Malware infections cleared but still can't connect to Internet
Posted 25 July 2008 - 06:18 AM
I recently had some serious infections on my home computer, and these have now been cleaned up with the help of the folk on the HJT forum (Ken545 was the person who assisted me and advised me to post here).
Details can be found here :
However, I'm still unable to connect to any web sites on the Internet. When I go through the usual steps to connect to the internet, my PC displays a message and an icon on the task bar saying that I'm connected, what the connection speed is, bytes transferred in and out etc. But when I start my browser (Firefox) it is unable to find any web sites ('server not found') and my email package (Incredimail) is unable to find my ISP's mail server.
I'm posting this from my computer in work, so if you have any recommendations there may be a short delay before I respond. Also, I have no access over the weekend when I'm not in work.
Posted 26 July 2008 - 03:48 AM
Ken has asked to to have a look at your Internet problem and I have also looked at your log files over in malware removal to see if any of them can shed any light on the lack of Internet connectivity that is causing such a problem.
When you have suffered a major malware attack, its sometimes difficult to figure out exactly what problems are likely to be configuration errors, what effects the bad guys have had on your machine. or what ,if any, effects some of the powerful malware cleaning tools have had....
I am conscious that you will not be able to read this thread until you are back at work on Monday so the usual fault finding process, of me asking questions, and then you giving a reply and then me following up with further questions, (thus narrowing down the causes of the problem) may not be appropriate...........So here's a large chunk of stuff for you to get your teeth into!
Lets start with some housekeeping issues first:
Please take the opportunity to bring your back up/archive/copy of all your important stuff 100% up to date, check that it's accurate, reproducible and held securely on removable media (not your hard drive)......the idea here is to ensure that all your important data, files, spreadsheets, work, music, emails, log in details, user names, address book, drivers, letters, invoices, videos etc....in fact everything that is important to you (stuff that you would not like to permanently lose) is safe on external media.
Whilst you are doing this collect together all your application installation discs (or downloaded installation executables) serial numbers, product licence keys (including the one for Windows
itself and the Microsoft Windows XP installation disc and or Manufacturer's Restore and Driver utilities disc, and put them somewhere safe.
1 Your Anti Virus is CA anti virus, but you are also running Norton...(It may not look as though its running but your last HJT log definitely indicate that some elements of it are running!)
This is not good as two AV programs tend to fight. You mentioned in your other thread that when you uninstalled Norton it may not have completely uninstalled properly, and here I think you were spot on. See if you have any entries in Add & Remove Programs Applet called Norton or Symantec if so uninstall them and do not forget to close down your machine and wait 30 seconds with a blank black screen before restarting your machine (its necessary to do this when you uninstall most programs)...if you cannot find any entries for Norton or Symantec, then don't worry, but go to step 2 below.
2 Go here and download the Norton uninstall tool
follow the directions, when it has finished, don't forget to restart your machine.
3 Your logs indicate that you have installed at some time P2P File sharing programs........There are legitimate uses for P2P File sharing, but a lot that I come across are used for the downloading of files,(especially music, videos, games etc) that breach both National and International rules on copyright. There is currently a major crackdown on folks who use File Sharing to break copyright rules and heavy penalties are being imposed......often it's the young folks who are tempted to do this, their parents often being unaware, but it might be as well to check that your machine is squeaky clean in this respect, just to be on the safe side.
File sharing is a well known vector for the distribution of malicious code and large numbers of machines are infected by this route, the effects can be devastating and sometimes a format and reinstall of the operating system is necessary......For these reasons I recommend that you uninstall all P2P file sharing or similar applications, utorrent . Ares etc
4 Your logs indicate that you currently use a British Telecom route to the Internet, and BT-Yahoo is specified, however you also have traces of AOL version 8 on your machine and possibly an AOL icon (maybe hidden) in your notification area. If you use AOL then you should at least update it to Version 9...if you don't use it then see if you can uninstall it (it is notoriously difficult to uninstall sometimes) don't worry if you cant uninstall it just move on to the next step.
5 Your logs indicate that at one time your machine was connected to the Internet by means of an ADSL USB modem probably a Thomson Speedtouch, but comments in your thread indicate that you are now using a router/modem.......I am proceeding on the basis that it's the router you are using now, but please come back and correct me if I'm wrong. (full make, model numbers,etc and a brief note of which wire goes where would be helpful so I can visualise your set up) If you are using a wireless router then please advise if you have inhibited the broadcast of SSID and the type of encryption you are using (WEP, WPA, WPA2 etc)
6 Assuming you are using a router (if not please stop here and report back) then please go to:
Start>Control Panel>Network Connections....your LAN should be shown/set to "connected" or "enabled" (Generally you should only have one enabled connection , but for this you can ignore the 1394 (Firewire) connection as this does not interfere with things.)
Right click on this (Lan) connection
Click on Properties
Scroll to Internet Protocol TCP/IP and highlight it and click on Properties
ensure that there is a dot in the radio buttons labelled:
obtain an IP address auto..... and
obtain DNS server address auto......
