No web connect after SP2 Update

[Doug Kanter]

Why isn't anything easy?

Working on a friend's Compaq Presario (the world ugliest computer). Her
teenage son had done everything possible to screw it up. Many kinds of
spyware, 2 viruses, machine was a mess. So, my friend said "The hell with
it....let's start from scratch". Used the Compaq restore disk to reformat &
reinstall XP Home. Installed ZoneAlarm (free version) next, everything
worked fine. Did all MS updates EXCEPT SP2 (ran out of time & energy on the
first night). Everything worked fine.

Did the SP2 update (using Windows Update from the start menu). No glitches
during install, but now, I cannot access the internet. When I did the SP2
update on two other machines, I did NOT have this problem. Before I start
poking around, can anyone offer a clue, or tell me which fork in the road to
take?

By the way, I tried shutting down ZoneAlarm, even though it did NOT indicate
that it had blocked anything outbound, like IE, but doing this made no
difference. Uninstalled ZA, at which point the Windows firewall kicked in.
Disabled THAT while figuring this out. And, there is no AV software
installed yet. Just a clean machine. Almost.

-Doug

 

[Robert Jacobs]

How are you connected to the ethernet? Dialup? Bradband? USB or Ethernet
connection....So on so on...

If broadband modem, did you setup the computer with the username and
password if using PPOE ISP?
Need alot more info to help...

 

[K]

It won't be clean for long! In a article from the Jan. 05 edition of Maximum
PC magazine, about exposing a unprotected computer to the internet. It took
an average of 4 min. for the computer to get infected.

"Doug Kanter" >...

 

[Doug Kanter]

I know. Another estimate said 20 minutes. But, everyone I've consulted has
asked about what firewall I was running, and then stuffed cotton in their
ears, as if a firewall was the source of all problems. So, I uninstalled it
so I could be perfectly honest with the dolts who ask that question.

Remember, years ago, when any time you'd call various tech support sources
with problems, they'd say "Delete your OS and start from scratch"? Same
dolts.

 

[Steve Winograd [MVP]]

Why isn't anything easy?

Working on a friend's Compaq Presario (the world ugliest computer). Her
teenage son had done everything possible to screw it up. Many kinds of
spyware, 2 viruses, machine was a mess. So, my friend said "The hell with
it....let's start from scratch". Used the Compaq restore disk to reformat &
reinstall XP Home. Installed ZoneAlarm (free version) next, everything
worked fine. Did all MS updates EXCEPT SP2 (ran out of time & energy on the
first night). Everything worked fine.

Did the SP2 update (using Windows Update from the start menu). No glitches
during install, but now, I cannot access the internet. When I did the SP2
update on two other machines, I did NOT have this problem. Before I start
poking around, can anyone offer a clue, or tell me which fork in the road to
take?

By the way, I tried shutting down ZoneAlarm, even though it did NOT indicate
that it had blocked anything outbound, like IE, but doing this made no
difference. Uninstalled ZA, at which point the Windows firewall kicked in.
Disabled THAT while figuring this out. And, there is no AV software
installed yet. Just a clean machine. Almost.

-Doug

Running two firewalls simultaneously is likely to cause problems.
Disable the Internet Connection Firewall (original, SP1) or Windows
Firewall (SP2) immediately after installing a firewall like ZA.

I've seen ZA cause problems on XP. Shutting down ZA didn't help.
Un-installing ZA was necessary.

Can the computer ping a web site by IP address and by name? Try:

ping 216.239.39.99
ping google.com

If the first succeeds and the second fails, there's a DNS problem. If
they both fail, try these steps to fix the problem:

1. Go to Start | Run | Msconfig | Startup and disable any remnants of
ZoneAlarm that the un-install procedure didn't remove.

2.Type this line at a command prompt: netsh winsock reset catalog
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

 

[Doug Kanter]

Running two firewalls simultaneously is likely to cause problems.
Disable the Internet Connection Firewall (original, SP1) or Windows
Firewall (SP2) immediately after installing a firewall like ZA.

