I am attempting to fix a friend's system (hardware and software issues on a Gateway MX8523 laptop running XP MCE SP3 - replaced a bad power adapter cord.) Software problems abound as well. I opened a cmd box and typed: ipconfig /displaydns, which resulted in a list of sites, some of which appear to be rogue in nature:

C:\Documents and Settings\Owner.laptop>ipconfig /displaydns

Windows IP Configuration

www.xxokoriq.cn
----------------------------------------
Record Name . . . . . : www.xxokoriq.cn
Record Type . . . . . : 1
Time To Live . . . . : 604231
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1


webslots2009.com
----------------------------------------
Record Name . . . . . : webslots2009.com
Record Type . . . . . : 1
Time To Live . . . . : 604231
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1


www.theworldaccordingtoash.com
----------------------------------------
Record Name . . . . . : www.theworldaccordingtoash.com
Record Type . . . . . : 1
Time To Live . . . . : 604231
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1


stovescasino.com
----------------------------------------
Record Name . . . . . : stovescasino.com
Record Type . . . . . : 1
Time To Live . . . . : 604231
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1


smart-antivirus2009buy.com
----------------------------------------
Record Name . . . . . : smart-antivirus2009buy.com
Record Type . . . . . : 1
Time To Live . . . . : 604231
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1


sexmultis.info
----------------------------------------
Record Name . . . . . : sexmultis.info
Record Type . . . . . : 1
Time To Live . . . . : 604231
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1


rvporn3.info
----------------------------------------
Record Name . . . . . : rvporn3.info
Record Type . . . . . : 1
Time To Live . . . . : 604231
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1


www.ripuvat.cn
----------------------------------------
Record Name . . . . . : www.ripuvat.cn
Record Type . . . . . : 1
Time To Live . . . . : 604231
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1


www.presuloxa.com
----------------------------------------
Record Name . . . . . : www.presuloxa.com


I installed the latest HOSTS file from MVPS and ran Spybot SD v1.6.2 and it found several problems.
It fixed some but required reboot for others.
Upon completion, it listed several fixes that Norton 360 Premier blocked.
I flushed the DNS cache and the above command log did not change.
I reset TCP/IP to its original state by using netsh from a cmd box:
(netsh int ip reset c:\resetlog.txt).
Got a similar result as the above upon running ipconfig /displaydns from a cmd box.
Her system's Services show several vulnerabilities with these items allowed as automatic: Server,
Terminal Services, Remote Registry, etc. I turned them off.
I'm no expert, but it looks like something needs to be fixed before allowing internet activity on her laptop.
Is the above dns log result indicative of a serious problem? My machine shows no such activity from a cmd box.

TIA
sumarinax

Wow. No replies. Did I post to the wrong forum? Is my post too general or irrelevant? Is there something else I need to know?

Sumarinax

Hello sumarinax,

Wow. No replies. Did I post to the wrong forum? Is my post too general or irrelevant? Is there something else I need to know?


I am attempting to fix a friend's system (hardware and software issues on a Gateway MX8523 laptop running XP MCE SP3 - replaced a bad power adapter cord.) Software problems abound as well.
This is the support forum for Spybot-S&D, are you experiencing an issue with our software? :)

I opened a cmd box and typed: ipconfig /displaydns, which resulted in a list of sites, some of which appear to be rogue in nature:

C:\Documents and Settings\Owner.laptop>ipconfig /displaydns

Windows IP Configuration

www.xxokoriq.cn
----------------------------------------
Record Name . . . . . : www.xxokoriq.cn
Record Type . . . . . : 1
Time To Live . . . . : 604231
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1

Such are items being blocked by the hosts file which is why they show with 127.0.0.1. It is the loopback address to your local PC.

http://whois.domaintools.com/127.0.0.1
http://www.mvps.org/winhelp2002/hosts.htm

If the computer is showing signs of infection and you would like someone to take a look at the system you can start a topic in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) and a volunteer analyst will advise you when available.

First see that forum's FAQ which also includes instructions on posting a preliminary DDS log: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Best regards.

Thanks for the reply. I understand just enough about computers and applications to know use security apps and routers for minimizing security issues. But, I don't understand enough to know what I'm looking at sometimes. BTW, I saw that you had to modify my post because of the hyperlinks. My apologies. I didn't intend for that to happen when I posted (copied and pasted from notepad.)
I was recently given the aforementioned laptop - she didn't want to spend money on repairs. I wiped the HDD and installed XP Pro SP3 and it's running well. Spybot found multiple trojans and virii before I reinstalled. If I run into problems in the future, I'll give the other forum a try.

Thanks again,
Sumarinax

:bigthumb:

Have a good weekend. :)