You have been infected by W32/Rbot-MY worm.
http://www.sophos.com/secu
Patches:
http://www.microsoft.com/t
http://www.microsoft.com/t
http://www.microsoft.com/t
http://www.microsoft.com/t
Main Topics
Browse All Topics
Loading Advertisement...
Question
urgent: complete loss of internet connection, maybe a virus?
Hello experts,
I have a toshiba satellite laptop running WinXP Pro, SP2. I had been using Norton AntiVirus for quite a while, but eventually had problems with Norton recognizing that I had updated/renewed, a problem which lasted for several weeks (I've heard that this is a problem many Norton users have faced). Two days ago, I completely lost internet connectivity. I figured this might have something to do with the Norton problem.
Based on a previous Experts solution, I downloaded (via a different machine) Winsock Repair and ran it. When the laptop restarted, I had full internet connection again. I tried to start installing PC-cillin, but as soon as the install was done, I had lost internet connectivity again. I ran Winsock Repair again, rebooted, and again got a connection. But I then lost connection yet again just some minutes later. I could probably go through this cycle forever.
The previous solution also recommended using HijackThis and posting the report it generates to this group for feedback. That's what I'll do now. If anybody has any idea what could be causing this, please let me know!! Thanks.
Here's the report:
Logfile of HijackThis v1.99.1
Scan saved at 5:29:43 PM, on 9/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\System32\DRIVER
c:\Program Files\DUnetVPN401-DUc\cvpn
C:\oracle\product\10.1.0\D
C:\oracle\product\10.1.0\D
c:\oracle\product\10.1.0\d
C:\oracle\product\10.1.0\D
C:\PROGRA~1\TRENDM~1\INTER
C:\Program Files\Analog Devices\SoundMAX\SMAgent.e
C:\WINDOWS\System32\svchos
C:\PROGRA~1\TRENDM~1\INTER
C:\PROGRA~1\TRENDM~1\INTER
C:\PROGRA~1\TRENDM~1\INTER
C:\oracle\product\10.1.0\D
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THot
C:\WINDOWS\System32\igfxtr
C:\WINDOWS\System32\hkcmd.
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\TFNF5.
C:\WINDOWS\system32\TPWRTR
C:\Program Files\TOSHIBA\TouchED\Touc
C:\WINDOWS\System32\ezSP_P
C:\toshiba\ivp\ism\pinger.
C:\Program Files\Analog Devices\SoundMAX\PmProxy.e
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\dlcdco
C:\HijackThis\HijackThis.e
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THot
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtr
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\Touc
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_P
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\ts
O4 - HKLM\..\Run: [7BDBEF49] C:\DOCUME~1\Andrea\LOCALS~
O4 - HKLM\..\Run: [Video Lan Player] VideoLanPlayer.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.e
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\RunServices: [Video Lan Player] VideoLanPlayer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [Video Lan Player] VideoLanPlayer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: University of Denver DUnetVPN401-DUc.lnk = C:\Program Files\DUnetVPN401-DUc\vpng
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsr
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\F
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVER
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - c:\Program Files\DUnetVPN401-DUc\cvpn
O23 - Service: dlcd_device - - C:\WINDOWS\system32\dlcdco
O23 - Service: Video Lan Player (hub) - Unknown owner - C:\WINDOWS\System32\VideoL
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: OracleCSService - Unknown owner - C:\oracle\product\10.1.0\D
O23 - Service: OracleDBConsoleorcl - Oracle Corporation - C:\oracle\product\10.1.0\D
O23 - Service: OracleOraDb10g_home1iSQL*P
O23 - Service: OracleOraDb10g_home1SNMPPe
O23 - Service: OracleOraDb10g_home1SNMPPe
O23 - Service: OracleOraDb10g_home1TNSLis
O23 - Service: OracleServiceORCL - Oracle Corporation - c:\oracle\product\10.1.0\d
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTER
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.e
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTER
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTER
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTER
Andy
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Subscribe now for full access to Experts Exchange and get
Instant Access to this Solution
- Plus...
- 30 Day FREE access, no risk, no obligation
- Collaborate with the world's top tech experts
- Unlimited access to our exclusive solution database
- Never be left without tech help again
Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.
- "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
- "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
- "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.
See what Experts Exchange can do for you.
Got a question?
We've got the answer.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
Need individual assistance?
Our experts are ready to help.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Want to learn from the best?
Read articles from industry experts.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Working on a long term project?
