Hot Downloads



The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: DNS problem

DNS problem 14 years 1 month ago #6101

:x Hi there,

One of my friend got a DNS problem. It's seem that his computer have been infected by spyware (I think it's romahere, control there and newdotnet, that what I found suspiscious on his computer).

The problem his that his browser do not recognise any address (like ) but the browser recognize the dns (201.154.222) for exemple. I did a ping the ms-dos and I've got a reply for 201.153.333 but not for . This computer running on windows ME. I try to remove the spyware using Spysweeper (3.0, registered) and spy bot but It keep coming and coming again. So I try deleting them manually by going directly into the registry and deleted all value related to romahere, control there and newdotnet. When I'm done, I try to erase the file related to this value (for romahere, it was 9565k3?????.exe and for control there w43435??????.exe. I was unable to delete the files, access was denied. First thing I realize, that @$%#@$ romahere and control there was back again in the registry.

I dont know if the DNS problem is directly link to that spywares but I'm pretty sure. Does someone have an idea how to solve this problem (without formating the disk). Thank you.

(I want to apologize for my bad english...)


Re: DNS problem 14 years 1 month ago #6109

Get ProcessXP from sysinternals, find the processes and kill them. Then after you kill them, delete their files and replace the files with a blank file of the same name with read only privs. Then check your registry, remove any new entries and reboot.

If this doesnt work, do the deleting from a livecd like Knoppix.
Sahir Hidayatullah. Staff - Associate Editor & Security Advisor

Re: DNS problem 14 years 1 month ago #6118

Thank you sir,

It's work perfectly and I was able to kill the process and erase them, but I had do do it in safe mode.

For the users having an DNS problem like mine related to the removal of spyware, know that this spyware cause to break you socket. When you removed the spyware from the registry and then deleted all related files on your hard disk, to replace your internet connection (who is not recognizing any DNS adress but recognizing IP adress), use winsockfix... a good utilities that will find your damages host file and repair it. Youre internet connection will now work again.

Re: DNS problem 14 years 1 month ago #6135

  • jhun
  • jhun's Avatar
  • Offline
  • Senior Member
  • Senior Member
  • Posts: 356
  • Thank you received: 0
Hi sahirh,

just a quick question. I have a knoppix cd and would like to kjnow how would i be able to delete a file from windows using this CD?..sorry i am still exploring knoppix :(

Re: DNS problem 14 years 1 month ago #6142

  • nske
  • nske's Avatar
  • Offline
  • Expert Member
  • Expert Member
  • Posts: 613
  • Thank you received: 0
If your windows partition is NTFS, you can't (I don't think that the knoppix kernel has ntfs write support as it is still experimental and dangerous).

If your windows partition is fat32, open a terminal, "su -" to root and "mount -t vfat /dev/hd*# /path/directory" Replace hd*# with your partition depending where it is, i.e. hda1 for the first partition of the primary master disk, and /path/directory with the path of a directory on the linux filesystem where you want the new partition to appear. Then you should be able to erase or write any file there, at least as root.

Re: DNS problem 14 years 1 month ago #6149

2.6 series Linux kernels support full NTFS read / write and its not experimental anymore. This means you'll need a version of Knoppix with a 2.6 series kernel -- I believe Knoppix 3.6 has the same, but will not boot it by default, you have to specify 'knoppix26' as a boottime option.

You can check what kernel you are running by doing the following:

root@BoA:~# uname -sr
Linux 2.6.9

so you can see I've got a 2.6.9 kernel running.

I don't know if it will mount your partition r/w by default, you will probably have to mount it as nske said, something along the lines of

mount /dev/hda1 /mnt/hda1 -t ntfs -w

That should mount it as read write and you can access it in /mnt/hda1

Furthermore if you have an older version of Knoppix or some problems with this method, Knoppix includes a neat system called 'CaptiveNTFS'
[ ]

It allows you to scan your NTFS partition and use the Windows NTFS drivers, so its perfectly safe.. you can try this if the kernel level NTFS support doesn't happen for some reason.

Lets take a scenario where you have a file called rada.exe, and you want to get rid of it and create a file in its place... you can do it like this:

Go to the directory where the file is
cd /mnt/hda1/WINNT/System32

Delete the file
rm rada.exe

Create a file in its place
touch rada.exe

You can also have a look at this really nice LiveCD I found that has Windows and Linux utilities, its called the Ultimate Boot CD.

Sahir Hidayatullah. Staff - Associate Editor & Security Advisor
  • Page:
  • 1
  • 2
Time to create page: 0.189 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup