can ping but nothing else can get online

  • Thread starter Thread starter Raspberryjam
  • Start date Start date
R

Raspberryjam

I'm going crazy trying to figure out what happened to my family computer.
Please help me discover if its a trojan, some driver issue or what!

We're using home XP with SP2 and connecting via shaw cable and we have a
D-link router with another computer as the primary and the machine with the
problem as a secondary line. Our anti-virus is PC-cillin 2006 The primary
computer is fine and I'm using it now. Here's the details:

The morning after some late night porn viewing by my visiting nephew (!) it
was discovered that the internet wouldn't work. That was a few days ago.
Using the ping command is successful and Adaware was able to update. Spybot
had a socket error #11004. IE gives us a page not found window. The only
thing suspicious on the event viewer is in regards to iexplore.exe being a
hung application (id 1002) and an address with a lot of zeros. This is from
the approximate time, the same night, that the trouble began. I don't see
an ongoing event that could be causing the problem. Other applications, ie
games & word processing, are working the same as usual.

Anyone have any suggestions on how we may be able to fix this. What other
information can I provide to help you help me?
I'm dreading a reformat; is that where we are headed?

ps Of course I'll download firefox when I get the thing back online!
 
Raspberryjam said:
I'm going crazy trying to figure out what happened to my family computer.
snip!!
other
information can I provide to help you help me?
I'm dreading a reformat; is that where we are headed?

ps Of course I'll download firefox when I get the thing back online!

Sorry to reply to myself, but I forgot to mention that I restored the system
to an earlier date. Sadly this did not fix the problem
 
First check your firewall Programs configuration.
Look for IE and SB S&D and remove them from the list.

Run a full system virus scan with fully up-to-date definitions.

**It is very important to run the update for each program before running the app/s
to be sure you have the latest definitions.**
Run the programs in Safe Mode after assuring you have shut down all running tasks
except explorer or systray and all apps are fully up to date.
Remove your Temp Internet files: Right click IE. Under the General tab click Delete
Files, put a check in Delete all Offline..., click OK and close when finished.
Delete all files in c:\windows\temp.

Download/run Cool Web Shredder from:
http://www.intermute.com/products/cwshredder.html

For Info on Cool Web Search variants:
http://www.richardthelionhearted.com/~merijn/cwschronicles.html

Download/install/run Ad-Aware SE to detect/rid of any other parasites/spyware that
may be installed. It can be obtained free from:
http://www.lavasoftusa.com/
After installing Ad-Aware, open it and click on the ref update to get the latest
up-to-date ref file, then run Ad-Aware and delete everything it finds.

Download/install/run Spybot - Search & Destroy:
http://security.kolla.de/index.php?lang=en&page=download
Run it at it's default settings until you learn an know more about it. Spybot S&D
is more of an advanced users tool and changing from the default settings can be
dangerous to the novice user. Items found in the default settings that are RED can
usually be safely removed. If you are unsure of a found item, do not remove it and
ask for help.

If you still have problems, download/run HijackThis from:
http://www.richardthelionhearted.com/~merijn/downloads.html
http://majorgeeks.com/downloads31.html

Copy HJT to it's own folder, this is where the log files will be saved. Run HJT in
Normal Mode.
Do not remove anything with it until you get advice on what to remove, HJThis will
list many apps that are needed along with the bad ones. Removing items listed
hap-hazardly without knowing what they are can/will create a royal mess. Read the
quick start here on how to create a log file that can be copied/pasted into a forum
that can provide assistance on removal of unwanted pests.
http://mjc1.com/mirror/hjt/#quick

Then post the logs to an appropriate forum where they specialize in
spyware/hijacker removal. Please read any sticky notes for proper posting which are
most commonly posted first at the top in each specific forum. Read any information
under each forum category name for information on what that particular one is used
for, look for the proper one that you post logs to.
http://forums.spywareinfo.com/
http://aumha.net/
http://forum.aumha.org/

After running the above and assuring you have a clean machine:
It’s also a good idea to have a HOSTS file to block bad sites, scroll to HOSTS File
Manager here:
http://www.mvps.org/PracticallyNerded/Software.htm

Download/install/run SpywareBlaster which stops the badboys before they even get a
chance to install:
http://www.javacoolsoftware.com/spywareblaster.html

Once finished with the above:
Open IE and the FW should either allow or ask for permission.
If IE opens run SB S&D.

--

Brian A. Sesko { MS MVP_Shell/User }
Conflicts start where information lacks.
http://basconotw.mvps.org/

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375
 
Thanks for replying.

The firewall we use is part of PC-cillin. Are you suggesting I remove IE
and spybot from the exception list? Then what?

I did update and run adaware, but spybot couldn't connect so I ran it
without updating. PC-cillin also couldn't connect to update, so I ran it
without updating but I wasn't in safe mode. I did empty all cookies and
temporay files first. I'll run them again in safe mode.

I've never used HJT, but I'm familiar with it. I'll look for it with the
working computer and see if I can install a copy on the gimped machine.

