www.trend.org ftp.trend.org update.trend.org
support.trend.org resellers.trend.com www.resellers.trend.com
ftp.resellers.trend.com #fwav
127.0.0.1 ftp.resellers.trend.com update.resellers.trend.com
support.resellers.trend.com wtc.trendmicro.com www.wtc.trendmicro.com
ftp.wtc.trendmicro.com update.wtc.trendmicro.com #fwav
127.0.0.1 update.wtc.trendmicro.com support.wtc.trendmicro.com
trendmicro.de www.trendmicro.de ftp.trendmicro.de update.trendmicro.de
support.trendmicro.de #fwav
127.0.0.1 support.trendmicro.de antivirus.com www.antivirus.com
ftp.antivirus.com update.antivirus.com support.antivirus.com
antivirus.net #fwav
127.0.0.1 antivirus.net www.antivirus.net ftp.antivirus.net
update.antivirus.net support.antivirus.net antivirus.org
www.antivirus.org #fwav
127.0.0.1 www.antivirus.org ftp.antivirus.org update.antivirus.org
support.antivirus.org avp.com www.avp.com ftp.avp.com #fwav
127.0.0.1 ftp.avp.com update.avp.com support.avp.com estore.nai.com
www.estore.nai.com ftp.estore.nai.com update.estore.nai.com #fwav
127.0.0.1 update.estore.nai.com support.estore.nai.com vil.nai.com
www.vil.nai.com ftp.vil.nai.com update.vil.nai.com support.vil.nai.com
#fwav
127.0.0.1 support.vil.nai.com nai.com www.nai.com ftp.nai.com
update.nai.com support.nai.com mcafee.com #fwav
127.0.0.1 mcafee.com www.mcafee.com ftp.mcafee.com update.mcafee.com
support.mcafee.com clinic.mcafee.com www.clinic.mcafee.com #fwav
127.0.0.1 www.clinic.mcafee.com ftp.clinic.mcafee.com
update.clinic.mcafee.com support.clinic.mcafee.com store.mcafee.com
www.store.mcafee.com ftp.store.mcafee.com #fwav
127.0.0.1 ftp.store.mcafee.com update.store.mcafee.com
support.store.mcafee.com mcafeestore.beyond.com
www.mcafeestore.beyond.com ftp.mcafeestore.beyond.com
update.mcafeestore.beyond.com #fwav
127.0.0.1 update.mcafeestore.beyond.com support.mcafeestore.beyond.com
mcafeeb2b.com www.mcafeeb2b.com ftp.mcafeeb2b.com update.mcafeeb2b.com
support.mcafeeb2b.com #fwav
127.0.0.1 support.mcafeeb2b.com mcafee-at-home.cm
www.mcafee-at-home.cm ftp.mcafee-at-home.cm update.mcafee-at-home.cm
support.mcafee-at-home.cm housecall.antivirus.com #fwav
127.0.0.1 housecall.antivirus.com www.housecall.antivirus.com
ftp.housecall.antivirus.com update.housecall.antivirus.com
support.housecall.antivirus.com antivirus.cia.com
www.antivirus.cia.com #fwav
127.0.0.1 www.antivirus.cia.com ftp.antivirus.cia.com
update.antivirus.cia.com support.antivirus.cia.com av.ibm.com
www.av.ibm.com ftp.av.ibm.com #fwav
127.0.0.1 ftp.av.ibm.com update.av.ibm.com support.av.ibm.com
drsolomon.com www.drsolomon.com ftp.drsolomon.com update.drsolomon.com
#fwav
127.0.0.1 update.drsolomon.com support.drsolomon.com ealaddin.com
www.ealaddin.com ftp.ealaddin.com update.ealaddin.com
support.ealaddin.com #fwav
127.0.0.1 support.ealaddin.com esafe.com www.esafe.com ftp.esafe.com
update.esafe.com support.esafe.com norman.com #fwav
127.0.0.1 norman.com www.norman.com ftp.norman.com update.norman.com
support.norman.com ibas.no www.ibas.no #fwav
127.0.0.1 www.ibas.no ftp.ibas.no update.ibas.no support.ibas.no
norman.com.au www.norman.com.au ftp.norman.com.au #fwav
