How to restore access to Trend Micro and other security sites that have been blocked by malicious software infections

Support
Solution ID Last Updated
1053403 Date : 2012/02/03 Time:11:44 AM , (PST)


Product/Version Platform
Client/Server Security SMB - 3.6;HouseCall Server Edition - 6.1, HouseCall Server Edition - 6.5, HouseCall Server Edition - 6.6;OfficeScan - 10.5, OfficeScan - 8.0;PC-cillin Internet Security for Dell - 14.7, PC-cillin Internet Security for Dell - 14, PC-cillin Internet Security for Dell - 2005;ServerProtect for Microsoft Windows/Novell Netware - 5.7;Trend Micro Anti-Spyware Enterprise Edition - 3.0;Trend Micro AntiVirus plus AntiSpyware - 2008, Trend Micro AntiVirus plus AntiSpyware - 2009;Trend Micro Internet Security - 2008, Trend Micro Internet Security - 2009;Trend Micro Internet Security for Dell - 16.6;Trend Micro Internet Security Pro - 2008, Trend Micro Internet Security Pro - 2009;Worry-Free Business Security Standard/Advanced - 5.1;
Windows - 2000 Advanced Server, 2000 Advanced Server, 2000 Datacenter Server, 2000 Professional, 2000 Server, 2000 Server, 2000 Small Business Server, 2003 Compute Cluster Server, 2003 Datacenter Server, 2003 Datacenter Server Edition 64-bit, 2003 Enterprise Server, 2003 Enterprise Server, 2003 Home Server, 2003 Home Server, 2003 Small Business Server, 2003 Small Business Server, 2003 Standard Server Edition, 2003 Standard Server Edition, 2003 Standard Server Edition 64-bit, 2003 Standard Server Edition 64-bit, 2003 Storage Server, 2003 Storage Server, 2003 Web Server Edition, 2008 Datacenter Server, 2008 Enterprise Server, 2008 Standard Server Edition, Vista 32-bit, Vista 64-bit, XP Home, XP Professional

Problem Description

Recently, malicious software, also known as malware, has resorted to disabling system access to security websites in order to prevent systems from receiving security updates or downloading cleanup tools. This solution will help users to access websites that may have been blocked by malware.

Solution

Malware that blocks access to security-related websites does so by poisoning the DNS cache or modifying the system’s hosts file.

 

To restore access to these websites, you need to stop the client-side DNS cache service. You can do this using a command line or the Service Controller tool. Please see below for instructions:

 

·          

Stop the Client-Side DNS Cache Service from a Command Line:

 

 

 

1.

Click Start > Run.

 

 

 

 

2.

Type “cmd” and click OK or hit ENTER.

 

 

 

 

 

Note: When typing in text such as passwords, filenames, or commands, do not include the quotation marks.

 

 

 

 

3.

Type “net stop dnscache” and press ENTER.

 

 

 

 

4.

Type “Exit” and press ENTER.

 

 

·          

Stop the Client-Side DNS Cache Service Using Windows Services:

 

  

 

 

 

 

1.

Click Start > Run.

 

 

 

 

2.

Type “Services.msc” and click OK or hit ENTER.

 

 

 

 

 

Note: When typing in text such as passwords, filenames, or commands, do not include the quotation marks.

 

 

 

 

3.

Double-click on the DNS Client service and click Stop.

 

 

 

 

 

Note: The name of the Windows DNS Client service may also appear as Dnscache.

 

 

 

For additional details, refer to Microsoft Knowledge Base article 318803.


Note: While the DNS Cache is stopped, user’s web browsing experience may be slower than usual due to additional DNS queries needed to resolve the domain names for commonly accessed sites.


  •  Remove any erroneous entries in the system hosts file

        1.  Click Start > Run.

        2.  Type "notepad.exe %windir%\system32\drivers\etc\hosts"

        3.  Remove any line containing "trendmicro.com" in the second column.

        4.  Click File > Save.

        
            Example:
                
                

Once access to Trend Micro site is restored, users should update their products to the latest components and perform a full scan of their system to detect and remove any malware.

Once all malware has been removed, restart the DNS Cache service to restore web browsing performance.

To restart the DNS cache service, users can either restart the computer or follow one of the procedures below:

 

  • Stop the Client-Side DNS Cache service from a command line:

        1. Click Start > Run.

        2. Type "cmd" and then click OK.

        3. Type "net start dnscache" and then hit ENTER.

        4. Type "Exit" and then hit ENTER.

 

 

  • Stop the Client-Side DNS Cache service using Windows Services:

        1. Click Start > Run.

        2. Type "Services.msc" and then click OK.

        3. Double-click the DNS Client service and then click Start.

           Note: The name of the Windows DNS Client service may also appear as "Dnscache".
Rate this Solution
Did this article help you?

Please provide your comments to help us improve this solution.

 
  *This form is an automated system. General questions, technical, sales and product-related issues submitted through this form will not be answered.
 
 

Connect with us on