Malware that blocks access to security-related websites does so by poisoning the DNS cache or modifying the system’s hosts file.
To restore access to these websites, you need to stop the client-side DNS cache service. You can do this using a command line or the Service Controller tool. Please see below for instructions:
Stop the Client-Side DNS Cache Service from a Command Line
- Click Start > Run.
- Type “cmd” and click OKor hit ENTER.
When typing in text such as passwords, filenames, or commands, do not include the quotation marks.
- Type “net stop dnscache” and press ENTER.
- Type “Exit” and press ENTER.
Stop the Client-Side DNS Cache Service Using Windows Services
- Click Start > Run.
- Type “Services.msc” and click OKor hit ENTER.
When typing in text such as passwords, filenames, or commands, do not include the quotation marks.
- Double-click on the DNS Client service and click Stop.
The name of the Windows DNS Client service may also appear as Dnscache.
For additional details, refer to Microsoft Knowledge Base article 318803.
Remove any erroneous entries in the system hosts file
- Click Start > Run.
- Type "notepad.exe %windir%\system32\drivers\etc\hosts".
- Remove any line containing "trendmicro.com" in the second column.
- Click File > Save.
Example:
Once access to Trend Micro site is restored, users should update their products to the latest components and perform a full scan of their system to detect and remove any malware.
Once all malware has been removed, restart the DNS Cache service to restore web browsing performance.
To restart the DNS cache service, users can either restart the machine or follow one of the procedures below:
Stop the Client-Side DNS Cache service from a command line
- Click Start > Run.
- Type "cmd" and then click OK.
- Type "net start dnscache" and then hit ENTER.
- Type "Exit" and then hit ENTER.
Stop the Client-Side DNS Cache service using Windows Services
- Click Start > Run.
- Type "Services.msc" and then click OK.
- Double-click the DNS Client service and then click Start.