127.0.0.1 ftp.norman.com.au update.norman.com.au support.norman.com.au
norman.de www.norman.de ftp.norman.de update.norman.de #fwav
127.0.0.1 update.norman.de support.norman.de normanuk.com
www.normanuk.com ftp.normanuk.com update.normanuk.com
support.normanuk.com #fwav
127.0.0.1 support.normanuk.com norman.nl www.norman.nl ftp.norman.nl
update.norman.nl support.norman.nl norman.ch #fwav
127.0.0.1 norman.ch www.norman.ch ftp.norman.ch update.norman.ch
support.norman.ch normanibas.dk www.normanibas.dk #fwav
127.0.0.1 www.normanibas.dk ftp.normanibas.dk update.normanibas.dk
support.normanibas.dk datafellows.com www.datafellows.com
ftp.datafellows.com #fwav
127.0.0.1 ftp.datafellows.com update.datafellows.com
support.datafellows.com europe.f-secure.com www.europe.f-secure.com
ftp.europe.f-secure.com update.europe.f-secure.com #fwav
127.0.0.1 update.europe.f-secure.com support.europe.f-secure.com
europe.fsecure.com www.europe.fsecure.com ftp.europe.fsecure.com
update.europe.fsecure.com support.europe.fsecure.com #fwav
127.0.0.1 support.europe.fsecure.com f-secure.com www.f-secure.com
ftp.f-secure.com update.f-secure.com support.f-secure.com fsecure.com
#fwav
127.0.0.1 fsecure.com www.fsecure.com ftp.fsecure.com
update.fsecure.com support.fsecure.com nemx.com www.nemx.com #fwav
127.0.0.1 www.nemx.com ftp.nemx.com update.nemx.com support.nemx.com
marshalsoftware.com www.marshalsoftware.com ftp.marshalsoftware.com
#fwav
127.0.0.1 ftp.marshalsoftware.com update.marshalsoftware.com
support.marshalsoftware.com firetek.co.kr www.firetek.co.kr
ftp.firetek.co.kr update.firetek.co.kr #fwav
127.0.0.1 update.firetek.co.kr support.firetek.co.kr cai.com
www.cai.com ftp.cai.com update.cai.com support.cai.com #fwav
127.0.0.1 support.cai.com antivirus.cai.com www.antivirus.cai.com
ftp.antivirus.cai.com update.antivirus.cai.com
support.antivirus.cai.com ca.com #fwav
127.0.0.1 ca.com www.ca.com ftp.ca.com update.ca.com support.ca.com
caworld.com www.caworld.com #fwav
127.0.0.1 www.caworld.com ftp.caworld.com update.caworld.com
support.caworld.com inoculatit.com www.inoculatit.com
ftp.inoculatit.com #fwav
127.0.0.1 ftp.inoculatit.com update.inoculatit.com
support.inoculatit.com avxstore.com www.avxstore.com ftp.avxstore.com
update.avxstore.com #fwav
127.0.0.1 update.avxstore.com support.avxstore.com avx.com www.avx.com
ftp.avx.com update.avx.com support.avx.com #fwav
127.0.0.1 support.avx.com quickheal.com www.quickheal.com
ftp.quickheal.com update.quickheal.com support.quickheal.com alwil.com
#fwav
127.0.0.1 alwil.com www.alwil.com ftp.alwil.com update.alwil.com
support.alwil.com aks.com www.aks.com #fwav
127.0.0.1 www.aks.com ftp.aks.com update.aks.com support.aks.com
esafe.com www.esafe.com ftp.esafe.com #fwav
127.0.0.1 ftp.esafe.com update.esafe.com support.esafe.com free-av.com
www.free-av.com ftp.free-av.com update.free-av.com #fwav
127.0.0.1 update.free-av.com support.free-av.com vcatch.com
www.vcatch.com ftp.vcatch.com update.vcatch.com support.vcatch.com
#fwav
127.0.0.1 support.vcatch.com commandcom.com www.commandcom.com
ftp.commandcom.com update.commandcom.com support.commandcom.com
grisoft.com #fwav
127.0.0.1 grisoft.com www.grisoft.com ftp.grisoft.com
