Borked Internet Connection

[ddrueding]

Users' PC was quite infected. Went into safe mode and cleaned it out, reset firefox settings via safe mode. No internet. Pinging google.com shows returns (DNS resolution and replies), but neither Firefox nor IE will show me a webpage.

Help?

 

[Mercutio]

wiinsockxpfix. Google it.

 

[ddrueding]

Does that work on Vista as well? I thought that having the ping command succeed would have ruled that out?

 

[Mercutio]

What's happened is that something has inserted itself in the chain of the IP Protocol Stack, and that thing was then removed, which breaks the chain. ICMP happens before the broken thing, and it works, but web stuff doesn't and therefore gets borked.

There are instructions for doing the same thing on Vista, but I think WinsockXPFix will work.

 

[time]

I take it that utility is better than netsh winsock reset?

 

[Mercutio]

I take it that utility is better than netsh winsock reset?

Yes, there's more going on with what it does. It does stuff with LSP providers, too.

 

[blakerwry]

netsh winsock reset catalog

This command resets the Winsock catalog to the default configuration. This can be useful if a malformed LSP is installed that results in loss of network connectivity. While use of this command can restore network connectivity, it should be used with care because any previously-installed LSPs will need to be re-installed.

netsh winsock show catalog

This command displays the list of Winsock LSPs that are installed on the computer.

Me thinks the netsh commands in XP and newer are sufficient. I haven't used the winsock fix programs since win2k/9x.

 

[Mercutio]

The difference is, of course, clicking on an icon vs. having to tell someone to type a bunch of commands at the scary black screen.

 

[ddrueding]

Turned out the computer was Win7 Pro. WinsockXPFix threw some errors and I still couldn't connect. netsh winsock reset ended up doing the trick.

 

[Mercutio]

Did you run it as an Admin? I frequently forget that, too.

 

[ddrueding]

I did the right-click, run as admin. Is that effective?

 

[Mercutio]

Should be, yeah.

 

[Howell]

I tried windsock reset and int reset today but the problem was only fix once I removed the network card from device manager and reinstalled it.

 

[Howell]

Although, the main problem was the ipconfig would return only the text "Windows IP Configuration".

 

[ddrueding]

I now have two new systems with this issue, both XP, both significantly infected with malware. I've done:

Full runs of NOD32 and Malwarebytes till they came back clean
WinsockXPFix
ipconfig /flushdns
netsh winsock reset
netsh winsock reset catalog
netsh interface ip reset C:\log.txt
netsh interface reset all
netsh firewall reset
Complete removal and reinstall of Firefox

I've also removed the network card from device manager and re-added it and tried known good static addressing.

Local RDC and file shares are accessible, and I can ping anything on earth succesfully.
I can't access anything on the web (IE, Firefox, Chrome, NOD32 updates, Win Updates)
I also can't access the local web config pages of anything. Error messages are as follows:

Chrome: Error 102 (net::ERR_CONNECTION_REFUSED): Unknown error.
Firefox: The connection to the server was reset while the page was loading.
IE: Internet Explorer cannot display the webpage

I'm getting ready to call it for the night, but if anyone has any suggestions, I would be quite grateful.

 

[ddrueding]

I now have two new systems with this issue, both XP, both significantly infected with malware. I've done:

Full runs of NOD32 and Malwarebytes till they came back clean
WinsockXPFix
ipconfig /flushdns
netsh winsock reset
netsh winsock reset catalog
netsh interface ip reset C:\log.txt
netsh interface reset all
netsh firewall reset
Complete removal and reinstall of Firefox

I've also removed the network card from device manager and re-added it and tried known good static addressing.

Local RDC and file shares are accessible, and I can ping anything on earth succesfully.
I can't access anything on the web (IE, Firefox, Chrome, NOD32 updates, Win Updates)
I also can't access the local web config pages of anything. Error messages are as follows:

Chrome: Error 102 (net::ERR_CONNECTION_REFUSED): Unknown error.
Firefox: The connection to the server was reset while the page was loading.
IE: Internet Explorer cannot display the webpage

I'm getting ready to call it for the night, but if anyone has any suggestions, I would be quite grateful.

 

[Mercutio]

Have you tried lspfix?

At that point I'd probably just do a repair install or good old fashioned wipe and reload.

 

[Bozo]

Repair install.

 

[ddrueding]

Repair install, re-did everything above, still broken.

Win Update, Activation, even NOD32 update worked this time, but still no Firefox, Chrome, or IE.

 

[time]

Remove and reinstall IE8? (MS loves to hide changes to Windows functionality in unrelated software releases such as IE).

Failing that, you may have a rootkit that's too successful for the available tools. You could try Rootkit Revealer, but it looks to be well out of date.

A quick search of opinions suggests UnHackMe (paid), Radix or RootRepeal. Note that Radix doesn't appear to have been updated for 7 months and RootRepeal for 15 months.

 

[ddrueding]

Just noticed that the firewall service isn't starting. That may have happened with lspfix. Doing a parallel install now.

 

[Howell]

I'm still loving combo fix for ensuring a clean system. After that you might try reinstalling SP3.*

 

[Howell]

Did you try something like
telnet Www.google.com 80
&
Get

 

[ddrueding]

Just happened again, and I got more info this time. After some interrogation, this is common with all three instances:

User was prompted for some form of Adobe update while using Firefox. Update succeeded, but internet was immediately inaccessible.

I really don't want to rebuild this machine.

 

[CougTek]

Does that work on Vista as well?

Since Winsockipfix doesn't work in Vista, I thought you'd like to know how to reset it entirely manually. I've just fixed a network access problem doing this.

 

[Mercutio]

I already knew how to do that. It's just that I'd rather advise other people to use a tool than do command prompt stuff.