Hey all,

A friend of mine's kid got a bad load of malware and viruses into his network. I cleared everything out as far as I can tell and repaired one machine, but I think one of the nasties stomped on the TCP/IP stack of the other box pretty hard. I think I've covered all the bases and am now looking at a reinstall of the OS, but I thought I'd see if anyone else has run across this before I do that.

LAN setup:
- Comcast cable modem (motorola); Linksys BEFSR41 router; Linksys WAP11 into one of the Ethernet ports on the router. Router acts as DHCP server to LAN.

- Old Compaq Presario desktop machine running 98SE; wired connection to router. Among other nasty deeds, the malware did the LSP Fandango on the box, but I was able to repair it. This box is fine now.

- New Dell Inspiron 8600 laptop running XP Home (the problem machine).
Laptop has:
- Broadcom 440x Ethernet
- Dell TrueMobile 1300 Wi-Fi


Known conditions:

- LAN/Internet infrastructure is working. Win 98 box and my laptop (connected by either Ethernet or wireless) function perfectly.

- Both machines can ping each other by IP, as well as the router.

- Both machines can ping Internet locations by IP.

- Laptop cannot ping by URL- ping requests time out.

- Laptop can ping the loopback device using either "127.0.0.1" or "localhost"

- Laptop cannot browse by URL (using IE or Firefox).

- Outlook Express on laptop cannot resolve the Comcast mail servers' names. The servers are up and running.

- DNS server IP are correct.

- Laptop can ping and browse (using IE or Firefox) when booted into safe mode with networking support!

- Laptop exhibits the same problem using wired or wireless connection to LAN; both physical devices are working and configured correctly as far as I can see.

- The laptop exhibits the same behaviour on my network, using my DNS server IPs. Also- static vs. dynamic addressing is not the issue; been there, done that.


History/steps already taken:

- Ad Aware, SpyBot, HJT, etc. show the laptop to be clean now. (Was able to d/l latest updates for the programs while booted into safe mode).

- Firewalling is not the issue.

- I killed any unnecessary processes that I could identify (using Norton's Process Viewer)- no change in problem.

- Using "netsh int ip bla,bla" did not fix the problem.

- As per a Microsoft article related to the problem, I tried deleting the HKLM\System\CurrentControlSet\Services Winsock and Winsock2 entries and then reinstalling the TCP/IP protocol- still no change.

- Tried the WinSockXPfix.exe utility- it found nothing to fix.

- Rolled the system back to a restore point well before the date my friend said this started happening. Zip, zilch, nada- no change.


Have I missed something here, or is the system just yea and verily b0rked?

Now, let me ask you this... you said you did a few things which I would have recommended right off the bat, but in a different order:

- Using "netsh int ip bla,bla" did not fix the problem.

- As per a Microsoft article related to the problem, I tried deleting the HKLM\System\CurrentControlSet\Services Winsock and Winsock2 entries and then reinstalling the TCP/IP protocol- still no change.

What you might want to try is doing it in a different order. Remove the Winsock stuff, then restart. Then, reinstall TCP/IP on one of the interfaces, then restart. After that, run netsh int ip reset log.txt. That's worked wonders on a lot of systems I've had to fool with. Also, it wouldn't hurt running ipconfig /flushdns.

Other than that, I'd suggest either running sfc /scannow, a repair reinstallation, or the big one-- an OS reinstall. I'd say about 6 out of 10 of these issues I've encountered have resulted in an OS reinstall.

For detailed instructions on the Winsock fix, check out this link:
http://support.dell.com/us/en/kb/document.asp?dn=1088678

try going to 192.168.1.1 where you can edit your linksys router settings it is the same place you would go for port forwarding and that sort of stuff. there you should be able to fix any problems with tcp/ip stack. if not go to network connections and try and reinstall the tcp/ip protocol if that does not work than i have no idea

try going to 192.168.1.1 where you can edit your linksys router settings it is the same place you would go for port forwarding and that sort of stuff. there you should be able to fix any problems with tcp/ip stack. if not go to network connections and try and reinstall the tcp/ip protocol if that does not work than i have no idea

Hi mikeandike22,

Thanks for the input, but as I said- this issue is not related to the router in any way. My laptop and his other machine work fine on his network, and his problematic machine exhibits the same symptoms on the network at my office. This problem is local to the machine.
As I also said in my first post, I have tried the stack fixes and reinstalls.

Thanks anyway though,

Dave

What you might want to try is doing it in a different order. Remove the Winsock stuff, then restart. Then, reinstall TCP/IP on one of the interfaces, then restart.

Sorry, I did so much with this box that I forgot to mention that I tried that as well.

After that, run netsh int ip reset log.txt. That's worked wonders on a lot of systems I've had to fool with. Also, it wouldn't hurt running ipconfig /flushdns.

Sorry again- but as above; I just spaced on mentioning that I tried those as well. Didn't do the trick.

Other than that, I'd suggest either running sfc /scannow, a repair reinstallation, or the big one-- an OS reinstall. I'd say about 6 out of 10 of these issues I've encountered have resulted in an OS reinstall.

Yeah, sfc is next; haven't had a chance to do that yet. As far as the reinstall, I'm ready for that too but was just hoping to avoid it. Hmm... I wonder how he'd feel if I installed that "real" OS that we deal with instead of XP Home? ;)

Thanks for the input Alex; I'm off to check out the link you provided right now.

-Dave

Alex, the full link you gave me seems to not work or be expired; it just takes me to the main http://support.dell.com/index.aspx page. I did try cutting and pasting the link as well with the same result.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.