update.grisoft.com support.grisoft.com irisav.com www.irisav.com #fwav
127.0.0.1 www.irisav.com ftp.irisav.com update.irisav.com
support.irisav.com thunderbyte.com www.thunderbyte.com
ftp.thunderbyte.com #fwav
127.0.0.1 ftp.thunderbyte.com update.thunderbyte.com
support.thunderbyte.com novastor.com www.novastor.com ftp.novastor.com
update.novastor.com #fwav
127.0.0.1 update.novastor.com support.novastor.com pandasoftware.com
www.pandasoftware.com ftp.pandasoftware.com update.pandasoftware.com
support.pandasoftware.com #fwav
127.0.0.1 support.pandasoftware.com rg-av.com www.rg-av.com
ftp.rg-av.com update.rg-av.com support.rg-av.com sophos.com #fwav
127.0.0.1 sophos.com www.sophos.com ftp.sophos.com update.sophos.com
support.sophos.com helpvirus.com www.helpvirus.com #fwav
127.0.0.1 www.helpvirus.com ftp.helpvirus.com update.helpvirus.com
support.helpvirus.com sarc.com www.sarc.com ftp.sarc.com #fwav
127.0.0.1 ftp.sarc.com update.sarc.com support.sarc.com adinf.com
www.adinf.com ftp.adinf.com update.adinf.com #fwav
127.0.0.1 update.adinf.com support.adinf.com pspl.com www.pspl.com
ftp.pspl.com update.pspl.com support.pspl.com #fwav
127.0.0.1 support.pspl.com safetynet.com www.safetynet.com
ftp.safetynet.com update.safetynet.com support.safetynet.com
stiller.com #fwav
127.0.0.1 stiller.com www.stiller.com ftp.stiller.com
update.stiller.com support.stiller.com cheyenne.com www.cheyenne.com
#fwav
127.0.0.1 www.cheyenne.com ftp.cheyenne.com update.cheyenne.com
support.cheyenne.com gfi.com www.gfi.com ftp.gfi.com #fwav
127.0.0.1 ftp.gfi.com update.gfi.com support.gfi.com nod32.com
www.nod32.com ftp.nod32.com update.nod32.com #fwav
127.0.0.1 update.nod32.com support.nod32.com parentvirus.com
www.parentvirus.com ftp.parentvirus.com update.parentvirus.com
support.parentvirus.com #fwav
127.0.0.1 support.parentvirus.com cyber.com www.cyber.com
ftp.cyber.com update.cyber.com support.cyber.com cybersoft.com #fwav
127.0.0.1 cybersoft.com www.cybersoft.com ftp.cybersoft.com
update.cybersoft.com support.cybersoft.com calluna.com www.calluna.com
#fwav
127.0.0.1 www.calluna.com ftp.calluna.com update.calluna.com
support.calluna.com centralcommand.com www.centralcommand.com
ftp.centralcommand.com #fwav
127.0.0.1 ftp.centralcommand.com update.centralcommand.com
support.centralcommand.com chekware.com www.chekware.com
ftp.chekware.com update.chekware.com #fwav
127.0.0.1 update.chekware.com support.chekware.com dataprot.com
www.dataprot.com ftp.dataprot.com update.dataprot.com
support.dataprot.com #fwav
127.0.0.1 support.dataprot.com emdent.com www.emdent.com
ftp.emdent.com update.emdent.com support.emdent.com ffg.com #fwav
127.0.0.1 ffg.com www.ffg.com ftp.ffg.com update.ffg.com
support.ffg.com uglyware.com www.uglyware.com #fwav
127.0.0.1 www.uglyware.com ftp.uglyware.com update.uglyware.com
support.uglyware.com microworldsystems.com www.microworldsystems.com
ftp.microworldsystems.com #fwav
127.0.0.1 ftp.microworldsystems.com update.microworldsystems.com
support.microworldsystems.com netpro.com www.netpro.com ftp.netpro.com
update.netpro.com #fwav
127.0.0.1 update.netpro.com support.netpro.com invircible.com
