Not sure if this is a network issue or a virus, I believe the later as no other computer in my home is having this issue but this one. When I attempt to go to www.avast.com or avast.com I get a connection dropped. When I ping avast.com I get an IP of 105.94.46.61, when I ping www.avast.com I get an IP of 180.78.122.242, both of which time out. In the web browser, if I enter a valid IP address for avast, say 74.55.73.250 I can reach the site with no issues. I have tried many things, but nothing seems to solve this issue of the IP address being incorrect in the DNS, and my DNS server is the same between two different systems and one works fine, but this system keeps insisting those IP addresses and I can’t seem to get past it, which makes me think maybe I have some virus/trojan.
Have issued a route -f, changed from DHCP to static IP, etc. All with the same result, I am at my wits end on this one.
HOSTS file redirect - 127.0.0.1 check your HOSTS file using notepad or a text editor of your choice, C:\WINDOWS\system32\drivers\etc\hosts or do a search for HOSTS to find it if not there. http://en.wikipedia.org/wiki/Hosts_file
It isn’t uncommon for malware to try to block security sites, so you are looking for any line with avast.com in it.
The hosts file works on domain names, redirecting that domain to a different IP address, but the IP address would get through any attempt to redirect based on the domain name, so it sounds like hosts file redirect.
Well I had turned off LMHOSTS in the IPConfig but forgot to look at HOSTS. You where right, I looked at it, and it was filled with 100’s of redirects. I cleared them all out except 127.0.0.1 localhost and then I was able to get to avast.com.
Yes, it is a common attack point to try and stop you getting help to remove malware, though it is relatively easy to resolve (there is a different method to do this and much more difficult to get rid off). What you have to consider, is what edited the hosts file.
If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).
MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.
Yeap, should have meantioned that I already had those and they found a VUNDO trojan on that system, which I eradicated. But after that was all over I was still having the issue with trying to connect to avast, and any other site seemed to be very slow. That is when I started further efforts and found the IP address redirection, but after having worked for hours trying to solve a Media Center issue, which is how I got the virus (downloading driver updates from either ASUS, MSI, or my chassis provider) I was exhausted. Again, thanks so much for directing me to the hosts file, I am assuming at this point it was due to one of the viruses found by the scanning tools, but will keep an eye open for further activity. For now my Media Center is back operational, knock on wood.
As YoKenny mentions there are tools that directly protect the HOSTS file though I’m not too sure installing something like windows defender just to protect the HOSTS file is a worthwhile trade off.
I have never bothered trying to protect the HOSTS file, mine is empty. You could possibly change the attributes to Read only and or change the Security settings to block writing to all other than ‘The Administrator,’ but malware a) will inherit the permission of the user account or b) may have a privilege elevation tool.