[evermooingcow]

A friend is having a funny networking issue with Windows 7:

Symptoms:
- Gets an IP via DHCP.
- Able to ping google.com and get replies.
- Browser gets an error "Connection to the server was reset" trying to open any web page (including the web interface of the gateway router).
- Other internet applications also seem to fail.
- Cannot see other computers on the network.
- Other computers on the network do not have this problem.

Tested:
- Restart.
- Full scan using Avira and Malwarebytes found nothing.
- Disabled IPv6.
- Tried reducing the interface MTU to ~900.
- Tried disabling Windows firewall.

Conditions:
- I can only help via phone and email.
- The only connection available is wireless and supposedly there aren't even extra cat cables available to use to test a wired connection..

I'm stuck - what else can I try? I would appreciate any ideas..

 

[Ceadderman]

Your friend should download Malware Bytes. Or if you can get him a solid disc with it on there to him to intall it direct w/o opening yourself up to attack.

Sounds like he's got a malware issue. Either that or he's got a Trojan.

~Ceadder

 

[maximus20895]

So you can ping google via cmd, but you can't get online or use online applications?

What does it say when you type ipconfig/all in cmd line?

 

[Ceadderman]

Google should NOT be replying to anyone when pinged.

All pings are for is testing response and locator times.

This is essentially malware and someone does not want the owner to use their system. Their system has essentially become a slave.

Think Borg here.

~Ceadder

Quote:

Originally Posted by maximus20895 So you can ping google via cmd, but you can't get online or use online applications? What does it say when you type ipconfig/all in cmd line?

 

[evermooingcow]

Quote:

Originally Posted by Ceadderman Your friend should download Malware Bytes. Or if you can get him a solid disc with it on there to him to intall it direct w/o opening yourself up to attack. Sounds like he's got a malware issue. Either that or he's got a Trojan. ~Ceadder

Avira and Malwarebytes were put on the computer at time of a fresh OS install and they were at most two days old in updates. Neither found anything.

Quote:

So you can ping google via cmd, but you can't get online or use online applications? What does it say when you type ipconfig/all in cmd line?

Yes google replies so ping and name resolution work. I'll ask for the output - it will probably be tomorrow before I get a response.

Thanks

 

[Ceadderman]

Quote:

Originally Posted by evermooingcow Avira and Malwarebytes were put on the computer at time of a fresh OS install and they were at most two days old in updates. Neither found anything. Yes google replies so ping and name resolution work. I'll ask for the output - it will probably be tomorrow before I get a response. Thanks

Hmmmm then you may have to perform scan in safe mode. Would also scan AV program in safe mode as well especially if it's a Trojan.

What AV program are they using? Do you know?

I apologize more than likely your friend has a Trojan onboard. The best thing they can do is get their AV scanning in safe mode for it. I'm not familiar with Avira however. I use AVG 9.0 and it's good at detecting in safe. If they can't find it best thing they can do(given the distance involved issue) is to take it into a shop and have the shop diagnose and remove the infection. I don't know what else I can tell you though to remedy the situation again due to the distance of.

If they go to a shop they should shut it down and unplug it to keep it from getting worse.

~Ceadder

 

[evermooingcow]

Good call. I'll ask to try safe mode next.
Avira is the AV software.

 

[Ceadderman]

Ahhh okay then when they are in Safe mode have them make sure to look in the vault after the scan. But you never know, so it's just for follow up in case Avira doesn't have a similar feature as AVG.

I don't think that anything will be there because if it's as solid as AVG it will be immediately deleted upon detection.

Unless it's a really bad infection. Sometimes not even solid AV software can get these buggers. In which case it may take a reboot. Hopefully they have boot discs to do one if it comes to that.

~Ceadder

*Edit* Okay it's nearly 0100am here so I'm callin it a night. I'll check back in when I get up to see where you guys are at with the issue. Late.

Quote:

Originally Posted by evermooingcow Good call. I'll ask to try safe mode next. Avira is the AV software.

 

[JessicaD]

Evermooingcow,

Is there, by chance, a 3rd party firewall installed and enabled. Did your friend recently have an alternate (other than Avira) anti-virus program installed? It's possible that it was not removed properly -- you may want to check. Also, have you attempted to access the web through multiple browsers? If there were malicious software present, at one time, on the machine it is possible that a proxy server might be enabled in the browser. Also, have you asked your friend to check his hosts file?

Should you require additional assistance and guidance, Microsoft does have an official Windows 7 Support Forum located here http://social.technet.microsoft.com/...egory/w7itpro/ . It is supported by product specialists as well as engineers and support teams.

Jessica
Microsoft Windows Client Team