Can ping the ip-Address but not the site and neither browse to it

Due to some malware or virus, I was unable to connect to any site while the connection showed "Internet Access".
On experimenting, I found that I was able to ping the I.P. address of google. But when I gave the gave the following command, it gave an error saying that there was no entry of "google.com" in the host file.

ping google.com

I figured that it was some problem with my DNS then. So I tried to open the site google by its IP address but i was still unable to do so. So i googled up on the net and came accross many solutions to similiar problems.

One was to flush the DNS, but to no avail.
Another was to tunnel away through vpn and then browse internet, but I wanted a solution not just a way to browse the internet. Whatever damage was done, it still remained.
Someone wrote that its some malware that corrupted my winsock. I don't know what winsock is, but I downloaded winsockrepair tool but it did not work out either.

Then I Came across a software Cintrepair or Complete Internet Repair. I executed it and after restarting my internet started working properly. But now I don't know what was the thing that went wrong.
Can someone tell me what could have possibly gone wrong and what is the manual way of correcting it , not through an application.

I had been thinking which forum I should post this question to. And I thought this was the most relevant forum for such a question. This is my first post in this forum so kindly tell me if I have missed any guidelines. I have tried my best to explain the situation in the most simple way.
Kindly explain the answer and please avoid using very high level language. I am not very experienced with networking and usually things go over my head. Thank You :)

Dhruv Chandhok

Posted 2014-04-08T12:02:28.073

Reputation: 175

– Philipp – 2014-04-08T12:31:29.483

Answers

Given that the problem is gone now, it is pure speculation to what the cause could be.

Often malware changes the proxy server of your internet connection to an internal component of the malware so all traffic is monitored. You can find this setting here:

1. Open your Control Panel
2. Go to Internet Options
3. Access the tab Connections
4. Click the button LAN settings
5. at the bottom, you see the Proxy Server settings. This should be unchecked and blank.

Given the comments that you tested this and with the feedback supplied, another thing that comes to mind is an edited hosts file. But given that the hosts file does not have wildcard ability, it would've been full with sites you visit often.

The hosts file is a textfile located at:

c:\windows\system32\drivers\etc

LPChip

Posted 2014-04-08T12:02:28.073

Reputation: 42 190

No, my proxy settings were intact. I had checked it that time. Further I was able to ping the ip-address. If the proxy setting had been altered, I would not be able to do so. It was definately something else. – Dhruv Chandhok – 2014-04-09T07:58:38.723

@dhruv I've added a 2nd possible answer. – LPChip – 2014-04-09T11:20:42.457

Yeah there was something with the host file. When I tried to ping "google.com", it said that there was no entry found for google.com in the host file. What does that mean? – Dhruv Chandhok – 2014-04-09T20:29:22.117

That means that it can't contact a DNS server to resolve the domain through the various stages (Gateway adress or local dns server) so it tries the hosts file. It couldn't find any reference there either. That basically concludes that it was not a hosts file either, but that the gateway adress might've been spoofed. – LPChip – 2014-04-09T21:24:33.747

But the "Obtain ip address automatically" was checked. So the gateway address would be provided by the DHCP , isn't it? – Dhruv Chandhok – 2014-04-10T07:02:37.477

Furthur as I have mentioned earlier, i was able to ping google's ip but when I tried to browse to that ip, I was unable to do that. Can we infer something from that? In which case is all this possible? – Dhruv Chandhok – 2014-04-10T07:09:35.657

As said before, the problem is gone, and that makes it really hard and speculative to what it might've been. Sorry, but I'm going to leave it at that as you can't test anything anymore. Even if you automatically get an IP doesn't necessarily say that the DNS servers are also given. You can still have an automatic IP and DNS servers are set somewhere else to override the automatic getting one. – LPChip – 2014-04-10T10:44:49.883

But if the problem was "somewhere else", ( I guess you are pointing to the DHCP server), then resetting my internet settings would have done n good. And yeah you are right somewhere, it is only speculation now. I wont get to the exact root of the problem. Never the less, this is the closest answer, and I call this answered now. – Dhruv Chandhok – 2014-04-10T13:34:05.577

When you have an unidentified malware or virus on your machine, the best solution is almost always to back up all your personal files to external media, and then reinstall the whole system from scratch.

It's the only way to be sure that the malware is gone and it is usually less work than identifying the malware, removing it manually and fixing everything it broke (and requires a lot less computing know-how).

Philipp

Posted 2014-04-08T12:02:28.073

Reputation: 242

1This is not an answer to his question. You should use comments for this kind of messages instead. – LPChip – 2014-04-08T13:55:24.247

@LPChip That's why I hate it when my answers get migrated together with a question to another stackexchange site - suddenly it gets evaluated by a different community with a completely different opinion what's right and what's wrong. – Philipp – 2014-04-08T13:59:11.530

Ah, good point. You can still correct for this though. – LPChip – 2014-04-08T14:04:30.230

1@LPChip Sorry, but I will stand by my point: When you have malware on a machine, the only good solution is to nuke it from orbit. Any attempt to reverse the damage usually takes longer and is not 100% effective. – Philipp – 2014-04-08T14:06:56.967

Oh, I agree. If you have malware, a reinstall is always a better option than to fight it, because you do not always remove all threats. In his case, the malware part is not his question but rather part of additional information to his real question: what can cause a DNS failure that is fixed by running Complete internet Repair. – LPChip – 2014-04-08T14:19:14.983

@Philipp - Thanks alot for the advice, but still my question remains unanswered. I wanted to know was it actually a DNS problem, and if it was, what might have caused it. I know we can't be 100% sure now, but I just want to know what could it have been most likely. – Dhruv Chandhok – 2014-04-09T07:52:30.297