Lost Internet Connectivity And Malware

  dogbreath1 10:33 11 Mar 06

A friend called to tell me that his internet connectivity had been lost. His machine is one year old and OS = XP SP2. On booting his PC (which seemed to take forever) it was clear that all was not well! Even launching Explorer took quite a while.

He had Norton AV installed but his internet being down meant that the latest sigs had not been installed. I installed, from a pen drive, Ewido free and Ad-Aware free (both with current updates) and ran them in succession. They found (and I permitted them to remove) 241 malware files which were mainly tracking cookies. CPU usage had now dropped from 50% average during 'idle' to less than 1%. Also RAM usage at 'idle' had dropped from 440MB to under half that.

After a restart, the machine was clearly both booting and running considerably faster...almost what you might call normal. But still no internet connection.

I tried rebooting the Zyxel Security Gateway (ethernet connected) to remove the static freeze possibility and ran WinsockXP.exe but still no connection. The ISP, BT, claim that the line is fine and say that they believe the computer to be internet enabled.

A post cleanup HJT log seemed quite clean according to three on-line analysers (although I am aware of their fallibility in this respect and have asked for guidance on a specialist forum elsewhere).

He browses (when he can) using IE, the home page hasn't been changed but no internet connection is possible at the moment.

There are a great deal of running processes at boot (all of which seem to be 'legitimite') which I believe to be unnecessary and I'm currently wading through various web sites to ascertain which of these can be disabled at startup or removed.

My question here is are there any troubleshooting guides (free or paid [*dogbreath nearly chokes*]) to help me work through this guy's problem and get him back on line. Indeed, any advice you can give me would be very welcome.

Sorry for being a bit long winded, but I'm always conscious of leaving out relevent points.

  johnnyrocker 11:03 11 Mar 06

what type of connection does your friend have? have you rebooted all?


  dogbreath1 11:27 11 Mar 06

It's ADSL BB. I have rebooted both PC and router and I'm going to try some ping tests on Monday.

I suspect that the connectivity problem was originally caused by spyware infection but I simply can't be sure.

ADSL connection status currently 'Enabled' but the Internet indicator on the router remains unilluminated.

  Forum Editor 11:50 11 Mar 06

it's worth disconnecting it entirely from the ADSL line as well - for about three or four miutes - before trying to reconnect.

Then try this:-

Open a command line and type:-

IPCONFIG /release_all

and press the enter key.

Now type:-

IPCONFIG /renew_all

and press the enter key.

(Note the space after IPCONFIG)

  dogbreath1 12:05 11 Mar 06

Thanks for that. I'll give it a try and post back.

  dogbreath1 18:09 11 Mar 06

Out of interest, have any of you guys any experience with click here ??

  dogbreath1 18:29 14 Mar 06

FE - I tried the disconnection and the IPCONFIG release/renew routine to no avail.

I also tried the diagnostic tool MyVitalAgent which referred to inaccessibility to port 53 whilst trying to connect to (which leads on my machine to a blank page) and a potential firewall issue. The Zyxel Prestige 652 HW-31 router may have it's own firewall but the XP firewall is shown as being ON in Security Centre window but OFF when firewall config. is launched.

Any more ideas please you guys.

  VoG II 18:33 14 Mar 06

Have you tried click here or click here

  dogbreath1 18:42 14 Mar 06

Thanks for the advice. I've not tried those but I will tomorrow.

If that fails, I'm going to install an alternative router (BT Voyager 205) to see whether I can get a connection that way.

Cheers. db.

  dogbreath1 17:54 15 Mar 06

Decided to reinstall the router and ran VoG™'s Winsock applications. Now got connection back. Used renewed connection to install Spybot S&D and a². The former found 5 nasties and the latter, 25. Also installed CCleaner which removed 95MB of temp. files etc..

The internet connection is now very quick but Windows Explorer is very sluggish.

I'm going to try fsc /scannow with the O.S. disc inserted but I would welcome any further advice on how to work out what is causing the slowdown.

Cheers. db.