Thanks for the advice.
 
Raspberryjam said:
Thanks for replying.

The firewall we use is part of PC-cillin. Are you suggesting I remove IE
and spybot from the exception list? Then what?

As I mentioned at the end of my response. When you open them after making sure the
machine is clean the FW should either automatically allow or prompt to allow/deny.
There is a slight possibility of corrupt permissions, hence the purpose to remove.
I did update and run adaware, but spybot couldn't connect so I ran it
without updating. PC-cillin also couldn't connect to update, so I ran it
without updating but I wasn't in safe mode. I did empty all cookies and
temporay files first. I'll run them again in safe mode.

In Safe Mode the bad apps shouldn't be running and/or thwarting any removal
attempts.
I've never used HJT, but I'm familiar with it. I'll look for it with the
working computer and see if I can install a copy on the gimped machine.

Get advice at a forum if your unsure of any entries listed in it's log, there will
be many you'll recognize which aren't bad apples.
Thanks for the advice.

You're quite welcome.

--

Brian A. Sesko { MS MVP_Shell/User }
Conflicts start where information lacks.
http://basconotw.mvps.org/

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375
 
I removed ie and spybot from the exceptions list. When I try to open the ie
browser I still get a page cannot be displayed message, but there isn't any
prompt from the firewall. Does this give some clue as to where the problem
is?

I ran both spybot and adaware in safe mode and neither found a single
problem (except for the mru list).

I got a copy of HJT and have posted a log at a well known forum. I had a
good look at the log and everything looks familiar. No weird BHOs or
protocols. It was actually a fairly short log.

Could IE be hung up somehow and causing me this grief? How to work at
finding out more about this possibility?

Thanks to all who read my woes.
 
HJT should be run in Normal mode to get a log which will reveal more than one
created in SM.
Aside from that, how was Ad-Aware able to update when you can't even get a
connection?

Open a command prompt, click Start > Run, type in: cmd and press Enter.
At the prompt type each command below and press Enter after each.
**Note: Command noted by =, Space noted by ^. Do not type the = or ^.

=ping ^ 192.168.1.1 *Routers IP, change as necessary.
If it times out then there is no communication between the router and machine.
If not then the machine communicates with the router.

=ping ^ google.com
If it times out then there is no connection to the net.
If not then net connection is established and all is well.

ping 127.0.0.1
If it fails it may be a TCP/IP stack problem.

Ping each computer from the other using the UNC:
=ping ^ computername
If it fails either way there's an IP or Name resolution problem.

If pinging times out on any address, to see if the machines IP is correct along with
other settings.
= ipconfig ^ /all
If anything isn't correct, at the prompt type and press Enter after each command (98
may be different):

=ipconfig ^ /release
=ipconfig ^ /flushdns
=ipconfig ^ /renew
=ipconfig ^ /registerdns
=exit
If that fails reopen the command prompt, run ipconfig release and flushdns only and
exit.

Shut down the machine/s.
Pull the power from the router.
Pull the power from the modem.
Wait approx 30 secs.
Apply power to the modem and wait for it to finish synchronizing with the cable.
Apply power to the router and wait for it to finish synchronizing with the modem.
Power up the machine.
The machine should now be assigned a new IP from the router.
Run ipconfig or attempt net connection to test.

--

Brian A. Sesko { MS MVP_Shell/User }
Conflicts start where information lacks.
http://basconotw.mvps.org/

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375
 
HJT was ran only in normal mode.
Not only could Ad-Aware get updates, but the ping command also works, as I
describe in the initial post in this thread. (the part where spybot gets a
socket error)
As I understand it, if the ping works, information is being exchanged so I
have a connection, but the problem seems to be something hung up or in the
way. I guess ad-aware connects in some way that isn't affected.
Any other ideas?
 
Raspberryjam said:
HJT was ran only in normal mode.
Not only could Ad-Aware get updates, but the ping command also works, as I
describe in the initial post in this thread. (the part where spybot gets a
socket error)

All you mentioned was:
<quote>
Using the ping command is successful
</quote>

Without mentioning what/where/who the ping was performed on, I have no idea if it
was on the LAN or WAN side of the router.
As I understand it, if the ping works, information is being exchanged so I
have a connection, but the problem seems to be something hung up or in the
way.

Being able to ping successfully doesn't constitute a WAN connection unless it was
performed on a WAN destination.
I guess ad-aware connects in some way that isn't affected.

Not that I'm aware of.
Any other ideas?

Plenty for what appears to be an affected system, try this first.

http://www.cexx.org/lspfix.htm

--

Brian A. Sesko { MS MVP_Shell/User }
Conflicts start where information lacks.
http://basconotw.mvps.org/

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375
 
Every ping command was successful, they were not addresses in the LAN.
Ad-aware updated. (do you think I am making this up?) The computer thinks
it is connected. The status of the connection is active, but still no
browsing online.

Does anyone have any useful suggestions?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Back
Top