Store your work and research.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
What Makes Experts Exchange Unique?
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Trusted by the world's most respected brands.
Faithfully serving IT professionals since 1996.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Free Tech Articles
-
WARNING: 5 Reasons why you should NEVER fix a computer for free.
It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
-
SCCM OSD Basic troubleshooting
SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
-
Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
-
Create a Win7 Gadget
This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
-
Outlook continually prompting for username and password
There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
-
Backup Exchange 2010 Information Store using Windows Backup
There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...
Cloud Class Webinars
- Avoiding Bugs in Microsoft Access
Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
- Top 10 Best New Features in Visio 2010
Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
- IT Consultant Business Secrets Revealed
Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
- Disaster Recovery and Business Continuity
Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
- Organize Your Visio Diagrams with Containers and Lists
Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
- How to Us Objects, Properties, Events and Methods in Microsoft Access
Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...
Join the Community
Give a Little. Get a Lot.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
Answers
I followed all of the suggestions younghv made (getting rid of registry entries involving videolan, deleting the temp.tmp items in the local directory, running nonav.exe, and running ccleaner utility), but these did not resolve the problem. The patches ruijietan suggested are not relevant to my machine since I'm running SP2 -- attempts to load these patches were rejected because they are older than SP2.
Sadly enough, the problem is still with me. Hopefully I'll get more suggestions.
Thank you for trying, younghv and ruijuetan.
Andy
Below is a copy of your HijackThis analysis. As younghv stated you have an issue with "videolanplayer" which requires 'fixing', but you could also take a look at the 18 "unknown" processes and see if you recognise their descriptions. Then consider 'fixing' them. See if that helps.
Ideally you should create a folder where you would like the HijackThis file to reside, and run it from there, not from the Desktop or a temp folder. It is important that you download this file to its own folder as this folder will be used when HijackThis makes backups. Temp folders get deleted, taking with them HJT's 'backups' of items that were 'fixed'.
http://www.hijackthis.de/l
You can use the search function here to identify a particular "exe file". Several of the unknown processes do appear harmless, but you may want to check them out yourself. Investigating further:
http://www.processlibrary.
If you haven't yet tried this Norton 'cleanup' >
"Using the Norton Removal Tool":
http://service1.symantec.c
Suggest you also download and run this free version of Ewido anti-malware.
Update first, then scan in Safe mode:
http://www.ewido.net/en/do
Status update, related to suggestions from Jonvee:
All of the videolan registry entries have been removed. 17 of the 18 unknown processes from the HijackThis report are accounted for (oracle db, network tools, print tools, sound utility, etc.). The one that is not, the tmp.exe entry, has been removed. I ran Ewido's full scan, but it didn't discover anything. The Norton Removal Tool cannot be run, because it demands a network connection (which, of course, I do not have).
The machine still has no internet connectivity. It's even worse now: after a run of Winsock Repair and a reboot, now even that doesn't provide a brief moment of internet connection.
Thanks for your ideas, Jonvee, but alas, I am still unable to connect to the internet or other machines on my home network. This is very frustrating.
Andy
Ok thanks. Well Ewido is excellent and it's good you've got a clean report.
However, *if* you get no further satisfactory comments, you may wish to consider a Repair Install.
This is a particularly popular link for the repair. Please note the appropriate warnings, and if you do procceed with the repair install you will naturally have to redo all updates, etc..
[Still considering other possible moves on your issue.]
"How to Perform a Windows XP Repair Install":
http://www.michaelstevenst
Took another look at your problem & found this >
"No Internet Connectivity After Uninstalling Norton AntiVirus Software":
Fixing this requires editing the Registry to remove the dependency for DHCP start up.
Click Start > Run.
Type "regedit" in the Run box, click OK.
Locate the following keys in the registry:
HKEY_LOCAL_MACHINESystemCu
HKEY_LOCAL_MACHINESystemCu
For each of the above, double-click the item DependOnService.
Delete any references to SYMTDI or NISDRV.
Click File and Exit to save the changes and close the Registry Editor.
The computer will need to be restarted before the changes will take effect.
Details >> http://8help.osu.edu/1552.
When you say 'winsock' repair, are you running the command:
netsh winsock reset (enter)
from Start --> Run or from a command line?
Also - the nonav.exe should have removed any reference to any Norton/Symantec product everywhere on you computer - including the Registry.
If you still have Registry residue, run the 'Issues' function in CCleaner (www.ccleaner.com).
You may have to run it 2-3 times, re-boot and run it again.
