Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Malware infections cleared but still can't connect to Internet


  • Please log in to reply
55 replies to this topic

#1 bridav

bridav

    Authentic Member

  • Authentic Member
  • PipPip
  • 50 posts

Posted 25 July 2008 - 06:18 AM

Hi,

I recently had some serious infections on my home computer, and these have now been cleaned up with the help of the folk on the HJT forum (Ken545 was the person who assisted me and advised me to post here).
Details can be found here :
http://forums.whatth...com/forums.html

However, I'm still unable to connect to any web sites on the Internet. When I go through the usual steps to connect to the internet, my PC displays a message and an icon on the task bar saying that I'm connected, what the connection speed is, bytes transferred in and out etc. But when I start my browser (Firefox) it is unable to find any web sites ('server not found') and my email package (Incredimail) is unable to find my ISP's mail server.

I'm posting this from my computer in work, so if you have any recommendations there may be a short delay before I respond. Also, I have no access over the weekend when I'm not in work.

Brian

    Advertisements

Register to Remove


#2 paws

paws

    Tech Team

  • Administrator
  • 6,088 posts

Posted 26 July 2008 - 03:48 AM

Hi Brian,
Ken has asked to to have a look at your Internet problem and I have also looked at your log files over in malware removal to see if any of them can shed any light on the lack of Internet connectivity that is causing such a problem.

When you have suffered a major malware attack, its sometimes difficult to figure out exactly what problems are likely to be configuration errors, what effects the bad guys have had on your machine. or what ,if any, effects some of the powerful malware cleaning tools have had....

I am conscious that you will not be able to read this thread until you are back at work on Monday so the usual fault finding process, of me asking questions, and then you giving a reply and then me following up with further questions, (thus narrowing down the causes of the problem) may not be appropriate...........So here's a large chunk of stuff for you to get your teeth into!

Lets start with some housekeeping issues first:

Please take the opportunity to bring your back up/archive/copy of all your important stuff 100% up to date, check that it's accurate, reproducible and held securely on removable media (not your hard drive)......the idea here is to ensure that all your important data, files, spreadsheets, work, music, emails, log in details, user names, address book, drivers, letters, invoices, videos etc....in fact everything that is important to you (stuff that you would not like to permanently lose) is safe on external media.

Whilst you are doing this collect together all your application installation discs (or downloaded installation executables) serial numbers, product licence keys (including the one for Windows
itself and the Microsoft Windows XP installation disc and or Manufacturer's Restore and Driver utilities disc, and put them somewhere safe.

1 Your Anti Virus is CA anti virus, but you are also running Norton...(It may not look as though its running but your last HJT log definitely indicate that some elements of it are running!)
This is not good as two AV programs tend to fight. You mentioned in your other thread that when you uninstalled Norton it may not have completely uninstalled properly, and here I think you were spot on. See if you have any entries in Add & Remove Programs Applet called Norton or Symantec if so uninstall them and do not forget to close down your machine and wait 30 seconds with a blank black screen before restarting your machine (its necessary to do this when you uninstall most programs)...if you cannot find any entries for Norton or Symantec, then don't worry, but go to step 2 below.

2 Go here and download the Norton uninstall tool
http://service1.syma...o...ment&Click=
follow the directions, when it has finished, don't forget to restart your machine.

3 Your logs indicate that you have installed at some time P2P File sharing programs........There are legitimate uses for P2P File sharing, but a lot that I come across are used for the downloading of files,(especially music, videos, games etc) that breach both National and International rules on copyright. There is currently a major crackdown on folks who use File Sharing to break copyright rules and heavy penalties are being imposed......often it's the young folks who are tempted to do this, their parents often being unaware, but it might be as well to check that your machine is squeaky clean in this respect, just to be on the safe side.

File sharing is a well known vector for the distribution of malicious code and large numbers of machines are infected by this route, the effects can be devastating and sometimes a format and reinstall of the operating system is necessary......For these reasons I recommend that you uninstall all P2P file sharing or similar applications, utorrent . Ares etc

4 Your logs indicate that you currently use a British Telecom route to the Internet, and BT-Yahoo is specified, however you also have traces of AOL version 8 on your machine and possibly an AOL icon (maybe hidden) in your notification area. If you use AOL then you should at least update it to Version 9...if you don't use it then see if you can uninstall it (it is notoriously difficult to uninstall sometimes) don't worry if you cant uninstall it just move on to the next step.

5 Your logs indicate that at one time your machine was connected to the Internet by means of an ADSL USB modem probably a Thomson Speedtouch, but comments in your thread indicate that you are now using a router/modem.......I am proceeding on the basis that it's the router you are using now, but please come back and correct me if I'm wrong. (full make, model numbers,etc and a brief note of which wire goes where would be helpful so I can visualise your set up) If you are using a wireless router then please advise if you have inhibited the broadcast of SSID and the type of encryption you are using (WEP, WPA, WPA2 etc)

6 Assuming you are using a router (if not please stop here and report back) then please go to:
Start>Control Panel>Network Connections....your LAN should be shown/set to "connected" or "enabled" (Generally you should only have one enabled connection , but for this you can ignore the 1394 (Firewire) connection as this does not interfere with things.)
Right click on this (Lan) connection
Click on Properties
Scroll to Internet Protocol TCP/IP and highlight it and click on Properties
ensure that there is a dot in the radio buttons labelled:
obtain an IP address auto..... and
obtain DNS server address auto......
Click OK

7 Still in Control Panel go to:
Internet Options
Click on the Connections Tab
ensure there is a dot in the radio button "Never dial a connection"
OK your way out.

