Interent access problems

[gk]

OK I hvae searched and can't find this problem I am having discussed, so
here goes:

Running Windows XP Pro on Dell Latitude D800 (Laptop); 1.6mHz, 768MB
Ram; 20GB HD

After running smoothly for a while, I have been having consitent but
resolvable internet access problems. Basically, (nearly) whenever I
start up a cold start, I cannot get on the internet. At work, using LAN
and fixed TCP/IP settings, the network card is enabled and active, but
when I check status, nothing is going in either direction. At home using
a wireless card with automatic IP/DNS assignment, there is a red X
through the "Wireless Network Connection". BUT, if I do a reboot, then
at either location, 95% of the time, I can get on the internet following
1 reboot, without changing anything else. Rarely it takes 2 reboots.

Some observations:
-I cannot disable the wireless Network Connection or the Local Area
Connection when it is in the "non'access" mode. The machine usually
freezes up, and requires a con-alt-del "End Task".

-Often when restarting, the machine never finishes shuting down, and I
have to force it to shut down. This may usually only occur when I have
tried to disable a network connection, but I am not sure.

-I have tried it with Service Pack 2 installed and uninstalled. This
doesn't seem to make a difference. Currently it is uninstalled.


-Perhaps unrelated (?): Recently I was running blackice firewall (I am
not now). The computer was running OK for a while, then one evening (at
home) I got the error message:
"BLOCKING ACCESS TO THE
CORPORATE NETWORK -- Application Compliance : This is the default
blocking message".
I note one other recent post about this error message:
http://groups.google.com/groups?q="[email protected]&rnum=1
I am running a virus scan software that should be automatically updated.
I think Blackice firewall may have been responsible for this problem,
but I am not sure. Perhaps I am non-compliant,,,but at home on
Quest/MSN? I had just come from work, where everything was fine.


-Perhaps unrelated (?): I used to be able to access a network drive on a
work computer, from home, when running VPN client for my network. Now,
although I can run VPN clietn and can see the drive, I cannot do
anything with the drive. It now gives me error messages like: "Drive is
already in use".


I am wondering if I have some worm on my machine or something. Is there
a way to test for this? I just find it strange that I can solve this
problem by rebooting.

Thanks for any input.
g

 

[Chuck]

OK I hvae searched and can't find this problem I am having discussed, so
here goes:

Running Windows XP Pro on Dell Latitude D800 (Laptop); 1.6mHz, 768MB
Ram; 20GB HD

After running smoothly for a while, I have been having consitent but
resolvable internet access problems. Basically, (nearly) whenever I
start up a cold start, I cannot get on the internet. At work, using LAN
and fixed TCP/IP settings, the network card is enabled and active, but
when I check status, nothing is going in either direction. At home using
a wireless card with automatic IP/DNS assignment, there is a red X
through the "Wireless Network Connection". BUT, if I do a reboot, then
at either location, 95% of the time, I can get on the internet following
1 reboot, without changing anything else. Rarely it takes 2 reboots.

Some observations:
-I cannot disable the wireless Network Connection or the Local Area
Connection when it is in the "non'access" mode. The machine usually
freezes up, and requires a con-alt-del "End Task".

-Often when restarting, the machine never finishes shuting down, and I
have to force it to shut down. This may usually only occur when I have
tried to disable a network connection, but I am not sure.

-I have tried it with Service Pack 2 installed and uninstalled. This
doesn't seem to make a difference. Currently it is uninstalled.


-Perhaps unrelated (?): Recently I was running blackice firewall (I am
not now). The computer was running OK for a while, then one evening (at
home) I got the error message:
"BLOCKING ACCESS TO THE
CORPORATE NETWORK -- Application Compliance : This is the default
blocking message".
I note one other recent post about this error message:
http://groups.google.com/groups?q="[email protected]&rnum=1
I am running a virus scan software that should be automatically updated.
I think Blackice firewall may have been responsible for this problem,
but I am not sure. Perhaps I am non-compliant,,,but at home on
Quest/MSN? I had just come from work, where everything was fine.


