Question

XP Pro NETWORKING PROBLEMS

Asked by: gudbuddy

Hello Guys,

I have a very serious problem with my existing XP Pro Network. I tried all my best but failed.

Here is the scenario:

1) I have 4 PCs all running on XP Professional with Linksys router BFS40 (DSL/CABLE Modem Router), with verizon DSL.  I never had problem with my network the past 12 months.
2) 3 days ago, the PCs can no longer connect to the internet. I noticed that one computer (which I will refer as COMPUTER "A") is sending packets 20 times its receiving packets which I thought is really abnormal.
3) All 4 PCs can ping each other but can not ping the router 192.168.1.1 which I later realized with the support of LinkSys that its a router problem.
4) Today, I replaced it with a new ROUTER... a linksys router. But it still did not resolve the problem. Everytime I connect the COMPUTER "A", it doesn't allow all the other 3 PCs to connect to the internet, can not ping the 192.168.1.1 hence, they can locally networked. They can ping each other, and they can ping the router. BUT, I can not open the router from the internet explorer by typing 192.168.1.1
5) By the way, in addition to my setup and the network scenario, (1) One PC is used for remote desktop using RadAdmin Software.
6) Yesterday, one PC is having an NT error with LSASS.EXE and terminates in 60 seconds. Which I doubt its a sasser virus. Can you also please help me how am I going to solve this?

Here are the things I did to figure out the problem:

1) I tried different cables by exchanging cables for computer "A" and connect again to the router, but its the same thing. And but when I remove the computer "A" from the router, all 3 PCs can go to the internet and can ping the router.
2) did a hard reset on the router... enabled and disabled the DMZ host but it still not solving the problem.
3) my questions is.... is it right that the packets being transmitted by COMPUTER "A" is 20 times than the packets received?.. for instance, its transmitting up to 5 million and receiving only 300,000? is this normal?
4) I can not ignore the computer "A"  because it is a "server-like" in that office. Most of our files are being shared from that computer.
4) I have tried to remove the LSASS.EXE error using Microsoft tools to detect the sasser but it tells me no sasser worm is being detected.

PLEASE HELP.

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2004-06-22 at 17:50:06ID21034754
Tags

pro

,

radadmin

,

xp

Topic

Windows XP Operating System

Participating Experts
5
Points
500
Comments
13

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. using PCAnywhere on XP Pro DSL Connection
    Our two offices has DSL connections each has a router(Linksys) on top of the DSL Modem (Westell Dual) provided by Verizon. Naturally, it has a dynamic WAN IP provided by the router. I have local IP on the network itself. I would like to access these machines "remotely&...
  2. Windows XP PRO VPN Server behind Linksys BEFSR41
    Hello, I'm having troubles setting up a VPN Server on a Windows XP Pro machine. I have the machine that is setup to act as the VPN server with a static IP address of 192.168.1.99 I also have 192.168.1.99 set as a DMZ in the Linksys browser configuration tab. I also have t...
  3. lsass.exe error shuts down XP Home in 60 seconds!
    "C:\windows\system32\lsass.exe terminated unexpectedly with status code 128. Your computer will now shut down in __ seconds..." This is the error I'm dealing with on a friend's 1 year old white box pc. XP Home is the original installation. Is there a way I can r...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: Fatal_ExceptionPosted on 2004-06-22 at 18:27:24ID: 11375431

Are you running updated Antivirus on all your PC's?  Have you cked for Spyware?  Try taking the router off line and connect one of your systems directly to your Internet Interface (cable modem, etc.).  If you can get online now, run an online antivirus cker...  

Virus Check On Line

Online trojan scan? www.trojanscan.com

Online virus scan:  http://www3.ca.com/virusinfo/

Security Check:  http://www.symantec.com/product/index_homecomp.html

What is spyware:

http://www.spychecker.com/spyware.html
http://www.informit.com/articles/article.asp?p=174140
http://www.cexx.org/hphijack.htm

SpyBot-S&D : http://www.webattack.com/download/dlspybot.shtml

Ad-aware : http://www.webattack.com/download/dladaware.shtml

 

by: LeftofCoolPosted on 2004-06-22 at 18:29:33ID: 11375443

Here's a few more tools for you. Make sure to run Stinger.