I've seen ZA cause problems on XP. Shutting down ZA didn't help.
Un-installing ZA was necessary.

Can the computer ping a web site by IP address and by name? Try:

ping 216.239.39.99
ping google.com

If the first succeeds and the second fails, there's a DNS problem. If
they both fail, try these steps to fix the problem:

1. Go to Start | Run | Msconfig | Startup and disable any remnants of
ZoneAlarm that the un-install procedure didn't remove.

2.Type this line at a command prompt: netsh winsock reset catalog

Steve:
Thanks for the info. I'll be trying your suggestions later today. Meanwhile,
a question about the Windows firewall. When SP2 was first released, the
computer press claimed that it does little or nothing to control OUTBOUND
nasties - things on the computer that want to communicate with the outside
world without asking first. Is this true?

 

[Steve Winograd [MVP]]

Steve:
Thanks for the info. I'll be trying your suggestions later today. Meanwhile,
a question about the Windows firewall. When SP2 was first released, the
computer press claimed that it does little or nothing to control OUTBOUND
nasties - things on the computer that want to communicate with the outside
world without asking first. Is this true?

Windows Firewall only blocks undesired incoming traffic. It has no
effect on outgoing traffic. If protection from undesired outgoing
traffic is important to you, use a software firewall like ZoneAlarm,
Sygate, Norton, etc.

As I understand it, Microsoft believes that a computer with undesired
outgoing traffic (from viruses, spyware, Trojan horses, etc) is too
badly compromised for a firewall to make a significant difference.
The nasties have probably already caused other damage that a firewall
can't fix.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

 

[Doug Kanter]

Windows Firewall only blocks undesired incoming traffic. It has no
effect on outgoing traffic. If protection from undesired outgoing
traffic is important to you, use a software firewall like ZoneAlarm,
Sygate, Norton, etc.

As I understand it, Microsoft believes that a computer with undesired
outgoing traffic (from viruses, spyware, Trojan horses, etc) is too
badly compromised for a firewall to make a significant difference.
The nasties have probably already caused other damage that a firewall
can't fix.

MS is correct....unless there are kids in the house. In that case, there may
a problem that exists for a few hours until an adult can deal with it.
Fortunately, my 15 yr old son learned his lesson when he made his PC
inoperable, and I decided to leave it that way for a week.

 

[Chuck]

MS is correct....unless there are kids in the house. In that case, there may
a problem that exists for a few hours until an adult can deal with it.
Fortunately, my 15 yr old son learned his lesson when he made his PC
inoperable, and I decided to leave it that way for a week.

There's something Microsoft and I agree on. If the spyware gets onto your
computer in the first place, you've already lost the battle. Layer your
defenses. Don't let the spyware get as far as attempting to call home.

Careful, Doug. My neighbor tried that with her daughter, and the daughter
learned to fix it herself.

And Doug, posting your email address openly will get you more unwanted email,
than wanted email. Learn to munge your email address properly, to keep yourself
a bit safer when posting to open forums. Protect yourself and the rest of the
internet - read this article.
http://www.mailmsg.com/SPAM_munging.htm

--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.

 

[Doug Kanter]

There's something Microsoft and I agree on. If the spyware gets onto your
computer in the first place, you've already lost the battle. Layer your
defenses. Don't let the spyware get as far as attempting to call home.

I agree. On my own machine, it's never happened. One way I've achieved this
is by prohibiting ALL other users on the machine, since it runs my business.
I've seen too many instances of people saying "Something weird's happening
and I SWEAR I didn't open/download/click anything". Yeah. Right.

Careful, Doug. My neighbor tried that with her daughter, and the daughter
learned to fix it herself.

That's OK. He's learned how not to catch these diseases by now.

