Results 1 to 5 of 5

Thread: Cache corruption?

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Jul 2008
    Posts
    9

    Default Cache corruption?

    I am attempting to fix a friend's system (hardware and software issues on a Gateway MX8523 laptop running XP MCE SP3 - replaced a bad power adapter cord.) Software problems abound as well. I opened a cmd box and typed: ipconfig /displaydns, which resulted in a list of sites, some of which appear to be rogue in nature:

    C:\Documents and Settings\Owner.laptop>ipconfig /displaydns

    Windows IP Configuration

    www.xxokoriq.cn
    ----------------------------------------
    Record Name . . . . . : www.xxokoriq.cn
    Record Type . . . . . : 1
    Time To Live . . . . : 604231
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A (Host) Record . . . : 127.0.0.1


    webslots2009.com
    ----------------------------------------
    Record Name . . . . . : webslots2009.com
    Record Type . . . . . : 1
    Time To Live . . . . : 604231
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A (Host) Record . . . : 127.0.0.1


    www.theworldaccordingtoash.com
    ----------------------------------------
    Record Name . . . . . : www.theworldaccordingtoash.com
    Record Type . . . . . : 1
    Time To Live . . . . : 604231
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A (Host) Record . . . : 127.0.0.1


    stovescasino.com
    ----------------------------------------
    Record Name . . . . . : stovescasino.com
    Record Type . . . . . : 1
    Time To Live . . . . : 604231
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A (Host) Record . . . : 127.0.0.1


    smart-antivirus2009buy.com
    ----------------------------------------
    Record Name . . . . . : smart-antivirus2009buy.com
    Record Type . . . . . : 1
    Time To Live . . . . : 604231
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A (Host) Record . . . : 127.0.0.1


    sexmultis.info
    ----------------------------------------
    Record Name . . . . . : sexmultis.info
    Record Type . . . . . : 1
    Time To Live . . . . : 604231
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A (Host) Record . . . : 127.0.0.1


    rvporn3.info
    ----------------------------------------
    Record Name . . . . . : rvporn3.info
    Record Type . . . . . : 1
    Time To Live . . . . : 604231
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A (Host) Record . . . : 127.0.0.1


    www.ripuvat.cn
    ----------------------------------------
    Record Name . . . . . : www.ripuvat.cn
    Record Type . . . . . : 1
    Time To Live . . . . : 604231
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A (Host) Record . . . : 127.0.0.1


    www.presuloxa.com
    ----------------------------------------
    Record Name . . . . . : www.presuloxa.com


    I installed the latest HOSTS file from MVPS and ran Spybot SD v1.6.2 and it found several problems.
    It fixed some but required reboot for others.
    Upon completion, it listed several fixes that Norton 360 Premier blocked.
    I flushed the DNS cache and the above command log did not change.
    I reset TCP/IP to its original state by using netsh from a cmd box:
    (netsh int ip reset c:\resetlog.txt).
    Got a similar result as the above upon running ipconfig /displaydns from a cmd box.
    Her system's Services show several vulnerabilities with these items allowed as automatic: Server,
    Terminal Services, Remote Registry, etc. I turned them off.
    I'm no expert, but it looks like something needs to be fixed before allowing internet activity on her laptop.
    Is the above dns log result indicative of a serious problem? My machine shows no such activity from a cmd box.

    TIA
    sumarinax
    Last edited by tashi; 2010-11-03 at 20:50. Reason: Disabled urls

  2. #2
    Junior Member
    Join Date
    Jul 2008
    Posts
    9

    Default cache

    Wow. No replies. Did I post to the wrong forum? Is my post too general or irrelevant? Is there something else I need to know?

    Sumarinax

  3. #3
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello sumarinax,
    Quote Originally Posted by sumarinax View Post
    Wow. No replies. Did I post to the wrong forum? Is my post too general or irrelevant? Is there something else I need to know?
    Quote Originally Posted by sumarinax View Post
    I am attempting to fix a friend's system (hardware and software issues on a Gateway MX8523 laptop running XP MCE SP3 - replaced a bad power adapter cord.) Software problems abound as well.
    This is the support forum for Spybot-S&D, are you experiencing an issue with our software?
    Quote Originally Posted by sumarinax View Post
    I opened a cmd box and typed: ipconfig /displaydns, which resulted in a list of sites, some of which appear to be rogue in nature:

    C:\Documents and Settings\Owner.laptop>ipconfig /displaydns

    Windows IP Configuration

    www.xxokoriq.cn
    ----------------------------------------
    Record Name . . . . . : www.xxokoriq.cn
    Record Type . . . . . : 1
    Time To Live . . . . : 604231
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A (Host) Record . . . : 127.0.0.1
    Such are items being blocked by the hosts file which is why they show with 127.0.0.1. It is the loopback address to your local PC.

    http://whois.domaintools.com/127.0.0.1
    http://www.mvps.org/winhelp2002/hosts.htm

    If the computer is showing signs of infection and you would like someone to take a look at the system you can start a topic in the Malware Removal Forum and a volunteer analyst will advise you when available.

    First see that forum's FAQ which also includes instructions on posting a preliminary DDS log: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  4. #4
    Junior Member
    Join Date
    Jul 2008
    Posts
    9

    Default

    Thanks for the reply. I understand just enough about computers and applications to know use security apps and routers for minimizing security issues. But, I don't understand enough to know what I'm looking at sometimes. BTW, I saw that you had to modify my post because of the hyperlinks. My apologies. I didn't intend for that to happen when I posted (copied and pasted from notepad.)
    I was recently given the aforementioned laptop - she didn't want to spend money on repairs. I wiped the HDD and installed XP Pro SP3 and it's running well. Spybot found multiple trojans and virii before I reinstalled. If I run into problems in the future, I'll give the other forum a try.

    Thanks again,
    Sumarinax

  5. #5
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default



    Have a good weekend.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •