I have a Windows XP home workstation that cannot browse the Internet. I
have verifed the IP configuration, including DNS addresses. I can
sucessfully ping my local address, gateway, and remote host. I can resolve
domain names with the nslookup utility. Yet, I cannot browse by entering
either a domain name or known web server IP address as a URL.
The one strange symptom that I see is that I the ping utility has strange
charachters that show up. The first line after you hit enter is supposed to
say: "pinging 127.0.0.1 with 32 bytes of data" However, rather than
displaying the IP address is has a solid right arrow symbol. Also in the
line that states: "Ping statistics for 127.0.0.1:" the IP address is
replaced by random ASCII characters.
I have performed a full virus scan, and performed mal-ware scan with spybot
S&D and ad-aware. Mutliple mal-war items were fixed.
Any suggestions?
thanks,
Bryan
Bryan,
You did update Spybot before scanning?
Possible Winsock corruption. DNS resolution ("random ASCII characters") is
affected by the LSP / Winsock subsystem.
http://support.microsoft.com/?id=318584
http://support.microsoft.com/?id=811259
Give LSP-Fix and WinsockLSPFix a shot <
http://www.cexx.org/lspfix.htm>
Do you have XP SP2? Start - Run - "cmd". Type "netsh winsock reset catalog"
into the command window.
Then reset TCP/IP.
http://support.microsoft.com/?id=299357
Start - Run - "cmd". Type "netsh int ip reset c:\netsh.txt" into the command
window.
Reboot afterwards.
Then do an extended malware check. Spybot is good, but it may not be the only
tool needed. Look for a hosts based hijack first.
Search your entire system drive, including hidden and system folders, for file
"hosts". There is one legit copy, in C:\WINDOWS\system32\drivers\etc\. The
others are possibly bogus, and part (but just part) of the problem. Examine the
contents of each copy found, using Notepad. (HINT: Scroll to the end of each
Hosts file, by hitting Ctrl-End, then back up to the top, page by page, before
deciding that the file is empty. Look out for blank lines at the beginning and
end of the file, after localhost, placed there by an exploit!)
Try one or more of these free online virus scans, which should complement your
current protection:
<
http://www.bitdefender.com/scan/license.php>
<
http://www.pandasoftware.com/activescan>
<
http://www.ravantivirus.com/scan/>
<
http://security.symantec.com/ssc/home.asp>
<
http://housecall.trendmicro.com/housecall/start_corp.asp>
Now check for, and learn to defend against, additional problems - adware,
crapware, spyware.
Start by downloading each of the following additional free tools:
AdAware <
http://www.lavasoftusa.com/>
CWShredder <
http://www.majorgeeks.com/download4086.html>
CoolWWWSearch.SmartSearch (v1/v2) MiniRemoval
<
http://www.majorgeeks.com/download4113.html>
HijackThis <
http://www.majorgeeks.com/download.php?det=3155>
LSP-Fix and WinsockLSPFix <
http://www.cexx.org/lspfix.htm>
Stinger <
http://us.mcafee.com/virusInfo/default.asp?id=stinger>
Create a separate folder for HijackThis, such as C:\HijackThis - copy the
downloaded file there. AdAware and Spybot S&D have install routines - run them.
The other downloaded programs can be copied into, and run from, any convenient
folder.
First, run Stinger. Have it remove any problems found.
Next, close all Internet Explorer and Outlook windows, and run
CoolWWWSearch.SmartSearchMiniRemoval, then CWShredder. Have the latter fix all
problems found.
Next, run AdAware. First update it ("Check for updates now"), configure for
full scan (<
http://www.lavahelp.com/howto/fullscan/>), then scan. When scanning
finishes, remove all Critical Objects found.
Next, run Spybot S&D again. First update it ("Search for updates"), then run a
scan ("Check for problems"). Trust Spybot, and delete everything ("Fix
Problems") that is displayed in Red.
Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save the
HJT Log.
<
http://forums.spywareinfo.com/index.php?showtopic=227>
Finally, have your HJT log interpreted by experts at one or more of the
following security forums (and please post a link to your forum posts, here):
Aumha: <
http://forum.aumha.org/index.php>
Net-Integration: <
http://forums.net-integration.net/>
Spyware Info: <
http://forums.spywareinfo.com/>
Spyware Warrior: <
http://spywarewarrior.com/index.php>
Tom Coyote: <
http://forums.tomcoyote.org/>
If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.
Finally, improve your chances for the future.
Harden your browser. There are various websites which will check for
vulnerabilities, here are three which I use.
http://www.jasons-toolbox.com/BrowserSecurity/
http://bcheck.scanit.be/bcheck/
https://testzone.secunia.com/browser_checker/
Block Internet Explorer ActiveX scripting from hostile websites (Restricted
Zone).
<
https://netfiles.uiuc.edu/ehowes/www/main.htm> (IE-SpyAd)
Block known dangerous scripts from installing.
<
http://www.javacoolsoftware.com/spywareblaster.html>
Block known spyware from installing.
<
http://www.javacoolsoftware.com/spywareguard.html>
Make sure that the spyware detection / protection products that you use are
reliable:
http://www.spywarewarrior.com/rogue_anti-spyware.htm
Harden your operating system. Check at least monthly for security updates.
http://windowsupdate.microsoft.com/
Block possibly dangerous websites with a Hosts file. Three Hosts file sources I
use:
http://www.accs-net.com/hosts/get_hosts.html
http://www.mvps.org/winhelp2002/hosts.htm
(The third is included, and updated, with Spybot (see above)).
Maintain your Hosts file (merge / eliminate duplicate entries) with:
eDexter <
http://www.accs-net.com/hosts/get_hosts.html>
Hostess <
http://accs-net.com/hostess/>
Secure your operating system, and applications. Don't use, or leave activated,
any accounts with names or passwords with trivial (guessable) values. Don't use
an account with administrative authority, except when you're intentionally doing
administrative tasks.
Use common sense. Yours. Don't install software based upon advice from unknown
sources. Don't install free software, without researching it carefully. Don't
open email unless you know who it's from, and how and why it was sent.
Educate yourself. Know what the risks are. Stay informed. Read Usenet, and
various web pages that discuss security problems. Check the logs from the other
layers regularly, look for things that don't belong, and take action when
necessary.
And Bryan, please don't contribute to the spread and success of email address
mining viruses. Learn to munge your email address properly, to keep yourself a
bit safer when posting to open forums. Protect yourself and the rest of the
internet - read this article.
http://www.mailmsg.com/SPAM_munging.htm
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