Very good product in the XP environment.
Keep at it, we'll get there.
Vic
Following Vic's entry querying 'winsock' repair, you may like to view this next link, there may be something we've missed >
"How to repair Winsocks":
http://www.alaynah.net/she
The winsock repair I referred to is a utility called winsockxpfix. I got it from a previous solution posting (for someone else's problem):
> Comment from SheharyaarSaahil
> Date: 09/01/2004 10:14AM MDT
> Comment
>
> Hello netadmin2004 =)
>
> Try running this Winsock Repair for XP:
> http://www.spychecker.com/
It didn't solve my problem. Nor did CCleaner, which I have run many times now.
I just tried the solution Jonvee suggested, but my registry has no references to SYMTDI or NISDRV at those keys. While I was looking in the registry, I verified that there are no references to any keys that have 'norton' or 'nav' as names or values. nonav appears to have done the job. Unfortunately, the machine still has no internet connectivity.
Thanks for continued suggestions. Hopefully we will get there!
Andy
From a command prompt, what do you get when you use the command "ipconfig /all" (enter)
If you're not getting an IP address ALMOST identical to your other computer, take a look at this advice:
http://www.petri.co.il/rei
All of your DNS and Default Gateway settings should be identical to your other computer(s).
Vic
I get exactly the IP address the dlink router says it has assigned, which is a final .100 (while the desktop is a .102 -- otherwise all the digits are identical). And the DNS and Gateway settings are identical, with one exception: the laptop does not have this line, which the desktop PC does have:
DNS Suffix Search List..................... : KOTONA
which is the name of my workgroup. Could this be part of the problem??
Darn, I was wrong about something I last sent out! Turns out that the IP address the laptop is getting has been changing to different routers. My next door neighbors must also have routers that the laptop is able to pick up on. It has apparently been shifting away from my own router to routers of neighbor(s). Such activity has never happened before this most recent Norton fiasco. I never asked to drop my own router and switch to a different one. Now that I can see it happening I'm able to manually request a return to my own router. This must be what had been happening when I rebooted after a winsock repair, got connectivity for a short bit, but then "lost" the connection again. Losing the connection was probably just switcing the connection to a router across the street, one that caused connection problems for my own machine.
This is new behavior. Any idea why this has been happening??
But the router itself doesn't seem to be the problem. The desktop and other two laptops in my home network have not had any problems at all during this one machine's crisis moments. Seems like the problem is a single laptop going to other routers for dpcp ip assignment, and these other routers that are not in my house. Is there a way to *make* this one laptop look fora connection with only one specific router?
Perhaps this should be posed as a new question.
Andy
You can definitely manually select a connection. You can even sort the available connections in a preference list.
Until this past week, the router that came up by default is the router in my home. What's happening now is that even after manually selecting the home router, the laptop ends up dropping it and going over to a different router. This is new behavior. One guess is that the laptop would only do that if it's having trouble connecting to the router manually chosen. If that's the case, then this new behavior could be due to new connection problems the laptop developed in the process of getting rid of Norton.
Any thoughts?
Andy
You could take another look at your router wireless settings.
Have you phyically repositioned the wireless router during troubleshooting so that it is somehow "seeing" a larger signal level from your neighbour's router?
Can you easily reposition the router if so? Even consider some form of extra RF shielding between your walls(& routers).
Are conditions the same if you use your laptop in other parts of your house?
You could consider temporarily by-passing your router/home network, and connect the laptop direct, to confirm internet connection.
There is a serial number on the bottom of the router. This would prevent the behavior in which you describe connection problems the laptop devloped in the proccess of getting rid of Norton. As younghy said in the above post "check with your manufacture's web site" Check for firmware updates.
You can also call your router manufacture's support staff, they can walk you through set up of the router.
d_may
The router *model* (or type) number may be of more use, perhaps thats what d_may is after, although you could also make a note of the serial number if it's visible.
Firmware updates can certainly be crucial to a router's operation.
You may well find sufficient re-setting up instructions if you logon to the router as "admin", on the associated "help page".
Then if you still have a problem and you can make that *direct* internet connection as suggested above, hopefully you could download and run the Norton removal tool mentioned earlier.
I dare say if your neighbor had his security set up on his router connection (WEP) then your computer would not be able to set it as a connection. You can set the order or delete his connection.
You need a firmware update. You need to set your security. Then as mentioned above your could run the Norton removal tool.
start>run>"type" ipconfig What do you see as an address?