Anti-Spyware/Adware

Ad-Aware 6
http://download.com.com/Ad-aware/3000-8022-10214379.html?tag=lst-0-1

Spy Sweeper 2.6 (free trial)
http://www.webroot.com/wb/products/spysweeper/index.php

Spybot Search & Destroy 1.3
http://download.com.com/3000-8022-10289035.html?tag=lst-0-1

Hijack This
http://download.com.com/3000-8022-10227352.html?tag=lst-0-3

Web Shredder (Removes all Cool Web Search variants)
http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshredder


Online Anti-Virus

Computer Associates Online AV
http://www3.ca.com/virusinfo/virusscan.aspx

Symantec (Norton AV)
http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym

McAfee Free Scan
http://us.mcafee.com/root/mfs/default.asp

McAfee AVERT Stinger
http://vil.nai.com/vil/stinger/

Trend Micro Housecall
http://housecall.antivirus.com/housecall/start_corp.asp

Panda ActiveScan
http://www.pandasoftware.com/activescan/

Kapersky Online AV
http://www.kaspersky.com/remoteviruschk.html




 

by: lsilviuPosted on 2004-06-23 at 02:05:51ID: 11377385

Your problem is surelly not cables or router if the light signals from router are OK
It should be a dialler kind of program or adaware. For the shut doun problem of the PC try to patch the Windows with the update for the LSASS microsoft provides.
Online scan might help but try a local one, much more sure, i recomand SpyBot S&D 1.3 and AdAware build 1.8.1 ,don't forget to update them before running a scan.
If u can't go online, hit Ctrl+Alt+Del shut down all tehe unnecessary processes and the ones you don't recognize, and try again.
Good Luck

 

by: gudbuddyPosted on 2004-06-23 at 04:54:14ID: 11378260

I can connect directly to the verizon dsl modem for all the other 3 computers and gets connected to the Internet.

BUT with COMPUTER "A" directly connected to the modem, IT DOES NOT STILL connect to the internet.

I WILL TRY TO DO THE ABOVE SUGGESTIONS WHO TOLD ME GUYS.

BUT ANYMORE INPUTS PLEASE??? AND IF LSASS.EXE is a VIRUS how do I remove this?

 

by: Fatal_ExceptionPosted on 2004-06-23 at 05:45:01ID: 11378590

LSASS.EXE is NOT a VIRUS..   But the error being generated could be caused by a virus, or spyware...  That is why we would like you to take care of this first...  

If it continues after, then we will start addressing the specifics..

Let us know..!!

FE

 

by: spiderfixPosted on 2004-06-23 at 09:28:07ID: 11380898

>>IT DOES NOT STILL connect to the internet<<
Surely you see the Lsass.exe error pop up all the time.

>>enabled and disabled the DMZ<<
>>LSASS.EXE error using Microsoft tools to detect the sasser but it tells me no sasser worm<<

You are not visiting Microsoft Windows Update. Your obviously infected with the
Sasser virus (perhaps more virii and spyware as well). It's almost impossible
for the Sasser to penetrate a router but enabling the DMZ on the router allowed
Sasser a clean shot at your unupdated Windows XP(s).

Couple of things wrong with the Microsoft Sasser tool.
1 - it only covers Sasser.A to Sasser.F
2 - they don't offer the correct removal steps

You need Symantec's Sasser tool
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html
and Symantec has a 13 step instruction on how to remove the virus.

That's all fine and dandy for killing Sasser but without visiting Windows Update
http://v4.windowsupdate.microsoft.com/en/default.asp
you'll just get reinfected in less than 5 seconds with an unupdated XP. The catch22 is
you need to get on the Web to get XP updated but being on the Web for even 5 seconds
gets you reinfected with Sasser.

