sumarinax
2010-11-03, 18:00
I am attempting to fix a friend's system (hardware and software issues on a Gateway MX8523 laptop running XP MCE SP3 - replaced a bad power adapter cord.) Software problems abound as well. I opened a cmd box and typed: ipconfig /displaydns, which resulted in a list of sites, some of which appear to be rogue in nature:
C:\Documents and Settings\Owner.laptop>ipconfig /displaydns
Windows IP Configuration
www.xxokoriq.cn
----------------------------------------
Record Name . . . . . : www.xxokoriq.cn
Record Type . . . . . : 1
Time To Live . . . . : 604231
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1
webslots2009.com
----------------------------------------
Record Name . . . . . : webslots2009.com
Record Type . . . . . : 1
Time To Live . . . . : 604231
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1
www.theworldaccordingtoash.com
----------------------------------------
Record Name . . . . . : www.theworldaccordingtoash.com
Record Type . . . . . : 1
Time To Live . . . . : 604231
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1
stovescasino.com
----------------------------------------
Record Name . . . . . : stovescasino.com
Record Type . . . . . : 1
Time To Live . . . . : 604231
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1
smart-antivirus2009buy.com
----------------------------------------
Record Name . . . . . : smart-antivirus2009buy.com
Record Type . . . . . : 1
Time To Live . . . . : 604231
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1
sexmultis.info
----------------------------------------
Record Name . . . . . : sexmultis.info
Record Type . . . . . : 1
Time To Live . . . . : 604231
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1
rvporn3.info
----------------------------------------
Record Name . . . . . : rvporn3.info
Record Type . . . . . : 1
Time To Live . . . . : 604231
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1
www.ripuvat.cn
----------------------------------------
Record Name . . . . . : www.ripuvat.cn
Record Type . . . . . : 1
Time To Live . . . . : 604231
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1
www.presuloxa.com
----------------------------------------
Record Name . . . . . : www.presuloxa.com
I installed the latest HOSTS file from MVPS and ran Spybot SD v1.6.2 and it found several problems.
It fixed some but required reboot for others.
Upon completion, it listed several fixes that Norton 360 Premier blocked.
I flushed the DNS cache and the above command log did not change.
I reset TCP/IP to its original state by using netsh from a cmd box:
(netsh int ip reset c:\resetlog.txt).
Got a similar result as the above upon running ipconfig /displaydns from a cmd box.
Her system's Services show several vulnerabilities with these items allowed as automatic: Server,
Terminal Services, Remote Registry, etc. I turned them off.
I'm no expert, but it looks like something needs to be fixed before allowing internet activity on her laptop.
Is the above dns log result indicative of a serious problem? My machine shows no such activity from a cmd box.
TIA
sumarinax
C:\Documents and Settings\Owner.laptop>ipconfig /displaydns
Windows IP Configuration
www.xxokoriq.cn
----------------------------------------
Record Name . . . . . : www.xxokoriq.cn
Record Type . . . . . : 1
Time To Live . . . . : 604231
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1
webslots2009.com
----------------------------------------
Record Name . . . . . : webslots2009.com
Record Type . . . . . : 1
Time To Live . . . . : 604231
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1
www.theworldaccordingtoash.com
----------------------------------------
Record Name . . . . . : www.theworldaccordingtoash.com
Record Type . . . . . : 1
Time To Live . . . . : 604231
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1
stovescasino.com
----------------------------------------
Record Name . . . . . : stovescasino.com
Record Type . . . . . : 1
Time To Live . . . . : 604231
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1
smart-antivirus2009buy.com
----------------------------------------
Record Name . . . . . : smart-antivirus2009buy.com
Record Type . . . . . : 1
Time To Live . . . . : 604231
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1
sexmultis.info
----------------------------------------
Record Name . . . . . : sexmultis.info
Record Type . . . . . : 1
Time To Live . . . . : 604231
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1
rvporn3.info
----------------------------------------
Record Name . . . . . : rvporn3.info
Record Type . . . . . : 1
Time To Live . . . . : 604231
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1
www.ripuvat.cn
----------------------------------------
Record Name . . . . . : www.ripuvat.cn
Record Type . . . . . : 1
Time To Live . . . . : 604231
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1
www.presuloxa.com
----------------------------------------
Record Name . . . . . : www.presuloxa.com
I installed the latest HOSTS file from MVPS and ran Spybot SD v1.6.2 and it found several problems.
It fixed some but required reboot for others.
Upon completion, it listed several fixes that Norton 360 Premier blocked.
I flushed the DNS cache and the above command log did not change.
I reset TCP/IP to its original state by using netsh from a cmd box:
(netsh int ip reset c:\resetlog.txt).
Got a similar result as the above upon running ipconfig /displaydns from a cmd box.
Her system's Services show several vulnerabilities with these items allowed as automatic: Server,
Terminal Services, Remote Registry, etc. I turned them off.
I'm no expert, but it looks like something needs to be fixed before allowing internet activity on her laptop.
Is the above dns log result indicative of a serious problem? My machine shows no such activity from a cmd box.
TIA
sumarinax