05-10-2009, 12:22 PM
|
#1
|
Lazy Moderator
Join Date: Jul 2004
Location: Lazytown
Posts: 18,721
|
Tech Help!
Ok, a techie needs some help from the true big guns. I'm looking at you, U2, Dan, and various others.
My father in law is having connectivity problems. Nothing will connect on port 80. FTP, HTTPS, ping and every other protocol I've seen is working and connecting. But nothing will connect over port 80, in IE or Chrome. He can't even connect to his router, and other machines in his house are fine, so it's definitely local to the machine.
The windows firewall is off. He has no other firewall that I can see. He does have McAfee Virussan, but I don't see anything there that is behaving like a firewall. His TPC/IP info looks fine. Everything looks fine, he simply can't connect to a web page that isn't https.
I even ran a winsock repair utility.
This has to be some sort of virus, right? He said he ran an email attachment yesterday that made his virus software go crazy. I ran a Malware scan on it and removed a bunch of stuff, but no luck.
I've flushed his dns, repaired and renewed a million times, etc etc.
This is Windows XP.
Anything?
|
|
|
05-10-2009, 12:30 PM
|
#2
|
Guru
Join Date: Oct 2003
Location: Cowboys Country
Posts: 23,336
|
Hope you get help. Sorry I'm not the one to give it to you. So I'll just give you the standard response: Reinstall the operating system.
|
|
|
05-10-2009, 01:23 PM
|
#3
|
Diamond Member
Join Date: Mar 2007
Location: Deutschland
Posts: 7,885
|
I used to bridge the problem by removing the connection and reinstalling the network with the provider CD. Then tried to connect, removed the Software and set up the connection manually.
If possible connect without the Router and replace it later.
__________________
|
|
|
05-10-2009, 02:30 PM
|
#4
|
Lazy Moderator
Join Date: Jul 2004
Location: Lazytown
Posts: 18,721
|
Ok, this is definitely virus/malware related.
I discovered that I couldn't open up the registry either. I ran his malware removal under safe mode and that unlocked the registry for me but not port 80.
Interestingly enough, it's only his user account that is messed up. The admin account and a new test account I created had no issues.
So he's going to use a different account as a temporary solution.
Last edited by jthig32; 05-10-2009 at 02:30 PM.
|
|
|
05-10-2009, 04:52 PM
|
#5
|
Rooting for the laundry
Join Date: May 2006
Posts: 21,342
|
That is really weird. I've never heard of that before.
Wish I were a network guy, but I don't know much. I'm sure u2 will weigh in tomorrow.
|
|
|
05-14-2009, 07:47 PM
|
#6
|
Diamond Member
Join Date: Feb 2006
Location: Arlington, VA
Posts: 7,031
|
Quote:
Originally Posted by jthig32
Ok, this is definitely virus/malware related.
I discovered that I couldn't open up the registry either. I ran his malware removal under safe mode and that unlocked the registry for me but not port 80.
Interestingly enough, it's only his user account that is messed up. The admin account and a new test account I created had no issues.
So he's going to use a different account as a temporary solution.
|
if that is his user profile. then yeah, it sounds like a virus/malware. It does make sense because you mentioned that a prior email attachment made his anti-virus software go nuts.
Just set him up with a new user account. I hope he didn't have admin rights with his other profile!
|
|
|
05-14-2009, 08:30 PM
|
#7
|
Diamond Member
Join Date: Aug 2003
Location: Waco, TX
Posts: 8,141
|
Have you tried running MalwareBytes Anti-Malware in Safe Mode? Because I am not familiar with this exact virus/malware he has I would just recommend throwing several utilities at it while in safe mode. Try the following utilities and let me know whether or not they help:
MalwareBytes Anti-Malware
CWShredder
HiJackThis
LSPFix
Killbox
SmitFraudFix
HaxFix
Make sure you read a bit on how to use some of these utilities as you can do more harm than good if you don't know what you are doing. Most of the above utilities are likely useless but again, not knowing what you are suffering from - it won't hurt.
At the end of the day he could just have a corrupt profile that is causing some sporadic issues, though I don't think that is the issue. Any chance he kept the E-Mail w/attachment so you can research the text of the E-Mail for a possible virus, (or search against the actual attachment name)?
Hope this helps.
__________________
|
|
|
05-15-2009, 08:47 AM
|
#8
|
moderately impressed
Join Date: May 2003
Location: Home of the thirteenth colony
Posts: 17,705
|
Sorry thig I didn't see this thread until Dan bumped it. I would, of course, agree with Dan but might mention that you could possibly be dealing with a rootkit problem. That is odd that the issue doesn't appear with a new account being created, which makes it sound like you might have killed the malware but the cleanup utility wasn't thorough enough to undo what the malware did. I would be weary of using that host until I knew for sure I did all I could to detect.
But rootkits these days are pretty clever at hiding themselves. There isn't a product available to detect them all today. But this one has saved me in the past so I'd start with it:
http://technet.microsoft.com/en-us/s.../bb897445.aspx
__________________
|
|
|
05-15-2009, 08:48 AM
|
#9
|
moderately impressed
Join Date: May 2003
Location: Home of the thirteenth colony
Posts: 17,705
|
Also, if you run hijack could you post the log?
__________________
|
|
|
05-15-2009, 04:07 PM
|
#10
|
Lazy Moderator
Join Date: Jul 2004
Location: Lazytown
Posts: 18,721
|
Not sure when I'll be over at his house next. I haven't heard from him so I assume he's using another account with no issues now.
BTW, Malwarebytes was the utility I was running in safe mode, Dan. So at least I had the proper utility.
My father in law actually has a friend that usually does stuff like this for him. He's much more of a true IT guy (like you guys) than myself, but he was out of town. So I suspect he'll have taken care of this before I get back over there.
Thanks for the input, all.
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 09:24 PM.
|