Here is how you get past that.
1 - Click Start, Run..., type "shutdown -a"
2 - If LSASS still shuts you down you have to download those from a non-infected machine
3 - Download the Symantec tool
4 - Download the Microsoft Sasser update at
http://www.microsoft.com/downloads/details.aspx?FamilyID=3549ea9e-da3f-43b9-a4f1-af243b6168f3&displaylang=en
5 - Download Outpost Firewall FREE, version 1.0 at http://www.agnitum.com/download
6 - Download Ad-aware at
http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button
7 - Unplug the WAN wire (the modem) from the router
8 - Boot into Safe Mode (not Safe Mode with Networking just Safe Mode)
9 - Run the Symantec Sasser tool (even if it reports nothing it still kills it)
10 - Run Ad-Aware
11 - Reboot normal
12 - Run the Microsoft Sasser update
13 - Install Outpost firewall
14 - Make a B-line to Windows Update and install ALL critical updates showing. After rebooting
      from installing criticals return to Windows Update until the critical updates list shows zero (o).

 

by: spiderfixPosted on 2004-06-23 at 09:32:53ID: 11380946

A couple of other things.

If your DMZ setting on the router says anything other than
192.168.1.0 then your router is not protecting one of the machines.

You should go here and scan hard drives
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
click "Scan my PC" and keep clicking buttons till you see "Hard Drives" icon
and click that. Say "Yes" to any Security Warning popups that appear.

 

by: gudbuddyPosted on 2004-06-23 at 09:53:09ID: 11381156

OK fine. I have solved sasser problem. THANK YOU.

Now my question is about my COMPUTER "A" which is transmitting 20 times than it is receiving.

For instance... it sent "405,000 bytes" but only receives "109" bytes.

I have run spybot search and destroy. Run stinger and disinfected. But it is still doesnt have any changes.

This set up is disconnected from the router because I wanted to isolate the problem first.

PLease further help and assistance.

Thank you.

 

by: spiderfixPosted on 2004-06-23 at 10:14:03ID: 11381374

>>I have run spybot search and destroy<<
I like Spybot. It's a great program and especially for free, kudos to Mr. Kolla for that.
The thing is Ad-aware deals with Windows XP much better. Scan your XP with
an updated Ad-aware.

>>This set up is disconnected from the router because I wanted to isolate the problem first<<
You have unupdated Windows XP operating systems, you need to update with
all the criticals before you do anything. Pull all machines out of the LAN ports on the
router except for one, go to Windows Update and get all criticals installed. Keep
returning to Windows Update after reboots until the critical list shows zero (0).
Do the machines one-at-a-time hooked up to the router.

>>Run stinger and disinfected<<
That's all fine and dandy but you need the big guns...Panada scan. Panada scan only
after Windows XP is updated.

 

by: Fatal_ExceptionPosted on 2004-06-23 at 10:24:56ID: 11381456

I agree...  In fact if you run both Spybot and Adaware, you will see that they both find different items...   I forgot to mention above that I would run both if I were you.  

And definitely do as Spider suggests...   Get your updates first and foremost before you go with the disinfection...

 

by: Fatal_ExceptionPosted on 2004-06-30 at 17:11:26ID: 11442191

Thanks..

FE

 

by: gbaharoffPosted on 2004-07-20 at 10:45:47ID: 11595347

Holy s--t. That's alot of submittals without one replying to your real issue. Unfortunately I don't have your answer, but am running into the same problem. If I find something I'll let you know. What's interesting for me is when I have a sniffer on the system the traffic report isn't that substantial. Also off of Task Manager the network utilization never hits one percent. Very perplexing. I have stats that report literally billions of packets sent and a few hundred received. I'm on a laptop with an integrated NIC, but if you're using a desktop try another NIC. I'm going to get a PCMCIA NIC to test in my laptop. Let me know.

 

by: gbaharoffPosted on 2004-07-20 at 12:19:11ID: 11596454

I found something during troubleshooting further today that fixed this error for me. I had the same exact problem. I have a Gateway with an Intel PRO/100 VE integrated chipset. Sony has the only information I've found that specifically listed this error. I did find new updates on the Intel page, though they didn't list this as an error. The link and file are listed below:

http://downloadfinder.intel.com/scripts-df/Detail_Desc.asp?agr=Y&Inst=Yes&ProductID=407&DwnldID=4233

prokxpm.exe v8.4 dated 4/16/2004

This resolved the problem for me.

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...