Hey all,
A friend of mine's kid got a bad load of malware and viruses into his network. I cleared everything out as far as I can tell and repaired one machine, but I think one of the nasties stomped on the TCP/IP stack of the other box pretty hard. I think I've covered all the bases and am now looking at a reinstall of the OS, but I thought I'd see if anyone else has run across this before I do that.
LAN setup:
- Comcast cable modem (motorola); Linksys BEFSR41 router; Linksys WAP11 into one of the Ethernet ports on the router. Router acts as DHCP server to LAN.
- Old Compaq Presario desktop machine running 98SE; wired connection to router. Among other nasty deeds, the malware did the LSP Fandango on the box, but I was able to repair it. This box is fine now.
- New Dell Inspiron 8600 laptop running XP Home (the problem machine).
Laptop has:
- Broadcom 440x Ethernet
- Dell TrueMobile 1300 Wi-Fi
Known conditions:
- LAN/Internet infrastructure is working. Win 98 box and my laptop (connected by either Ethernet or wireless) function perfectly.
- Both machines can ping each other by IP, as well as the router.
- Both machines can ping Internet locations by IP.
- Laptop cannot ping by URL- ping requests time out.
- Laptop can ping the loopback device using either "127.0.0.1" or "localhost"
- Laptop cannot browse by URL (using IE or Firefox).
- Outlook Express on laptop cannot resolve the Comcast mail servers' names. The servers are up and running.
- DNS server IP are correct.
- Laptop can ping and browse (using IE or Firefox) when booted into safe mode with networking support!
- Laptop exhibits the same problem using wired or wireless connection to LAN; both physical devices are working and configured correctly as far as I can see.
- The laptop exhibits the same behaviour on my network, using my DNS server IPs. Also- static vs. dynamic addressing is not the issue; been there, done that.
History/steps already taken:
- Ad Aware, SpyBot, HJT, etc. show the laptop to be clean now. (Was able to d/l latest updates for the programs while booted into safe mode).
- Firewalling is not the issue.
- I killed any unnecessary processes that I could identify (using Norton's Process Viewer)- no change in problem.
- Using "netsh int ip bla,bla" did not fix the problem.
- As per a Microsoft article related to the problem, I tried deleting the HKLM\System\CurrentControlSet\Services Winsock and Winsock2 entries and then reinstalling the TCP/IP protocol- still no change.
- Tried the WinSockXPfix.exe utility- it found nothing to fix.
- Rolled the system back to a restore point well before the date my friend said this started happening. Zip, zilch, nada- no change.
Have I missed something here, or is the system just yea and verily b0rked?