1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Windows 7 Advanced DNS problem

Discussion in 'Networking' started by kremkrem, Oct 7, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. kremkrem

    kremkrem Thread Starter

    Joined:
    Oct 7, 2011
    Messages:
    20
    Sorry, but you know, this F-Secure software uses Java Applet for scanning (that's ok) and IE to show the results (more than bad). In other words, it doesn't work.
    Please, if you can, choose some software I can download without any extern downloaders, and it should work fine.
    Those errors are caused by the problem we're trying to solve. I mention it just to make sure you know why I've got these problems.
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    Do you have an internet connection?

    Did you set up the following Proxy

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 8.8.8.8:80
     
  3. kremkrem

    kremkrem Thread Starter

    Joined:
    Oct 7, 2011
    Messages:
    20
    First, I have an internet connection. I post from the machine I have problems with, using Firefox. As I said in the very first post, the situation with my system is weird: there is a connection, but for most apps resolving hostnames doesn't work (but in Firefox works). So, I can connect using Firefox, or, sometimes, using raw IP.
    Second... I barely understand the notation you just have used. But checked the Windows options... yes, I set the 8.8.8.8:80 proxy, I surely remember doing so. Found it was Google DNS server, and tried as a possible solution. But it didn't work, so I turned off using proxy for system (by unchecking a box). And the fact that the adress is typed, doesn't (or at least shouldn't) matter.
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    When you turned off the proxy by removing the tick from "Proxy server" under Lan settings did you put a tick in "Automatically detect setting" under automatic configuration? see attached image

    Also what can you tell me about this program ALLPlayer did you install it? Read the information at the following links:

    http://www.threatexpert.com/files/allupdate.exe.html

    http://www.prevx.com/filenames/61275102296173309-X1/ALLUPDATE.EXE.html

    I ask about this program because it was installed by user not by malware...

    Kevin
     

    Attached Files:

    • IE.JPG
      IE.JPG
      File size:
      21.8 KB
      Views:
      195
  5. kremkrem

    kremkrem Thread Starter

    Joined:
    Oct 7, 2011
    Messages:
    20
    Yeah...
    Well, I hadn't switched the "automaticly detect" option on, I forgot about that. Now I've done it.
    AllPlayer... yup, that was me. I've installed it. Avast was suspicious about the allupdate.exe, so I've either blocked it or let it on in sandbox (because that one was default). Well, when I've reconsidered that, I concluded I don't really need it anymore. Therefore I uninstalled it.
    In short: it didn't work.
    Let's try something else. I don't really like the vision of reinstalling the system... especially that it came with machine, so I don't have the CD/DVD...
    PS. I've noticed you like Ubuntu, while I personally love it. As a coincidence, I've got a liveUSB with 10.04 lucid on board. If you're thinking about trick involving it, feel free to do so, I like Ubuntu, and I'm not a moron who is scared by its bash (aka terminal).
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    I`m only looking for malware on your system, you mentioned having issues for approximately 8 months, All Player was installed February of this year so it was a definite suspect.

    OK I`d like to see an in depth scan with an AV to check that Combofix missed nothing, as you had problems with ESET and F-Secure we can use Avast.

    Right click on the Avast Icon next to your clock and select "open avast user interface"
    On the interface select Scan Computer

    [​IMG]

    On the next window select Boot time scan

    [​IMG]

    Onthe next window select Schedule now

    [​IMG]

    On the next window select Restart Computer

    [​IMG]

    Let your system re-boot and carry out the boot time scan, let me know what it finds. Also tell me if Internet Explorer works now since turning on the "Automatically detect" option...

    Regarding Ubuntu, I only use that for online banking and anything with financial implications, I just dont trust windows....(any version)
     
  7. kremkrem

    kremkrem Thread Starter

    Joined:
    Oct 7, 2011
    Messages:
    20
    I've just done the on-boot scan. It said that it scanned everything (unlike the in-Windows scan), but found nothing.
    I've just noted that your suspicion about AllPlayer was wrong, because I forgot to tell you, that the problem was caused by a stopped trial of installing an infected proxy software (that fact was mentioned by me in the very first post). Terrible thing I forgot the name of this application, but, as I searched on the net the day I got the problem, it was known to install rootkits and trojans.
    But it was such a long time ago that I don't remember the name! Stupid, stupid, stupid, stupid, stupid, stupid, stupid, stupid.....
    PS
    It sometimes take time to answer, because there is big time difference between the place I live in and that forum's time (my time indicates 9 hours forward).
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    What is the status of your system now, is IE working? do have any issues/concerns
     
