1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Resolved Something Blocking DNS

Discussion in 'Networking (Hardware & Software)' started by gw1500se, 2015/09/05.

  1. 2015/09/05
    gw1500se

    gw1500se Well-Known Member Thread Starter

    Joined:
    2003/01/10
    Messages:
    385
    Likes Received:
    0
    Trophy Points:
    231
    Computer Experience:
    Experienced
    I am having a problem with Cygwin and after considerable investigation with Cygwin experts have come to the conclusion that something is blocking DNS. This started after some Lavasoft malware was inadvertently installed. It has since been removed and HJT indicates the system is clean. I don't know if that is related but thought I should mention it. Oddly everything else works (browsers, email, etc.). At least I have not found anything else that doesn't work. When I run nslookup, I get this:
    Code:
    nslookup google.com
    Server:  UnKnown
    Address:  192.168.0.1
    
    *** UnKnown can't find google.com: No response from server
    
    The server address shown is correct (U-Verse digital router) according to AT&T tech support. That router handles DNS queries. I have a Linux machine configured with the same DNS server and it works as expected:
    Code:
    nslookup google.com
    Server:         192.168.0.1
    Address:        192.168.0.1#53
    
    Non-authoritative answer:
    Name:   google.com
    Address: 74.125.21.101
    Name:   google.com
    Address: 74.125.21.102
    Name:   google.com
    Address: 74.125.21.113
    Name:   google.com
    Address: 74.125.21.138
    Name:   google.com
    Address: 74.125.21.139
    Name:   google.com
    Address: 74.125.21.100
    
    I also discovered something else that may be related. If I run tracert I get this:
    Code:
    tracert google.com
    
    Tracing route to  over a maximum of 30 hops
    
      1     1 ms     1 ms     1 ms  dsldevice.attlocal.net No resources.
    
    Again traceroute on my Linux machine works as expected so clearly this is something specific to my Win7. Can someone help me shoot this bug? TIA.

    FWIW, I have Norton AV but uninstalled it to no avail, so that is not the blocker.
     
  2. 2015/09/07
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    8,720
    Likes Received:
    365
    Trophy Points:
    1,093
    Location:
    Fairfax, VA
    Computer Experience:
    echo $experienced;
    On the win7 comp:

    Open Network & Sharing Center >
    On left, click on Change adapter settings >
    Rt click adapter >
    Select Properties >
    Double click TCP/IP v4 >
    Advanced button >
    Verify adapter settings (usually set to everything automatic - dhcp).
    If set to static verify the DNS is set to the LAN IP of the router.

    And probably best to uncheck TCP/IP v6 as it's not used on the WAN side anyway.

    Not sure what you mean by lavasoft malware. Lavasoft makes anti-malware products. Their main program, lavasoft ad-aware removes malware. But it also is bundled with an browser extension called Secure Search. It's supposed to enable safe searching but it can hijack your home page even after ad-aware has been uninstalled. The extension must be removed from the browser add-ons interface.
     

  3. to hide this advert.

  4. 2015/09/07
    gw1500se

    gw1500se Well-Known Member Thread Starter

    Joined:
    2003/01/10
    Messages:
    385
    Likes Received:
    0
    Trophy Points:
    231
    Computer Experience:
    Experienced
    Thanks for the reply. All that had already been done.

    Since Lavasoft AdWare was installed bundled with other software, without asking for consent and silently, I call it Malware. If it was legitimate software it would have made itself known that it was going to be installedand given me the option. I am familiar with the software and don't like it. It is incompatible with other legitimate software and in particular Cygwin.
     
  5. 2015/09/08
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    8,720
    Likes Received:
    365
    Trophy Points:
    1,093
    Location:
    Fairfax, VA
    Computer Experience:
    echo $experienced;
    Well I agree, Ad-aware used to be good at one time, but it's fallen back to better antispy products.

    As for the cygwin/dns problem, I suspect the win 7 box has a rootkit OR corrupted winsock OR leftover registry network changes made by malware OR just plain old Windows caching problems (dns, hosts, etc). On Linux all that's needed to fix such issues is to edit a text file.

    How did you remove the "malware "? I would scan & fix using:
    http://www.bleepingcomputer.com/download/adwcleaner/

    Post the result of the command:
    ipconfig /all

    Also, check the Windows Firewall and verify it's not blocking port 53.

    Also, on the win7 box, check the registry for proper dns entries at:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    Under the NameServer value ach entry should be separated by a space.
    ex: NameServer= "8.8.8.8 8.8.4.4 "

    or under DHCPNameServer 192.168.0.1

    If no joy at all I would uninstall the net adapter using Device manager & reboot. Then configure the adapter settings in my first post above, and be sure to uncheck IP6.
     