7A Check that your network adaptor card(s) is recognised (look in Device Manager) check that the card is present and that there is no Yellow or Red marker against it
In Device Manager make sure that the properties for your network adaptor card show that it is working correctly.

8 Now power cycle your router/modem, as was explained in your malware thread) but repeated here:

1. Shut down your system
2. Unplug the power cable from your modem
3. Unplug your power cable from your router
4. Keep them unplugged for about 3 or 4 minutes, this will clear out the junk and let them reset themselves.
5. Plug the power cable for the modem back in and make sure all the lights come on
6. Plug the power to your router back in and wait until all the lights come on.
7. Boot up your system and check your internet connection.


9 Next Try your Internet connection for a short test with your software firewall and your anti virus turned off (don't forget to turn it on when you have done. and don't do anything like downloading emails with your AV off!)

10 If you now have Internet then.......... rejoice........
if not:
11 Go here and download winsockfix
http://www.softpedia...load-15337.html

12 be sure to read all the instructions and notes before you run it (also create a System Restore Point...Start>all Programs>Accessories>System Tools> System Restore) Now please repeat all the stages of Step 8 again....
Has this helped?
if not, then:

13 Please now go to Start>run and in the white box type
cmd
at the command prompt, type
ipconfig /all
(note the space is necessary)
hit the enter key
and copy the output into your reply so we can see what is currently going on,
when you have finished type
exit
hit the enter key
and the command prompt will disappear

Let us know how you get on.
Regards
paws

Edited by paws, 26 July 2008 - 07:25 AM.

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate

#3 bridav

bridav

    Authentic Member

  • Authentic Member
  • PipPip
  • 50 posts

Posted 29 July 2008 - 06:07 AM

Thanks for looking at this so promptly, paws! I wasn't in work yesterday, so I've only just read your reply. I'll work my way through what you've recommended and get back to you when I'm done. The P2P stuff is probably the work of my daughter, who I think sometimes downloads stuff when she visits for the weekend - I don't really use it so if it's causing a problem I'll remove it. I may have confused you guys over the router/modem setup, due to my technical ignorance. I believe it is an ADSL modem I'm using, and I'm pretty sure it's a Thomson Speedtouch, but I'll have to check the details when I get home this evening. I don't have Wireless. Brian

#4 paws

paws

    Tech Team

  • Administrator
  • 6,088 posts

Posted 29 July 2008 - 01:09 PM

Hi Brian, Ok all understood, 1 It would be wise to uninstall all the P2P stuff.. (Start>Control Panel>Add & Remove programs) 2 If you are using the Thomson Speedtouch ADSL modem with a USB connection to your machine for Internet Access then please don't proceed with step 6 onwards and I will send you futher instructions when you post back with the details (but I would still like you to try please step 13 when you post back) Regards paws
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate

#5 bridav

bridav

    Authentic Member

  • Authentic Member
  • PipPip
  • 50 posts

Posted 30 July 2008 - 05:32 AM

Just to confirm, paws - I am using a Thomson Speedtouch 330 ADSL modem connected to a phone socket and a USB port on the computer.
I've uninstalled Ares and uTorrent, also ran the Norton uninstaller so I think it's gone too.

I halted at Step 6 last evening, but I'll do Step 13 tonight and post the output from the ipconfig /all command tomorrow.
I appreciate this is all a bit awkward, with me not being able to post from home, but thanks for your patience!

Brian

#6 paws

paws

    Tech Team

  • Administrator
  • 6,088 posts

Posted 30 July 2008 - 05:51 AM

Hi Brian That's good to hear. I will set up one of my test machines to mimic yours, and install a Thomson Speedtouch 330 ADSL ..USB modem, connect it up to the Internet and I will post back with the configuration settings you will need to enter. You were wise to stop at step 6 as the settings I gave you are NOT appropriate for a Speedtouch 330. (They were great for a router!, but not for the Speedtouch 330! I will get back to you as soon as I can, (should be this afternoon.) ......got to do the paying jobs first! Regards paws
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate

