Tech Help! - Dallas-Mavs.com Forums

jthig32 · 05-10-2009, 12:22 PM

Ok, a techie needs some help from the true big guns. I'm looking at you, U2, Dan, and various others.

My father in law is having connectivity problems. Nothing will connect on port 80. FTP, HTTPS, ping and every other protocol I've seen is working and connecting. But nothing will connect over port 80, in IE or Chrome. He can't even connect to his router, and other machines in his house are fine, so it's definitely local to the machine.

The windows firewall is off. He has no other firewall that I can see. He does have McAfee Virussan, but I don't see anything there that is behaving like a firewall. His TPC/IP info looks fine. Everything looks fine, he simply can't connect to a web page that isn't https.

I even ran a winsock repair utility.

This has to be some sort of virus, right? He said he ran an email attachment yesterday that made his virus software go crazy. I ran a Malware scan on it and removed a bunch of stuff, but no luck.

I've flushed his dns, repaired and renewed a million times, etc etc.

This is Windows XP.

Anything?

chumdawg · 05-10-2009, 12:30 PM

Hope you get help. Sorry I'm not the one to give it to you. So I'll just give you the standard response: Reinstall the operating system.

GermanDunk · 05-10-2009, 01:23 PM

I used to bridge the problem by removing the connection and reinstalling the network with the provider CD. Then tried to connect, removed the Software and set up the connection manually.

If possible connect without the Router and replace it later.

jthig32 · 05-10-2009, 02:30 PM

Ok, this is definitely virus/malware related.

I discovered that I couldn't open up the registry either. I ran his malware removal under safe mode and that unlocked the registry for me but not port 80.

Interestingly enough, it's only his user account that is messed up. The admin account and a new test account I created had no issues.

So he's going to use a different account as a temporary solution.

Flacolaco · 05-10-2009, 04:52 PM

That is really weird. I've never heard of that before.

Wish I were a network guy, but I don't know much. I'm sure u2 will weigh in tomorrow.

MavsX · 05-14-2009, 07:47 PM

Quote:

Originally Posted by jthig32

Ok, this is definitely virus/malware related.

I discovered that I couldn't open up the registry either. I ran his malware removal under safe mode and that unlocked the registry for me but not port 80.

Interestingly enough, it's only his user account that is messed up. The admin account and a new test account I created had no issues.

So he's going to use a different account as a temporary solution.

if that is his user profile. then yeah, it sounds like a virus/malware. It does make sense because you mentioned that a prior email attachment made his anti-virus software go nuts.

Just set him up with a new user account. I hope he didn't have admin rights with his other profile!

Male30Dan · 05-14-2009, 08:30 PM

Have you tried running MalwareBytes Anti-Malware in Safe Mode? Because I am not familiar with this exact virus/malware he has I would just recommend throwing several utilities at it while in safe mode. Try the following utilities and let me know whether or not they help:

MalwareBytes Anti-Malware
CWShredder
HiJackThis
LSPFix
Killbox
SmitFraudFix
HaxFix

Make sure you read a bit on how to use some of these utilities as you can do more harm than good if you don't know what you are doing. Most of the above utilities are likely useless but again, not knowing what you are suffering from - it won't hurt.

At the end of the day he could just have a corrupt profile that is causing some sporadic issues, though I don't think that is the issue. Any chance he kept the E-Mail w/attachment so you can research the text of the E-Mail for a possible virus, (or search against the actual attachment name)?

Hope this helps.

u2sarajevo · 05-15-2009, 08:47 AM

Sorry thig I didn't see this thread until Dan bumped it. I would, of course, agree with Dan but might mention that you could possibly be dealing with a rootkit problem. That is odd that the issue doesn't appear with a new account being created, which makes it sound like you might have killed the malware but the cleanup utility wasn't thorough enough to undo what the malware did. I would be weary of using that host until I knew for sure I did all I could to detect.

But rootkits these days are pretty clever at hiding themselves. There isn't a product available to detect them all today. But this one has saved me in the past so I'd start with it:
http://technet.microsoft.com/en-us/s.../bb897445.aspx

u2sarajevo · 05-15-2009, 08:48 AM

Also, if you run hijack could you post the log?

jthig32 · 05-15-2009, 04:07 PM

Not sure when I'll be over at his house next. I haven't heard from him so I assume he's using another account with no issues now.

BTW, Malwarebytes was the utility I was running in safe mode, Dan. So at least I had the proper utility.

My father in law actually has a friend that usually does stuff like this for him. He's much more of a true IT guy (like you guys) than myself, but he was out of town. So I suspect he'll have taken care of this before I get back over there.

Thanks for the input, all.