Question : Pinging valid URL returns localhost 127.0.0.1

My wife recently installed a nasty bit of spyware/virus. (Thank you MySpace)
I have managed to completely clean out the spyware and viruses and receive a clean bill of health from Avast, Symantec, Lavasoft, SpyNoMore and Spybot.

The remaining issue is that when I ping or try to browse common AV sites such as ESET.com or trendmicro I am unable to browse to them and a ping returns localhost 127.0.0.1

This POS is obviously much smarter than I am because I have:

1.      Checked the hosts and lmhosts files for erroneous entries
2.      Scanned my entire PC for extra hosts files
3.      Checked IE for Proxy settings.
4.      Verified HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath is %SystemRoot%\System32\drivers\etc
5.      Ran SFC /scannow
6.      Ran a XP repair

I am completely out of ideas now. I hate to completely wipe and rebuild. What else is there that could redirect a ping to eset.com to localhost?

Answer : Pinging valid URL returns localhost 127.0.0.1

I finally got it.

The issue was a rootkit called CPLDRIVER

I'm ignorant on rootkits, but it somehow escaped detection from Avast, Symantec, Lavasoft, SpyNoMore Hijackthis and Spybot!

I had to download a utility called UnHackMe http://greatis.com/unhackme/ which detected the rootkit startup

I was then finally able to connect to Eset.com which cleaned off 5 viruses planted by this thing.

Nasty Nasty Nasty.
Random Solutions  
 
programming4us programming4us