-Perhaps unrelated (?): I used to be able to access a network drive on a
work computer, from home, when running VPN client for my network. Now,
although I can run VPN clietn and can see the drive, I cannot do
anything with the drive. It now gives me error messages like: "Drive is
already in use".


I am wondering if I have some worm on my machine or something. Is there
a way to test for this? I just find it strange that I can solve this
problem by rebooting.

GK,

You've got an interesting situation. You have a computer that's used at work,
and at home. And you have a VPN, and BlackIce involved too. VPNs, with the
intrusive way they attach to your network (by design), can frequently cause
problems.

Do you have a desktop support, or network support, group at work? Since your
laptop apparently contains software that supports your work environment, they
probably should be involved in diagnosing the problem.

But, if you're worried about a worm (or other spyware or viral infection), you
wouldn't be wasting your time to check that out.

Try one or more of these free online virus scans, which should complement your
current protection:
<http://www.bitdefender.com/scan/license.php>
<http://www.pandasoftware.com/activescan>
<http://www.ravantivirus.com/scan/>
<http://security.symantec.com/ssc/home.asp>
<http://housecall.trendmicro.com/housecall/start_corp.asp>

Now check for, and learn to defend against, additional problems - adware,
crapware, spyware.

Start by downloading each of the following additional free tools:
AdAware <http://www.lavasoftusa.com/>
CWShredder <http://www.majorgeeks.com/download4086.html>
CoolWWWSearch.SmartSearch (v1/v2) MiniRemoval
<http://www.majorgeeks.com/download4113.html>
HijackThis <http://www.majorgeeks.com/download.php?det=3155>
LSP-Fix and WinsockLSPFix <http://www.cexx.org/lspfix.htm>
Spybot S&D <http://www.safer-networking.org/index.php?page=download>
Stinger <http://us.mcafee.com/virusInfo/default.asp?id=stinger>

Create a separate folder for HijackThis, such as C:\HijackThis - copy the
downloaded file there. AdAware and Spybot S&D have install routines - run them.
The other downloaded programs can be copied into, and run from, any convenient
folder.

First, run Stinger. Have it remove any problems found.

Next, close all Internet Explorer and Outlook windows, and run
CoolWWWSearch.SmartSearchMiniRemoval, then CWShredder. Have the latter fix all
problems found.

Next, run AdAware. First update it ("Check for updates now"), configure for
full scan (<http://www.lavahelp.com/howto/fullscan/>), then scan. When scanning
finishes, remove all Critical Objects found.

Next, run Spybot S&D. First update it ("Search for updates"), then run a scan
("Check for problems"). Trust Spybot, and delete everything ("Fix Problems")
that is displayed in Red.

Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save the
HJT Log.
<http://forums.spywareinfo.com/index.php?showtopic=227>

Finally, have your HJT log interpreted by experts at one or more of the
following security forums (and please post a link to your forum posts, here):
Aumha: <http://forum.aumha.org/index.php>
Net-Integration: <http://forums.net-integration.net/>
Spyware Info: <http://forums.spywareinfo.com/>
Spyware Warrior: <http://spywarewarrior.com/index.php>
Tom Coyote: <http://forums.tomcoyote.org/>

If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.

And please don't contribute to the spread and success of email address mining
viruses. Learn to munge your email address properly, to keep yourself a bit
safer when posting to open forums. Protect yourself and the rest of the
internet - read this article.
http://www.mailmsg.com/SPAM_munging.htm

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

 

[wim]

-Perhaps unrelated (?): Recently I was running blackice firewall (I am

not now). The computer was running OK for a while, then one evening (at
home) I got the error message:
"BLOCKING ACCESS TO THE
CORPORATE NETWORK -- Application Compliance : This is the default
blocking message".
I note one other recent post about this error message:
http://groups.google.com/groups?q="[email protected]&rnum=1
I am running a virus scan software that should be automatically updated.
I think Blackice firewall may have been responsible for this problem,
but I am not sure. Perhaps I am non-compliant,,,but at home on
Quest/MSN? I had just come from work, where everything was fine.