  6. 2015/09/08
    gw1500se

    gw1500se Well-Known Member Thread Starter

    Joined:
    2003/01/10
    Messages:
    385
    Likes Received:
    0
    Trophy Points:
    231
    Computer Experience:
    Experienced
    Thanks for the reply. I used High-Jack This (HJT) and Malwarebytes to clean the malware. I tried to get adwcleaner but it won't download:

    C:\Users\DENNIS~1\AppData\Local\Temp\QMLavEcM.exe.part could not be saved, because the source file could not be read.

    It creates the file with 0KB but for some reason can do anything more.

    I'll provide the rest of the info when I get a chance, hopefully later tonight.
     
  7. 2015/09/09
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    8,720
    Likes Received:
    365
    Trophy Points:
    1,093
    Location:
    Fairfax, VA
    Computer Experience:
    echo $experienced;
  8. 2015/09/09
    gw1500se

    gw1500se Well-Known Member Thread Starter

    Joined:
    2003/01/10
    Messages:
    385
    Likes Received:
    0
    Trophy Points:
    231
    Computer Experience:
    Experienced
    Here is the rest of the requested information.

    ipconfig /all
    Windows IP Configuration

    Host Name . . . . . . . . . . . . : DAP001
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : cisco.com
    attlocal.net

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . : attlocal.net
    Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
    Physical Address. . . . . . . . . : 8C-89-A5-D1-19-FD
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    IPv4 Address. . . . . . . . . . . : 192.168.0.102(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : Tuesday, August 25, 2015 3:22:34 PM
    Lease Expires . . . . . . . . . . : Wednesday, September 09, 2015 10:22:45 AM

    Default Gateway . . . . . . . . . : 192.168.0.1
    DHCP Server . . . . . . . . . . . : 192.168.0.1
    DNS Servers . . . . . . . . . . . : 192.168.0.1
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.attlocal.net:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . : attlocal.net
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 11:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft 6to4 Adapter
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Firewall is turned off.


    This may be the problem. Here are the registry key values:

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters]
    "ICSDomain "= "mshome.net "
    "SyncDomainWithMembership "=dword:00000001
    "NV Hostname "= "DAP001 "
    "DataBasePath "=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
    00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
    64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,63,00,00,00
    "NameServer "=" "
    "ForwardBroadcasts "=dword:00000000
    "IPEnableRouter "=dword:00000000
    "Domain "=" "
    "Hostname "= "DAP001 "
    "SearchList "=" "
    "UseDomainNameDevolution "=dword:00000001
    "EnableICMPRedirect "=dword:00000001
    "DeadGWDetectDefault "=dword:00000001
    "DontAddDefaultGatewayDefault "=dword:00000000
    "EnableWsd "=dword:00000001
    "QualifyingDestinationThreshold "=dword:00000003
    "DisableTaskOffload "=dword:00000001
    "EnableIPAutoConfigurationLimits "=dword:00000001
    "ReservedPorts "=hex(7):31,00,34,00,33,00,33,00,2d,00,31,00,34,00,33,00,34,00,\
    00,00,00,00
    "DhcpNameServer "= "192.168.0.1 "
    "DhcpDomain "= "att.net "

    The ServerName parameter is empty.
     
  9. 2015/09/09
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    8,720
    Likes Received:
    365
    Trophy Points:
    1,093
    Location:
    Fairfax, VA
    Computer Experience:
    echo $experienced;
    It's System/CurrentControlSet
    not ControSet001

    anyway NameServer should be blank if use DHCP. NameServer would be used if set a static LAN IP and DNS.

    Were it me, I'd uninstall the adapter and let it build fresh at next boot.
     
  10. 2015/09/09
    gw1500se

    gw1500se Well-Known Member Thread Starter

    Joined:
    2003/01/10
    Messages:
    385
    Likes Received:
    0
    Trophy Points:
    231
    Computer Experience:
    Experienced
    It was probably a copy and paste error. I hate the way Windows command prompt does it.

    Thanks, I guess I'll give that a try.
     
  11. 2015/09/11
    gw1500se

    gw1500se Well-Known Member Thread Starter

    Joined:
    2003/01/10
    Messages:
    385
    Likes Received:
    0
    Trophy Points:
    231
    Computer Experience:
    Experienced
    I did the uninstall an install of the network adapter. No joy. :-(

    I'll try to get awdcleaner next but it is beginning to look hopeless.
     
  12. 2015/09/12
    gw1500se

    gw1500se Well-Known Member Thread Starter

    Joined:
    2003/01/10
    Messages:
    385
    Likes Received:
    0
    Trophy Points:
    231
    Computer Experience:
    Experienced
    SUCCESS!!!!!!!!!!!!!!!!!!!!!!! AdwCleaner found a bunch of stuff the others (HJT and MalWareBytes) didn't. It reset some winsock stuff which I bet is what the problem was. I can't thank you enough.
     
  13. 2015/09/13
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    8,720
    Likes Received:
    365
    Trophy Points:
    1,093
    Location:
    Fairfax, VA
    Computer Experience:
    echo $experienced;
    Very well done!
     

Share This Page