www.invircible.com ftp.invircible.com update.invircible.com
support.invircible.com #fwav
127.0.0.1 support.invircible.com netzcomp.com www.netzcomp.com
ftp.netzcomp.com update.netzcomp.com support.netzcomp.com disquick.com
#fwav
127.0.0.1 disquick.com www.disquick.com ftp.disquick.com
update.disquick.com support.disquick.com parsonstech.com
www.parsonstech.com #fwav
127.0.0.1 www.parsonstech.com ftp.parsonstech.com
update.parsonstech.com support.parsonstech.com persystems.com
www.persystems.com ftp.persystems.com #fwav
127.0.0.1 ftp.persystems.com update.persystems.com
support.persystems.com portcullis-security.com
www.portcullis-security.com ftp.portcullis-security.com
update.portcullis-security.com #fwav
127.0.0.1 update.portcullis-security.com
support.portcullis-security.com sbabr.com www.sbabr.com ftp.sbabr.com
update.sbabr.com support.sbabr.com #fwav
127.0.0.1 support.sbabr.com starlabs.com www.starlabs.com
ftp.starlabs.com update.starlabs.com support.starlabs.com
antivirusexpert.com #fwav
127.0.0.1 antivirusexpert.com www.antivirusexpert.com
ftp.antivirusexpert.com update.antivirusexpert.com
support.antivirusexpert.com sybari.com www.sybari.com #fwav
127.0.0.1 www.sybari.com ftp.sybari.com update.sybari.com
support.sybari.com vdsarg.com www.vdsarg.com ftp.vdsarg.com #fwav
127.0.0.1 ftp.vdsarg.com update.vdsarg.com support.vdsarg.com gecad.ro
www.gecad.ro ftp.gecad.ro update.gecad.ro #fwav
127.0.0.1 update.gecad.ro support.gecad.ro gecadsoftware.com
www.gecadsoftware.com ftp.gecadsoftware.com update.gecadsoftware.com
support.gecadsoftware.com #fwav
127.0.0.1 support.gecadsoftware.com finjan.com www.finjan.com
ftp.finjan.com update.finjan.com support.finjan.com vbuster.hu #fwav
127.0.0.1 vbuster.hu www.vbuster.hu ftp.vbuster.hu update.vbuster.hu
support.vbuster.hu vps.co.za www.vps.co.za #fwav
127.0.0.1 www.vps.co.za ftp.vps.co.za update.vps.co.za
support.vps.co.za rav.ro www.rav.ro ftp.rav.ro #fwav
127.0.0.1 ftp.rav.ro update.rav.ro support.rav.ro hacksoft.com.pe
www.hacksoft.com.pe ftp.hacksoft.com.pe update.hacksoft.com.pe #fwav
127.0.0.1 update.hacksoft.com.pe support.hacksoft.com.pe hiwire.com.sg
www.hiwire.com.sg ftp.hiwire.com.sg update.hiwire.com.sg
support.hiwire.com.sg #fwav
127.0.0.1 support.hiwire.com.sg antivir.de www.antivir.de
ftp.antivir.de update.antivir.de support.antivir.de ikarus.at #fwav
127.0.0.1 ikarus.at www.ikarus.at ftp.ikarus.at update.ikarus.at
support.ikarus.at dials.ru www.dials.ru #fwav
127.0.0.1 www.dials.ru ftp.dials.ru update.dials.ru support.dials.ru
safe.net www.safe.net ftp.safe.net #fwav
127.0.0.1 ftp.safe.net update.safe.net support.safe.net vet.com.au
www.vet.com.au ftp.vet.com.au update.vet.com.au #fwav
127.0.0.1 update.vet.com.au support.vet.com.au cybec.com.au
www.cybec.com.au ftp.cybec.com.au update.cybec.com.au
support.cybec.com.au #fwav
127.0.0.1 support.cybec.com.au leprechaun.com.au www.leprechaun.com.au
ftp.leprechaun.com.au update.leprechaun.com.au
support.leprechaun.com.au kasperskylab.ru #fwav
127.0.0.1 kasperskylab.ru www.kasperskylab.ru ftp.kasperskylab.ru
update.kasperskylab.ru support.kasperskylab.ru eset.sk www.eset.sk