  9. kremkrem

    kremkrem Thread Starter

    Joined:
    Oct 7, 2011
    Messages:
    20
    Nothing has changed: IE doesn't load any pages, services that haven't worked doesn't work, and ones that have worked work.
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
  11. kremkrem

    kremkrem Thread Starter

    Joined:
    Oct 7, 2011
    Messages:
    20
    FixIt couldn't do anything because of failed attempt to connect to the (Microsoft) server. Dang, Microsoft sometimes really sucks.
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    Back up YOUR REGISTRY with ERUNT.....

    • Download ERUNT
      (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
    • Install ERUNT by following the prompts
      (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
    • Start ERUNT
      (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
    • Choose a location for the backup
      (the default location is C:\WINDOWS\ERDNT which is acceptable).
    • Make sure that at least the first two check boxes are ticked
    • Press OK
    • Press YES to create the folder.
    [​IMG]

    Next,

    Please follow these instructions carefully:

    Open Notepad, check the Format Menu and make sure Word Wrap is NOT selected. Then copy and paste the following from inside the code box to Notepad:

    Code:
    Windows Registry Editor Version 5.00
    
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate\DisableWindowsUpdateAccess]		
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoWindowsUpdate"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoWindowsUpdate"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU]
    "NoAutoUpdate"=dword:00000000
    "AUOptions"=dword:00000000
    
    [-HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate]
    
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoDevMgrUpdate"=dword:00000000
    
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "NoUpdateCheck"=dword:00000000
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate]
    "DisableWindowsUpdateAccess"=dword:00000000
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoWindowsUpdate"=dword:00000000
    
    

    Next, Click on the File Menu, then Save As ... and click on the drop down menu to change the file type to All Files.

    Next navigate to your desktop, and enter the file name fixme.reg, and click Save.

    You should now find a new file on your desktop named fixme.reg. Double click on fixme.reg. You will get a warning,
    agree to the merge, and then a message the file has been merged will immediately pop up.

    Then reboot.

    Next,


    Add the Windows Update Web site and the Microsoft Update Web site to the Trusted Sites list, follow these steps:

    • Start Windows Internet Explorer:
    • On the Tools menu, click Internet Options.
    • Note If you are using Internet Explorer 7, and the menu is not available, press the ALT key on your keyboard to access the Internet Explorer Menu.
    • Click the Security tab, and then click Trusted Sites.
    • Click Sites, and then click to clear the Require server verification (https:) for all sites in this zone check box.
    • In the Add this Web site to the zone box, type the following addresses, and then click Add after you type each address:

      http://*.windowsupdate.microsoft.com
      http://*.windowsupdate.com
      http://update.microsoft.com

    • Click OK two times.

    Try the updates again.
     
  13. kremkrem

    kremkrem Thread Starter

    Joined:
    Oct 7, 2011
    Messages:
    20
    ERUNT... hey, I already know this app! Ok, I've done backup.
    Now there's some neat register editing file... have run that.
    Restart, added the 3 trusted sites and cleared the https: verification box.
    Nothing changed. (try update? What did you mean? I've tried to run fixit again as an update, but nothing)
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    Do the following :

    Select the Windows Key and R Key together, in the open box either type or copy and paste services.msc

    In the new window scroll to Background Intelligence Service, what is the Status and Start up type? They should be Started and Automatic (delayed) respectively.

    Also check the following dependencies:

    Com + Event system this should be Started and Automatic

    Remote Procedure Call (RPC) this also should be Started and Automatic

    Let me know if the above are correct.....
     
  15. kremkrem

    kremkrem Thread Starter

    Joined:
    Oct 7, 2011
    Messages:
    20
    I think I've managed to translate the service names right.
    Background Intelligence Service (Usługa Inteligentnego Transferu w Tle)
    Status: Started, Start up type: Automatic (delayed)

    COM+ Event System (System Zdarzeń COM+)
    Status: Started, Start up type: Automatic

    Remote Procedure Call (RPC) (Zdalne wywoływanie procedur (RPC))
    Status: Started, Start up type: Automatic
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1021150