What happens with the stack TCP-IP?

The bottom line: sites nslooup-yatsya but not pingoud, cursing at the impossibility of detecting, in a browser, respectively, do not open. It is clear that the virus that disrupted TCP-IP. Personally, I will fly one of the functions of AVZ utility, then run cureit-Ohm.
But I wonder how this is done theoretically and practically, as the broken stack, is it possible to fix it just by your hands, so what makes the virus, provided that he was already in the system, can someone explain?
March 23rd 20 at 19:09
3 answers
March 23rd 20 at 19:11
Very broad question, there are many vectors of attack from the system. You can override settings or other routes, or to correct the Hosts file, you can modify the built-in firewall, to play with group policy. It is possible to carry out the attack on the "system services" damaging them or replace rewritten.

If the stack is corrupted, in Windoze there is a command netsh winsock reset. In theory, it restores the TCP stack if it is damaged.
there is no host, sites resaltada correctly, when you change the route pign answered that "site not available" instead of "website not found" policy and firewall-unlikely. But system service once again, and interesting. Thanks for the reply. - murl58 commented on March 23rd 20 at 19:14
March 23rd 20 at 19:13
sites nslooup-yatsya but not pinouts
two things are not related in principle

- nslooup explains the existence of the name in IPS or IPS name. and that's all. it does not check availability
Achtung! in the context of fears of malware, you can prevent and even spoofing of DNS servers (delnici the enemy down/to zaglyuchit). but DNS can compare to the instructions of the provider, or hard to score well-known Googly - 8.8.8.8/8.8.4.4

there is no host, sites resaltada correctly, when you change the route pign answered that "site not available" instead of "website not found"
it is too optimistic position. met malware that block access to hosts. and even was once such a scenario, the malware cleverly slipped a fake, it is quite civilized on the content hosts

- ping checks the availability of the site, more precisely, the host, or more precisely, its public router. very rarely, virtually eliminated for public sites, but still possible that the ping to the host just banned

- can add to the collection of weapons command tracert

I'd check with a clean system, for example the live SD Linux*, pinged would proteasyl sites, compared to the target ip that is visible under a clear and visible system failure, under system. and would pay attention to the router, if there is one. as an option - check in with net system direct connection to the provider. need to find a reference option

* (second Achtung!) - live SD build Windows, nor any, under any circumstances, cannot be considered a clean system .. only if they themselves have collected

ps AVZ to seven, inclusive, were treated great. this network stack. 8.* further, I do not remember that I ever needed this I can not comment on the risks
@vern thank you for the detailed answer, but for me it is not a problem and I don't need a solution, although I am grateful for the advice. I wanted to get a more theoretical explanation, and what's going on under the hood. But anyway, thanks that responded. - murl58 commented on March 23rd 20 at 19:16
@murl58,
what is happening there under the hood.

1 is a closed-source Microsoft
2 - you can try to read something like this https://www.piter.com/collection/all/product/vnutr... - vern commented on March 23rd 20 at 19:19
March 23rd 20 at 19:15
It would be nice to describe the network. Is your home PC behind a router? nslookup just maybe it resolvit IP provider DNS or internal DNS. not the ping can be several reasons, maybe closed, maybe LMHOSTS files and it's not TCP IP. And probably not a virus.
Is your home PC behind a router, rather a laptop. on the router directly to the wan configuration is obtained via dhcp provider, dns provider. router handing out dhcp settings. Prescription this all by hand on the computer(and googledns, in particular) doesn't change anything. From router pinged the website. With the laptop not ping. This site ya.ru his IP I know by heart, dezvoltata they are right. The laptop I did not see live, I thought to get access yesterday, but it didn't happen. Otherwise unsubscribed-help-do console commands. Hope to see him in the future and mark the closest answer. Or to write your own. Thank you - murl58 commented on March 23rd 20 at 19:18

Find more questions by tags Network administrationWindowsComputer networks