#fwav
127.0.0.1 www.eset.sk ftp.eset.sk update.eset.sk support.eset.sk
asw.cz www.asw.cz ftp.asw.cz #fwav
127.0.0.1 ftp.asw.cz update.asw.cz support.asw.cz anet.cz www.anet.cz
ftp.anet.cz update.anet.cz #fwav
127.0.0.1 update.anet.cz support.anet.cz alwil.anet.ch
www.alwil.anet.ch ftp.alwil.anet.ch update.alwil.anet.ch
support.alwil.anet.ch #fwav
127.0.0.1 support.alwil.anet.ch vhc.se www.vhc.se ftp.vhc.se
update.vhc.se support.vhc.se norman-ibas.fi #fwav
127.0.0.1 norman-ibas.fi www.norman-ibas.fi ftp.norman-ibas.fi
update.norman-ibas.fi support.norman-ibas.fi complex.is www.complex.is
#fwav
127.0.0.1 www.complex.is ftp.complex.is update.complex.is
support.complex.is mks.com.pl www.mks.com.pl ftp.mks.com.pl #fwav
127.0.0.1 ftp.mks.com.pl update.mks.com.pl support.mks.com.pl
resq.co.il www.resq.co.il ftp.resq.co.il update.resq.co.il #fwav
127.0.0.1 update.resq.co.il support.resq.co.il reflex-magnetics.co.uk
www.reflex-magnetics.co.uk ftp.reflex-magnetics.co.uk
update.reflex-magnetics.co.uk support.reflex-magnetics.co.uk #fwav
127.0.0.1 support.reflex-magnetics.co.uk securenet.org
www.securenet.org ftp.securenet.org update.securenet.org
support.securenet.org #fwav
el...@mindless.com (Deadgame) wrote in message news:<3b43835b.03020...@posting.google.com>...
![William Stacey [MVP]'s profile photo](https://lh3.googleusercontent.com/a/default-user=s40-c)
William Stacey [MVP]
That is weird. I was going to say it had to be hosts file too as those are
the only ones that do not get cleared from the cache. Glad you found it.
Did you figure out what virus this was?
--
William Stacey, MCSE
Windows MVP (DNS/DHCP/WINS)
"Deadgame" <el...@mindless.com> wrote in message
news:3b43835b.03020...@posting.google.com...
Ace Fekay [MVP]
I have to say I'm intrigued on how the trojan/virus writers did this that I
have to save this as an example to show my students of one of the things
(besides many others) to look for in case one thinks that their machine is
infected.
--
Ace
Please direct all replies to the newsgroup so all can benefit.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
"William Stacey [MVP]" <sta...@mvps.org> wrote in message
news:eIbNdXvyCHA.2684@TK2MSFTNGP11...
William Stacey [MVP]
server.
Clear your cache using ipconfig /flushdns and try the ping again. If same
issue, lets see an "ipconfig /all"
--
William Stacey
Windows MVP (DNS/DHCP/WINS)
"Deadgame" <el...@mindless.com> wrote in message
news:3b43835b.03020...@posting.google.com...
Benjamin Hudgens
you are checking:
%SystemRoot%\system32\drivers\etc\hosts
I realize you've stated this is clean. If completely clean, rename it
to something different, disable and re-enable your network adapter,
and try again.
Ping will not resolve using LMHOSTS or WINS. These are for NETBIOS
traffic only.
Also, run:
ipconfig /displaydns | find /i "216.140.16.252"
and
ipconfig /displaydns | find /i "216.140.17.252"
If neither of these are found, you are not reaching the DNS lookup
part of resolution.
What do you see when you type: 'Set | find /i "SystemRoot"'
~Benjamin
----------------------------------------
Benjamin Hudgens
Winternals Software
Network Administrator