And Doug, posting your email address openly will get you more unwanted
email,
than wanted email. Learn to munge your email address properly, to keep
yourself
a bit safer when posting to open forums. Protect yourself and the rest of
the
internet - read this article.

The hotmail address is a crap-catcher. I don't care what ends up there. What
amazes me, though, is that the fake MS security emails are still flying
around. That must mean there are people who live in caves and still haven't
heard about that scam.

 

[Steve Winograd [MVP]]

I agree. On my own machine, it's never happened. One way I've achieved this
is by prohibiting ALL other users on the machine, since it runs my business.
I've seen too many instances of people saying "Something weird's happening
and I SWEAR I didn't open/download/click anything". Yeah. Right.

I agree, Doug. See the topic "Preventing the Kids from Messing Up
Your Computer" in my October 2004 client newsletter:

http://www.bcmaven.com/newsletters/october2004.htm

The hotmail address is a crap-catcher. I don't care what ends up there. What
amazes me, though, is that the fake MS security emails are still flying
around. That must mean there are people who live in caves and still haven't
heard about that scam.

I've posted news group messages using the same real E-mail address for
several years. Pobox.com has topnotch spam filters and blacklists
that stop the spam, let the real messages through, and almost never
make a mistake.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

 

[Doug Kanter]

I agree, Doug. See the topic "Preventing the Kids from Messing Up
Your Computer" in my October 2004 client newsletter:

http://www.bcmaven.com/newsletters/october2004.htm


I've posted news group messages using the same real E-mail address for
several years. Pobox.com has topnotch spam filters and blacklists
that stop the spam, let the real messages through, and almost never
make a mistake.

I guess I could go check it out, but it's easier to ask you: Does pobox.com
allow for access using OE, or is it just web-based?

 

[Chuck]

I've posted news group messages using the same real E-mail address for
several years. Pobox.com has topnotch spam filters and blacklists
that stop the spam, let the real messages through, and almost never
make a mistake.

The problem is not you or me, the problem is the naive ones who see your post as
an example, without realising what precautions you take to make it safe.

The naive ones are the ones who then post with their actual email address, get
more malicious spam in their Inbox, and don't know to not open it or to not
click on the link inside. They get infected with the latest worm, and provide
yet another bot delivering still more spam to your email box, further
overloading your email server and bringing the spam load closer to the predicted
90% level.

Please don't be a bad example to the naive users.

--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.

 

[Doug Kanter]

The problem is not you or me, the problem is the naive ones who see your
post as
an example, without realising what precautions you take to make it safe.

The naive ones are the ones who then post with their actual email address,
get
more malicious spam in their Inbox, and don't know to not open it or to
not
click on the link inside. They get infected with the latest worm, and
provide
yet another bot delivering still more spam to your email box, further
overloading your email server and bringing the spam load closer to the
predicted
90% level.

Please don't be a bad example to the naive users.

There's a setting on OE which says (and I have embellished a bit) "Any time
you reply, put the recipient in your address book. This way, when YOU get a
virus that spreads via the address book, you can infect not just the 4
people in your life, but the 183 you've responded to just once, each, over
the past 3 years, and then forgotten about".

Is that on by default with a fresh installation? If yes, someone at MS needs
to be taken out behind a dumpster for a little kneecap redesign.

 

[Steve Winograd [MVP]]

I guess I could go check it out, but it's easier to ask you: Does pobox.com
allow for access using OE, or is it just web-based?

Pobox.com is a forwarding service that forwards messages to one or
more E-mail addresses that you specify. So you can use it with
web-based accounts (Yahoo, Gmail, Hotmail) and with OE, Outlook,
Mozilla Thunderbird, Eudora, etc.

I forward my messages to both a web-based account and a POP3 account.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

 

[Steve Winograd [MVP]]

The problem is not you or me, the problem is the naive ones who see your post as
an example, without realising what precautions you take to make it safe.