#7 paws

paws

    Tech Team

  • Administrator
  • 6,088 posts

Posted 30 July 2008 - 10:09 AM

Hi Brian,

I have now configured a test machine to use a Thomson USB Speedtouch modem to access the Internet and this is being used by me now for this message!
Try these steps and let me know how you get on ...particularly any error messages you receive
.
1 Ensure your Speedtouch is connected to a USB port on your computer and has the standard telephone wire from the wall socket into the back of the Speedtouch
2 You should start to see the 2 LEDs on the Speedtouch start to flash when you start your computer. Both LEDs eventually, after a minute or two should turn to solid green, if they continue to flash or either of them turns red after step 13, then I need to know, as this is significant.
3 Start >Control Panel>Internet Options and click on the tab across the top called "connections."
4 In the white box highlight your ISP's connection...... from your logs it looks as though this is BT, it should have default after it, if not, hit the Default button whilst the ISP is still highlighted.
5 With your ISP still highlighted ensure there is a dot in the radio button labelled "Always dial my default connection"
6 With your ISP still highlighted click on Settings (this is just the Settings (Not the LAN settings)
7 Ensure all boxes are blank apart from "User Name" and Password" your User Name and Password should be filled in already, if they are not then fill them in but let me know please as this is significant. Your password will be obfuscated by the insertion of stars or asterisks...(this is perfectly OK and is a security measure)
8 Click on Properties (you should be on the General Tab across the top ,if not click on General tab)
9 Ensure that in the connection box it says "Speedtouch ADSL" or words to that effect (let me know please if it doesn't as this is significant) it may refer also, to ISDN and this is OK
10 the phone number is usually set to 0 (Zero)
11 put a tick in the box (if there isn't one already against "Show icon...etc"
12 Now please OK your way out
(NOTE ) this is the only time you need click the OKs
13 Now take a deep breath and open Internet Explorer you will either get an error message........... or your dial up will work........ and connect you to your BT broadband ......if so then
Rejoice......if you get the Internet that is!
14 if not then please do the following:
15 Start>Right Click on My Computer>Hardware>Device Manager and scroll down till you come to Speedtouch (it should be on the list) and if you right click on it , it should tell you in Properties if it is working OK, if its isn''t, or it's just not there at all, then we will need to get you to reinstall its drvers.........but I'll leave that for tomorrow.
Good luck and let me know how you get on
Regards
paws
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate

#8 bridav

bridav

    Authentic Member

  • Authentic Member
  • PipPip
  • 50 posts

Posted 31 July 2008 - 05:45 AM

Thanks for going to all that trouble, paws! Sorry I didn't pick up your post yesterday - I'd already left work by the time it came through. I'll follow these instructions this evening and get back to you early tomorrow. Fingers crossed... Brian

#9 paws

paws

    Tech Team

  • Administrator
  • 6,088 posts

Posted 31 July 2008 - 07:45 AM

:thumbup:
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate

#10 bridav

bridav

    Authentic Member

  • Authentic Member
  • PipPip
  • 50 posts

Posted 01 August 2008 - 03:32 AM

Hi paws, No luck yet I'm afraid :( I went through all the steps on your last post, and all my settings appeared to be correct. Also powered off, disconnected the modem etc. Step 15 : Device manager says the modem is working properly When I try to connect to the internet, I'm still getting a message saying that I'm connected to BT Openworld Broadband, but my browser returns "server not found" messages for any web site I try to get to. Not sure if you need this, but here's the output from the ipconfig /all command : Microsoft Windows XP [Version 5.1.2600] © Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\Brian Davis>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : Brian Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Cont roller Physical Address. . . . . . . . . : 00-0D-56-5E-FA-30 PPP adapter BT Openworld Broadband: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface Physical Address. . . . . . . . . : 00-53-45-00-00-00 Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 81.151.83.254 Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : 194.72.9.34 62.6.40.178 C:\Documents and Settings\Brian Davis>

    Advertisements

Register to Remove


#11 paws

paws

    Tech Team

  • Administrator
  • 6,088 posts

Posted 01 August 2008 - 04:34 AM

Hi Brian,
OK I understand
Can you now go to step 11 and do the winsocket fix please
Restart your machine after you have finished and try to connect with Internet Explorer again (with Firewall and AV off/disabled.)
If no joy try again this time using Mozilla Firefox as your browser
available from here:
http://www.mozilla-e...org/en/firefox/
Can you confirm please that you have two solid green LEDs illuminated on your Speedtouch without either LED being a different colour or flashing
Let me know what happens.
Regards
paws

Edited by paws, 01 August 2008 - 04:37 AM.

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate

#12 bridav

bridav

    Authentic Member

  • Authentic Member
  • PipPip
  • 50 posts

Posted 01 August 2008 - 04:40 AM

Will do, paws I already use Firefox as my browser, not IE - been using for the last few years (since I last got infected!) Yes - the two green LED's are on, no red light, no flashing Brian

#13 paws

paws

    Tech Team

  • Administrator
  • 6,088 posts

Posted 01 August 2008 - 04:45 AM

Hi Brian, Try both Firefox and IE .....just trying to narrow it down! Regards paws
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate

#14 bridav

bridav

    Authentic Member

  • Authentic Member
  • PipPip
  • 50 posts

Posted 01 August 2008 - 04:50 AM

OK, paws, I'll do that! Brian

#15 bridav

bridav

    Authentic Member

  • Authentic Member
  • PipPip
  • 50 posts

Posted 04 August 2008 - 01:29 AM

Good morning, paws! Ran WinSockFix, rebooted and tried again...still getting 'server not found' for everything -doh! I tried IE as well as Firefox, but same result Modem has the two green LED's on, computer says it's connected to internet. Brian

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users