• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

  • 0
Sign in to follow this  

Nslookup works but tracert doesnt

Question

zeroday    19

I was fixing my niece's laptop, removing a massive amount of virii and malware and managed to do a good job of it so far.

I'm trying to run windows update and AV update, but it keep on being unable to resolve the address. I had the same problem when downloading it a malware remover earlier and ended up copying the exe to my server and downloading onto the laptop from there.

When I do a nslookup, the address and ip resolve fine, but when I do a tracert, for some addresses it sends the request to 127.0.0.1. I thought the malware might have added common sites to the hosts file and pointed them to localhost, but nothing had changed there. I also ran the Winsock resetter (winsockXPFix) and run a few commands to manually reset the tcp settings. I've checked the tracert exe and it's digitally signed by MS.

Any clues to what the problem is? Thanks.

Share this post


Link to post
Share on other sites

3 answers to this question

Recommended Posts

  • 0
TurboTuna    9

I believe you can change the location of the hosts file via the registry, i don't have the information to hand but a simple google would point you in the right direction - could be a start.

I assume you've checked for rouge proxy/dns settings?

Share this post


Link to post
Share on other sites
  • 0
zeroday    19

I didn't know about the reg key and I will check that when I get the chance. But it seems to be a pretty bad virus and told her to take it to her school and have them reinstall the OS for her, it's one of those laptops for kids schemes, and if they don't do the install, I'll do it for her.

Share this post


Link to post
Share on other sites
  • 0
zeroday    19

Well, it turns out it was a pretty nasty rootkit that wasn't picked up by the other scanners. Hid it's files (seneka.sys) and RegKeys from Windows. Found it with Rootkit Revealer (should have used it earlier) and deleted it with the the Avenger. Windows Update et al works again.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.