|
Question : Pinging valid URL returns localhost 127.0.0.1
|
|
My wife recently installed a nasty bit of spyware/virus. (Thank you MySpace) I have managed to completely clean out the spyware and viruses and receive a clean bill of health from Avast, Symantec, Lavasoft, SpyNoMore and Spybot.
The remaining issue is that when I ping or try to browse common AV sites such as ESET.com or trendmicro I am unable to browse to them and a ping returns localhost 127.0.0.1
This POS is obviously much smarter than I am because I have:
1. Checked the hosts and lmhosts files for erroneous entries 2. Scanned my entire PC for extra hosts files 3. Checked IE for Proxy settings. 4. Verified HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath is %SystemRoot%\System32\drivers\etc 5. Ran SFC /scannow 6. Ran a XP repair
I am completely out of ideas now. I hate to completely wipe and rebuild. What else is there that could redirect a ping to eset.com to localhost?
|
Answer : Pinging valid URL returns localhost 127.0.0.1
|
|
I finally got it.
The issue was a rootkit called CPLDRIVER
I'm ignorant on rootkits, but it somehow escaped detection from Avast, Symantec, Lavasoft, SpyNoMore Hijackthis and Spybot!
I had to download a utility called UnHackMe http://greatis.com/unhackme/ which detected the rootkit startup
I was then finally able to connect to Eset.com which cleaned off 5 viruses planted by this thing.
Nasty Nasty Nasty.
|
|
|
|