7 Still in Control Panel go to:
Click on the Connections Tab
ensure there is a dot in the radio button "Never dial a connection"
OK your way out.
7A Check that your network adaptor card(s) is recognised (look in Device Manager) check that the card is present and that there is no Yellow or Red marker against it
In Device Manager make sure that the properties for your network adaptor card show that it is working correctly.
8 Now power cycle your router/modem, as was explained in your malware thread) but repeated here:
1. Shut down your system
2. Unplug the power cable from your modem
3. Unplug your power cable from your router
4. Keep them unplugged for about 3 or 4 minutes, this will clear out the junk and let them reset themselves.
5. Plug the power cable for the modem back in and make sure all the lights come on
6. Plug the power to your router back in and wait until all the lights come on.
7. Boot up your system and check your internet connection.
9 Next Try your Internet connection for a short test with your software firewall and your anti virus turned off (don't forget to turn it on when you have done. and don't do anything like downloading emails with your AV off!)
10 If you now have Internet then.......... rejoice........
11 Go here and download winsockfix
12 be sure to read all the instructions and notes before you run it (also create a System Restore Point...Start>all Programs>Accessories>System Tools> System Restore) Now please repeat all the stages of Step 8 again....
Has this helped?
if not, then:
13 Please now go to Start>run and in the white box type
at the command prompt, type
(note the space is necessary)
hit the enter key
and copy the output into your reply so we can see what is currently going on,
when you have finished type
hit the enter key
and the command prompt will disappear
Let us know how you get on.
Edited by paws, 26 July 2008 - 07:25 AM.
Posted 29 July 2008 - 06:07 AM
Posted 29 July 2008 - 01:09 PM
Posted 30 July 2008 - 05:32 AM
I've uninstalled Ares and uTorrent, also ran the Norton uninstaller so I think it's gone too.
I halted at Step 6 last evening, but I'll do Step 13 tonight and post the output from the ipconfig /all command tomorrow.
I appreciate this is all a bit awkward, with me not being able to post from home, but thanks for your patience!
Posted 30 July 2008 - 05:51 AM
Posted 30 July 2008 - 10:09 AM
I have now configured a test machine to use a Thomson USB Speedtouch modem to access the Internet and this is being used by me now for this message!
Try these steps and let me know how you get on ...particularly any error messages you receive
1 Ensure your Speedtouch is connected to a USB port on your computer and has the standard telephone wire from the wall socket into the back of the Speedtouch
2 You should start to see the 2 LEDs on the Speedtouch start to flash when you start your computer. Both LEDs eventually, after a minute or two should turn to solid green, if they continue to flash or either of them turns red after step 13, then I need to know, as this is significant.
3 Start >Control Panel>Internet Options and click on the tab across the top called "connections."
4 In the white box highlight your ISP's connection...... from your logs it looks as though this is BT, it should have default after it, if not, hit the Default button whilst the ISP is still highlighted.
5 With your ISP still highlighted ensure there is a dot in the radio button labelled "Always dial my default connection"
6 With your ISP still highlighted click on Settings (this is just the Settings (Not the LAN settings)
7 Ensure all boxes are blank apart from "User Name" and Password" your User Name and Password should be filled in already, if they are not then fill them in but let me know please as this is significant. Your password will be obfuscated by the insertion of stars or asterisks...(this is perfectly OK and is a security measure)
8 Click on Properties (you should be on the General Tab across the top ,if not click on General tab)
9 Ensure that in the connection box it says "Speedtouch ADSL" or words to that effect (let me know please if it doesn't as this is significant) it may refer also, to ISDN and this is OK
10 the phone number is usually set to 0 (Zero)
11 put a tick in the box (if there isn't one already against "Show icon...etc"
12 Now please OK your way out
(NOTE ) this is the only time you need click the OKs
13 Now take a deep breath and open Internet Explorer you will either get an error message........... or your dial up will work........ and connect you to your BT broadband ......if so then
Rejoice......if you get the Internet that is!
14 if not then please do the following:
15 Start>Right Click on My Computer>Hardware>Device Manager and scroll down till you come to Speedtouch (it should be on the list) and if you right click on it , it should tell you in Properties if it is working OK, if its isn''t, or it's just not there at all, then we will need to get you to reinstall its drvers.........but I'll leave that for tomorrow.
Good luck and let me know how you get on
Posted 31 July 2008 - 05:45 AM
Posted 01 August 2008 - 03:32 AM
Posted 01 August 2008 - 04:34 AM
OK I understand
Can you now go to step 11 and do the winsocket fix please
Restart your machine after you have finished and try to connect with Internet Explorer again (with Firewall and AV off/disabled.)
If no joy try again this time using Mozilla Firefox as your browser
available from here:
Can you confirm please that you have two solid green LEDs illuminated on your Speedtouch without either LED being a different colour or flashing
Let me know what happens.
Edited by paws, 01 August 2008 - 04:37 AM.
Posted 01 August 2008 - 04:40 AM
Posted 01 August 2008 - 04:45 AM
Posted 04 August 2008 - 01:29 AM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users