A few more similar items to consider. Is the laptop set to Automatically obtain an IP address?
Following on from the above suggestion you could also run the command "ipconfig /all" from a DOS prompt.
Then run the same command on another computer, and compare the results.
What is the value for "DNS server" on the laptop?
Can you see the Default Gateway IP?
Sorry for the delay.
As of last night, the connection via my router would work for a while, then out of nowhere the network connection would switch to some other router somewhere else and the ability to connect to the web with a browser disappeared. When I rebooted the laptop, it would come back up and connect to my router. Chances are it would've floated off again, though I was too tired to wait up and find out.
On booting up today, it connected to my router. So I followed ealier advice while I could and went to Norton's site and used their removal tool, and rebooted again. The network connection went to my router.
If the connection stays with my router for the rest of today, I'll go ahead and close this question.
Thanks for all the suggestions.
Andy
Good. Thanks for the report it certainly sounds much better.
*If* the problem did recurr, another suggestion is to download then install and run this cleanup tool:
http://ca.huji.ac.il/bf/mc
This will remove NAVCE and Symantec AV versions 4, 5, 7, 8, 9, SCF, SSC, and AMS from your file system and registry. Reboot once again.
NoNav.exe has been a life saver for us.
Here is the actual link to the Symantec version (they don't publicize it's existence very well).
Check the dates of the files and grab the latest version:
(http://symantec.netvision
I am showing version NoNav2.48.exe
Vic
Vic
http://symantec.netvision.
Couldn't access your link, but after inserting "%20" it now seems ok >
http://symantec.netvision.
Jonvee
The problem continues. Here's an update.
I had already run NoNav2.48 a few days ago. But I went ahead and ran it again. And I downloaded the tool from http://symantec.netvision.
A bit more background. The laptop with this problem is my wife's. The laptop that hasn't had this problem at all is mine. They are both Toshiba Satellites, though hers is a slightly more recent model. I've always had PC-cillin on my laptop. My wife for a long time had Norton AntiVirus. It was problems with Norton that started this whole router fiasco.
Our router's connection name is 'Jaeren'. Here's what the IP, Gateway, and DNS info looks like for me (and for my wife, during those short-lived moments before her machine goes to a different router):
IP Address. . . . . . . . . . . . : 192.168.0.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
Here's what that same info looks like for my wife's machine once it heads out to some other router, a connection with a different name ('linksys', probably the brand name of the neighbor's router):
IP Address. . . . . . . . . . . . : 192.168.1.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
The two sets of numbers are all just one digit away (except for the Subnet Mask):
...0.101 / ...0.1
vs.
...1.101 / ...1.1
I truly don't understand why my wife's laptop is leaving our router to go to some neighbor's router. The two machines are about 20 feet from each other. The only difference I can think of is that she used to have Norton. I manually deleted this neighbor network connection from the problem laptop, but the connection was re-acquired. I don't know how to keep it from happening again.
Any ideas?
Andy
Still periodically investigating ...
On your wife's laptop you could check the router 'Basic Settings'.
Presume the Internet IP address and DNS address are set to "Get dynamically from ISP" and "Get Automatically from ISP" respectively?
Has the router any mechanism to set the IP address to 192.168.0.1 *manually* in the hope that it's retained while you're accessing the internet?
Another suggestion is to change to a wireless channel that your neighbour is not using.
If you can see that you are both using the same (or adjacent) channels, try resetting your router to a different channel, and see if this interaction still exists.
You should be able to logon to the router as "admin", then check the menu for 'wireless settings' (or an equivalent), and hence find the channel selection facility.
Andy
Is your wife's laptop fully updated with MS updates, and are both your laptops identical in most other respects, eg, both running SP1 or SP2?
You could again consider temporarily by-passing your router and connect her laptop direct, to confirm internet connection.
Then run a series of checks including a check for viruses and Malware until you are happy with the laptop's health.
That's a good question. I should've said this before: both laptops are running SP2, on XP Pro. PC-cillin is now running on her laptop, and is showing no viruses or Malware.
There's no question that her laptop can connect to our router. The problem is just that it very often wanders off to a different router (where there are apparently some DNS problems over there -- but that's not our problem, or, at least, it shouldn't be). Her laptop can be manually forced back to our router, though. In fact, a new twist started yesterday: after the machine wandered off to a different router, it actually drifted back to our router with no manual intervention. That was good to see, I suppose, but we'd like to see it stick with our router all the time.
