Overclock.net banner

1 - 9 of 9 Posts

·
Registered
Joined
·
780 Posts
Discussion Starter · #1 ·
A friend is having a funny networking issue with Windows 7:

Symptoms:
- Gets an IP via DHCP.
- Able to ping google.com and get replies.
- Browser gets an error "Connection to the server was reset" trying to open any web page (including the web interface of the gateway router).
- Other internet applications also seem to fail.
- Cannot see other computers on the network.
- Other computers on the network do not have this problem.

Tested:
- Restart.
- Full scan using Avira and Malwarebytes found nothing.
- Disabled IPv6.
- Tried reducing the interface MTU to ~900.
- Tried disabling Windows firewall.

Conditions:
- I can only help via phone and email.
- The only connection available is wireless and supposedly there aren't even extra cat cables available to use to test a wired connection..

I'm stuck - what else can I try? I would appreciate any ideas..
 

·
Master of Black Snow
Joined
·
19,338 Posts
Your friend should download Malware Bytes. Or if you can get him a solid disc with it on there to him to intall it direct w/o opening yourself up to attack.

Sounds like he's got a malware issue. Either that or he's got a Trojan.

~Ceadder
 

·
Registered
Joined
·
1,705 Posts
So you can ping google via cmd, but you can't get online or use online applications?

What does it say when you type ipconfig/all in cmd line?
 

·
Master of Black Snow
Joined
·
19,338 Posts
Google should NOT be replying to anyone when pinged.

All pings are for is testing response and locator times.

This is essentially malware and someone does not want the owner to use their system. Their system has essentially become a slave.

Think Borg here.

~Ceadder


Quote:


Originally Posted by maximus20895
View Post

So you can ping google via cmd, but you can't get online or use online applications?

What does it say when you type ipconfig/all in cmd line?

 

·
Registered
Joined
·
780 Posts
Discussion Starter · #5 ·
Quote:


Originally Posted by Ceadderman
View Post

Your friend should download Malware Bytes. Or if you can get him a solid disc with it on there to him to intall it direct w/o opening yourself up to attack.

Sounds like he's got a malware issue. Either that or he's got a Trojan.

~Ceadder


Avira and Malwarebytes were put on the computer at time of a fresh OS install and they were at most two days old in updates. Neither found anything.

Quote:


So you can ping google via cmd, but you can't get online or use online applications?

What does it say when you type ipconfig/all in cmd line?

Yes google replies so ping and name resolution work. I'll ask for the output - it will probably be tomorrow before I get a response.

Thanks
 

·
Master of Black Snow
Joined
·
19,338 Posts
Quote:


Originally Posted by evermooingcow
View Post

Avira and Malwarebytes were put on the computer at time of a fresh OS install and they were at most two days old in updates. Neither found anything.

Yes google replies so ping and name resolution work. I'll ask for the output - it will probably be tomorrow before I get a response.

Thanks

Hmmmm then you may have to perform scan in safe mode. Would also scan AV program in safe mode as well especially if it's a Trojan.

What AV program are they using? Do you know?

I apologize more than likely your friend has a Trojan onboard. The best thing they can do is get their AV scanning in safe mode for it. I'm not familiar with Avira however. I use AVG 9.0 and it's good at detecting in safe. If they can't find it best thing they can do(given the distance involved issue) is to take it into a shop and have the shop diagnose and remove the infection. I don't know what else I can tell you though to remedy the situation again due to the distance of.

If they go to a shop they should shut it down and unplug it to keep it from getting worse.

~Ceadder
 

·
Master of Black Snow
Joined
·
19,338 Posts
Ahhh okay then when they are in Safe mode have them make sure to look in the vault after the scan. But you never know, so it's just for follow up in case Avira doesn't have a similar feature as AVG.

I don't think that anything will be there because if it's as solid as AVG it will be immediately deleted upon detection.

Unless it's a really bad infection. Sometimes not even solid AV software can get these buggers. In which case it may take a reboot. Hopefully they have boot discs to do one if it comes to that.

~Ceadder


*Edit* Okay it's nearly 0100am here so I'm callin it a night. I'll check back in when I get up to see where you guys are at with the issue. Late.

Quote:


Originally Posted by evermooingcow
View Post

Good call. I'll ask to try safe mode next.
Avira is the AV software.

 

·
Banned
Joined
·
93 Posts
Evermooingcow,

Is there, by chance, a 3rd party firewall installed and enabled. Did your friend recently have an alternate (other than Avira) anti-virus program installed? It's possible that it was not removed properly -- you may want to check. Also, have you attempted to access the web through multiple browsers? If there were malicious software present, at one time, on the machine it is possible that a proxy server might be enabled in the browser. Also, have you asked your friend to check his hosts file?

Should you require additional assistance and guidance, Microsoft does have an official Windows 7 Support Forum located here http://social.technet.microsoft.com/...egory/w7itpro/ . It is supported by product specialists as well as engineers and support teams.

Jessica
Microsoft Windows Client Team
 
1 - 9 of 9 Posts
Top