The naive ones are the ones who then post with their actual email address, get
more malicious spam in their Inbox, and don't know to not open it or to not
click on the link inside. They get infected with the latest worm, and provide
yet another bot delivering still more spam to your email box, further
overloading your email server and bringing the spam load closer to the predicted
90% level.

Please don't be a bad example to the naive users.

If you're saying that I'm a bad example to naive users, Chuck, I
disagree.

I agree that spam sent to addresses in news group messages is a real
problem. I described my solution: using a real E-mail address that
has topnotch spam filtering and blacklists. Some people might want to
use your solution of disguising their address. Some people might have
a different solution. There's no single solution that's right for
everyone.

You don't need to delete my address from your reply. As I said, I've
been using it in news groups for years. Pobox's blacklists reject
about 90% of the spam that I receive, and its spam filters trap the
rest. I only spend about one minute a day looking through my
messages.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

 

[Doug Kanter]

Running two firewalls simultaneously is likely to cause problems.
Disable the Internet Connection Firewall (original, SP1) or Windows
Firewall (SP2) immediately after installing a firewall like ZA.

I've seen ZA cause problems on XP. Shutting down ZA didn't help.
Un-installing ZA was necessary.

Can the computer ping a web site by IP address and by name? Try:

ping 216.239.39.99
ping google.com

If the first succeeds and the second fails, there's a DNS problem. If
they both fail, try these steps to fix the problem:

1. Go to Start | Run | Msconfig | Startup and disable any remnants of
ZoneAlarm that the un-install procedure didn't remove.

Time for an update on the computer from hell. I've reformatted & renovated
about 30 machines thus far. Never anything like this.

1) Found a few remnants of ZA in the registry, but nothing in msconfig's
startup tab. By the way, there were not two firewalls running
simultaneously. Windows recognizes the presence of ZoneAlarm, but even so, I
checked the control thing for the Windows firewall. It was off. But, never
mind....see below.

2) Able to ping both address you suggested with no problem.
3) Tried your suggestion: "netsh winsock reset catalog". Whatever it did, it
didn't help, although it looks interesting enough that I've stuck a note in
my 300 lb XP textbook to learn more about it.

At 10:00 tonight, I decided I had a choice to make: Keep dickin' around with
this machine in its current state, or start from scratch. I chose "B". Stuck
in the Compaq restore disk, wiped the HD clean, and got as far as the first
round of MS updates. The machine still connects via DSL, nice & fast.
However, this time, new spooks have arisen:

1) I'm seeing popup windows even when IE is ***NOT RUNNING*** (or at least
*I* haven't started it).
2) Went for the second round of MS updates and I'm getting multiple script
errors from the Windows Update site. Can't get past the "checking for
updates" screen. This did NOT happen when I started from scratch with the
machine two days ago.
3) Unlocked the gun safe, pulled out my favorite handgun, and prepared to
murder the CPU. Decided to go to sleep and reconsider the idea, since it
belongs to my ex-wife's cousin and I have enough friction to deal with
because everyone in her family is supposed to dislike me.

I'll let you know what happens tomorrow.

 

[Chuck]

There's a setting on OE which says (and I have embellished a bit) "Any time
you reply, put the recipient in your address book. This way, when YOU get a
virus that spreads via the address book, you can infect not just the 4
people in your life, but the 183 you've responded to just once, each, over
the past 3 years, and then forgotten about".

Is that on by default with a fresh installation? If yes, someone at MS needs
to be taken out behind a dumpster for a little kneecap redesign.

That, along with "Hide extensions for known file types".

A lot of folks were really naive when the internet was designed. Microsoft
followed in their footsteps. Who knew then what evil lurked in the minds?

I don't use Lookout Distress, or even regular LookOut. I know those who do
though. %(

--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.

 

[Bob Dietz]

Disconnect the DSL cable.
Reinstall windows and TURN ON THE FIREWALL.
Reconnect the DSL cable.
Do windows updates and ...