I have an old Dell machine running Windows XP which attaches to my home LAN.
This had been running fine for a year +. For reasons I don’t understand, the
network connectivity stopped working yesterday. I had not changed anything
(the LAN connects to a Router and has DNS enabled to provide each PC on my
network with IP address).
The connection to my Dell is through a UBS/Internet connector (“EtherFast”)
. To check that the EtherFast connector had not broken, I carried over my
Portable Compaq PC and connected to the connector and had no problem being
recognized on the network, getting IP address etc. I have carefully checked
all the TCP/IP properties etc on the Dell and they are identical to the
Compaq. In addition, I checked that the USB port on my Dell was still
operative.
Now, here is the strange bit. When I “ping” the Router from the cmd prompt
on my Dell, the dialog I get in response to >ping 192.168.0.1 is “pinging --
with 32 bytes of data” and then times out with no response (where – is
actually an inverted triangle symbol). Even when I do the loop back test
(which does work on the Dell) with >ping 127.0.0.1 I get a message back with
“pinging ** with 32 bytes of data” (where ** is another symbol). SO, the
only thing I have to work with to try & understand what the underlying
problem is is this weirdness I get when I try “pinging”.
Any ideas/suggestions would be very welcome !
Peter,
This looks like a DNS or hosts file problem.
DNS resolution is affected by the LSP / Winsock subsystem.
http://support.microsoft.com/?id=318584
http://support.microsoft.com/?id=811259
Give LSP-Fix and WinsockXPFix <
http://www.cexx.org/lspfix.htm>, or WinsockFix
<
http://www.tacktech.com/display.cfm?ttid=257> a shot.
If XP SP2, Start - Run - "cmd". Type "netsh winsock reset catalog" into the
command window.
Search your entire system drive, including hidden and system folders, for file
"hosts". There is one legit copy, in C:\WINDOWS\system32\drivers\etc\ (for
Windows NT/2000/XP, for instance). The others are possibly bogus, and part (but
just part) of the problem.
Examine the contents of each copy of "hosts" found, using Notepad. Scroll to the
end of each Hosts file, by hitting Ctrl-End, then back up to the top, page by
page, before deciding that any "hosts" file is empty. Look out for blank lines
at the beginning and end of the file, after localhost, placed there by an
exploit!
How current is your virus protection? Try one or more of these free online
virus scans, which should complement your current protection:
<
http://www.bitdefender.com/scan/license.php>
<
http://www.pandasoftware.com/activescan>
<
http://www.ravantivirus.com/scan/>
<
http://security.symantec.com/ssc/home.asp>
<
http://housecall.trendmicro.com/housecall/start_corp.asp>
Now check for, and learn to defend against, additional problems - adware,
crapware, spyware.
Start by downloading each of the following additional free tools:
AdAware <
http://www.lavasoftusa.com/>
CWShredder <
http://www.majorgeeks.com/download4086.html>
CoolWWWSearch.SmartSearch (v1/v2) MiniRemoval
<
http://www.majorgeeks.com/download4113.html>
HijackThis <
http://www.majorgeeks.com/download.php?det=3155>
LSP-Fix and WinsockXPFix <
http://www.cexx.org/lspfix.htm>
Spybot S&D <
http://www.safer-networking.org/index.php?page=download>
Stinger <
http://us.mcafee.com/virusInfo/default.asp?id=stinger>
Create a separate folder for HijackThis, such as C:\HijackThis - copy the
downloaded file there. AdAware and Spybot S&D have install routines - run them.
The other downloaded programs can be copied into, and run from, any convenient
folder.
First, run Stinger. Have it remove any problems found.
Next, close all Internet Explorer and Outlook windows, and run
CoolWWWSearch.SmartSearchMiniRemoval, then CWShredder. Have the latter fix all
problems found.
Next, run AdAware. First update it ("Check for updates now"), configure for
full scan (<
http://forum.aumha.org/viewtopic.php?t=5877>), then scan. When
scanning finishes, remove all Critical Objects found.
Next, run Spybot S&D. First update it ("Search for updates"), then run a scan
("Check for problems"). Trust Spybot, and delete everything ("Fix Problems")
that is displayed in Red.
Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save the
HJT Log.
<
http://forums.spywareinfo.com/index.php?showtopic=227>
<
http://www1.spywareinfo.com/articles/hijacked/prevent.php>
Finally, have your HJT log interpreted by experts at one or more of the
following security forums (and Please Post a Link to Your Forum Posts, here):
Aumha: <
http://forum.aumha.org/index.php>
Net-Integration: <
http://forums.net-integration.net/>
Spyware Info: <
http://forums.spywareinfo.com/>
Spyware Warrior: <
http://spywarewarrior.com/index.php>
Tom Coyote: <
http://forums.tomcoyote.org/>
If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.
Finally, improve your chances for the future.
Harden your browser. There are various websites which will check for
vulnerabilities, here are three which I use.
http://www.jasons-toolbox.com/BrowserSecurity/
http://bcheck.scanit.be/bcheck/
https://testzone.secunia.com/browser_checker/
Block Internet Explorer ActiveX scripting from hostile websites (Restricted
Zone).
<
https://netfiles.uiuc.edu/ehowes/www/main.htm> (IE-SpyAd)
Block known dangerous scripts from installing.
<
http://www.javacoolsoftware.com/spywareblaster.html>
Block known spyware from installing.
<
http://www.javacoolsoftware.com/spywareguard.html>
Make sure that the spyware detection / protection products that you use are
reliable:
http://www.spywarewarrior.com/rogue_anti-spyware.htm
Harden your operating system. Check at least monthly for security updates.
http://windowsupdate.microsoft.com/
Block possibly dangerous websites with a Hosts file. Three Hosts file sources I
use:
http://www.accs-net.com/hosts/get_hosts.html
http://www.mvps.org/winhelp2002/hosts.htm
(The third is included, and updated, with Spybot (see above)).
Maintain your Hosts file (merge / eliminate duplicate entries) with:
eDexter <
http://www.accs-net.com/hosts/get_hosts.html>
Hostess <
http://accs-net.com/hostess/>
Secure your operating system, and applications. Don't use, or leave activated,
any accounts with names or passwords with trivial (guessable) values. Don't use
an account with administrative authority, except when you're intentionally doing
administrative tasks.
Use common sense. Yours. Don't install software based upon advice from unknown
sources. Don't install free software, without researching it carefully. Don't
open email unless you know who it's from, and how and why it was sent.
Educate yourself. Know what the risks are. Stay informed. Read Usenet, and
various web pages that discuss security problems. Check the logs from the
security products that you use regularly, look for things that don't belong, and
take action when necessary.
How did I get infected in the first place?
http://forums.net-integration.net/index.php?showtopic=3051
Essential tips for infection prevention
http://forums.spywareinfo.com/index.php?showtopic=24339
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
