Also Internet gone and IP appears modified? Virus or Hack?

[RB]

I think one of our users has contracted a virus or has
been hacked but I can not identify nor fix it. System is
W-XP Pro with dsl connection. User is a strong user of
iMesh to download stuff. Also appears that they have
installed spybot even thought I already had Norton AV
2004 loaded. I am expereience the following symptoms;

Can no longer connect to internet. Although dhcp services
are expected to occur and obtain automatically is
selected, the device (linksys router) does not appear to
be issuing an ip address or it is getting overridden.
Instead, only if I do an IPCONFIG do I see another ip
that seems to be overriding the dhcp services. 64...
instead of 192...

System is extrewmely slow.

I can not seem to activate the firewall. An error pops up
stating that there was an error when attempting to change
INternet Connection Sharing settings. (Going from memory.

I've tried to manually assign an IP address within the
series ie 192.168.1.199 and ping external sites. Although
I can ping internal connected pcs (attached to the
linksys) I always get host unreachable or invalid name
when attempting external destination. IPCONFIG shows new
IP I hard assigned but still no internet access.

Norton seems so slow that on reboot, it almost appears to
start sometimes and others ... it either takes so long
(5 - 10 minutes) or it just doesn't seem to appear (it
may be that I am becoming impatient).

I have uninstalled imesh and spybot although spybot
remnants appear to remain.

Any suggestions... Definitely a cry for help at htis
point.

- rb

 

[CheshireCat]

Firstly, dont use the XP firewall on a pc unless it's directly connected to
a modem. Use somebody elses instead.
When you say "> that seems to be overriding the dhcp services. 64..." do you
actually mean it shows IP 164.254.x.x? If so then that means your xp pc
searched for DHCP but couldn't find it.
If you assign a static IP to your xp, you'll need to provide DNS server
information too. (usually this is automatically set up during dhcp
discovery). That's why you can't see the external network.

Spybot and antivirus packages don't do the same thing. Spybot is pretty
useful for getting rid of spyware.

What connections do you have listed in your "network connections"? Can you
post a list back here please.
Also, do an "IPconfig /all > c:\myip.txt " and post the contents of
c:\myip.txt here too
Have you tried reinstalling your network?

 

[Himanshu Gohel]

Can no longer connect to internet. Although dhcp services are expected to
occur and obtain automatically is selected, the device (linksys router)
does not appear to be issuing an ip address or it is getting overridden.
Instead, only if I do an IPCONFIG do I see another ip that seems to be
overriding the dhcp services. 64... instead of 192...

Are you on a wireless network? Did you recently intall hotfix 826942? If
so, that seems to activate WPA instead of WEP which caused very similar
problems for me. Either you can run a firmware update on your hardware to
enable WPA, or you can backout the patch if you have a wireless network,
which solved the problem for me.

Please followup to the group.

Himanshu