Hi,

I posted the other message you pointed to.
The common thing in this is that i also have a VPN client installed
with Blackice firewall, so it must be related to this.
Now we now what to concentrate on .... perhaps we will find the
solution ...

 

[gk]

Chuck,
Thanks for the input. I do have an IT dept., but I was hoping not to
involve them. I may have to, although in the end, I wonder if it might
just be easier to wipe, reformat, and reinstall. However, this does not
solve the problem, necessarily. And thank,s for the reminder on my email
address. I usually use a fake one, but wanted a legit one in there for
this post, and forgot to change it a bit. I posted the meassage, and
realsized it might have been a good idea to change it, especially
posting to a microsoft newsgroup...

 

[Chuck]

Chuck,
Thanks for the input. I do have an IT dept., but I was hoping not to
involve them. I may have to, although in the end, I wonder if it might
just be easier to wipe, reformat, and reinstall. However, this does not
solve the problem, necessarily. And thank,s for the reminder on my email
address. I usually use a fake one, but wanted a legit one in there for
this post, and forgot to change it a bit. I posted the meassage, and
realsized it might have been a good idea to change it, especially
posting to a microsoft newsgroup...

If you have BlackIce and VPN software, IMHO you have two good options:
1) Involve your IT group (if you wish to continue using the VPN this is
essential for everybody's sake).
2) Reformat and re install, if you can do without the VPN in the future.

But if there's any chance you got an infection somehow, the first thing you
should do is a good security check. Start with cleaning procedures I gave, then
protect yourself in the future. Whether or not you plan to reformat and re
install.

Harden your browser. There are various websites which will check for
vulnerabilities, here are three which I use.
http://www.jasons-toolbox.com/BrowserSecurity/
http://bcheck.scanit.be/bcheck/
https://testzone.secunia.com/browser_checker/

Block Internet Explorer ActiveX scripting from hostile websites (Restricted
Zone).
<https://netfiles.uiuc.edu/ehowes/www/main.htm> (IE-SpyAd)

Block known dangerous scripts from installing.
<http://www.javacoolsoftware.com/spywareblaster.html>

Block known spyware from installing.
<http://www.javacoolsoftware.com/spywareguard.html>

Make sure that the spyware detection / protection products that you use are
reliable:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Harden your operating system. Check at least monthly for security updates.
http://windowsupdate.microsoft.com/

Block possibly dangerous websites with a Hosts file. Three Hosts file sources I
use:
http://www.accs-net.com/hosts/get_hosts.html
http://www.mvps.org/winhelp2002/hosts.htm
(The third is included, and updated, with Spybot (see above)).

Maintain your Hosts file (merge / eliminate duplicate entries) with:
eDexter <http://www.accs-net.com/hosts/get_hosts.html>
Hostess <http://accs-net.com/hostess/>

Secure your operating system, and applications. Don't use, or leave activated,
any accounts with names or passwords with trivial (guessable) values. Don't use
an account with administrative authority, except when you're intentionally doing
administrative tasks.

Use common sense. Yours. Don't install software based upon advice from unknown
sources. Don't install free software, without researching it carefully. Don't
open email unless you know who it's from, and how and why it was sent.

Educate yourself. Know what the risks are. Stay informed. Read Usenet, and
various web pages that discuss security problems. Check the logs from the other
layers regularly, look for things that don't belong, and take action when
necessary.

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

 

[gk]

Well, I just removed VPN client and have eliminated my networking
problems (other than the fact that I can't get secure remote access). I
think maybe therre is a config. issue with it or something, and am
guessing that VPN and balckice were interacting in a weird way, as you
suggested. I am going to reinstall and see what happens, then hand it
over to IT and let them figure it out...