This seems like a broader question. Nonetheless, it's still striking that the "router wandering" never happened at all before the problems with Norton came up. It seems like the only thing left to try is to do a full re-install of her OS, and never let Norton see the light of day on the machine. A dreadfully painful tactic, but perhaps it's the only solution that would work.
Andy
Well, that strategy didn't work. When ipconfig /all is run, the IP shows up with the correct, statically assigned number. Nevertheless, the network connection itself still wandered over to a different router. And, of course, internet connection is totally lost.
So the wanderlust is not ceased by statically assigning an IP address. This surprises me. Given this scenario, I don't really know what it means to have an XP "network connection" show up when there is no real IP, DNS, and/or Gateway linking done. The little 'Wireless Network Connection' icon in the taskbar lights up and reports the name of the mystery router and a connection level (good, very good, excellent), but there isn't really a meaningful connection at all.
It's certainly a mystery and not much to offer at this time in the way of a suggestion, apart from the "temporary" channel change idea.
It depends upon the urgency of your situation, and if we *eventually* do come to an impass that between us we still can't resolve (and prior to considering reinstalling the OS), you could post a pointer question (worth 20 points) in the Network topic area, with a link to this thread number:
http://www.experts-exchang
Network TA > http://www.experts-exchang
This will give you input from experts active in that other area. You should get a quick response particularly as this thread is now a long way down the WinXP list.
Still contemplating!
I just flushed the DNS cache again, and manually disconnected and then re-connected the wireless network adapter. It's connected to our router now, but I'll see where it is in a couple hours.
I'll try posting a pointer question to the Network topic area. Some time this weekend I'll go ahead and close this question out and split the points between d_may and Jonvee.
Many thanks go to both of you for your suggestions.
Andy
Have you tried disabling windows Wireless Zero Config service?
http://www.ifelix.co.uk/te
Good article reference WZC issues. Seems to relate to your situation
http://cws.internet.com/ar
Yes, the article describes scenarios pretty similar to ours. But, we have an SSID that is almost guaranteed to be different from any local neighbors' SSID (it's the name of an area where I lived overseas), so SSID name collision is not the problem.
Before disabling WZG, the article suggests obtaining replacement drivers/utilities to use in WZG's place. The laptop that is experiencing problems is a Toshiba Satellite A15-S157. Toshiba lists an Atheros WiFi client utility to use, but says that it requires an Atheros driver. The specific driver listed is also available on Toshiba's site, but A15-S157 is *not* included in the list of "Applicable Models". Here's the details on the two items, taken directly from Toshiba's site.
1) atheros_wpa_client.exe Version: 2.4.2.18
Description: Requires Atheros WiFi driver v2.4.2.14 (atheros_wpa_driver.exe). You must uninstall your existing Atheros WiFi client utility (if present) before installing this version.
http://www.csd.toshiba.com
2) atheros_wpa_driver.exe Version: 2.4.2.14
Description: Requires Atheros Client Utility v2.4.2.18 (atheros_wpa_client.exe)
http://www.csd.toshiba.com
I'm nervous about several things here:
- when the driver installation is initiated, the install window says to "See Atheros_Readme.txt' for detailed instructions." But the driver does not come with anything other than the .exe file (no readme, no warning sheet, no nothing).
- as mentioned earlier, the page for downloading the driver does not list A15-S157 as an "Applicable Model", despite the fact that the client that is listed as *requiring* this driver is certainly listed as an "Applicable Model".
- the laptop itself was shipped with Intel Pro Network Adapters and Drivers. These might be for the ethernet connection, not the wireless connection. I don't know. But I'm nervous that installing the Athenos driver could cause problems with the Intel driver(s).
Any thoughts?
Andy
3 Ways to Join
Business Accounts
- Perfect for organizations
- Multiple users
- Save over 36%
- Create a Business Account
Answer for Membership
- Earn free access
- Showcase your knowledge
- No credit card required
- Sign Up to Answer
Loading Advertisement...
by: younghvPosted on 2006-09-30 at 18:07:14ID: 17636529
I got a bunch of hits on the "videolanplayer" identifying it as malware.
This also is concern - as is any application running from a 'temp' folder:
O4 - HKLM\..\Run: [7BDBEF49] C:\DOCUME~1\Andrea\LOCALS~
Did you have any problems uninstalling Norton?
It is notorious for leaving residue in your registry.
Can't hurt to run this: http://symantec.netvision.
You should also run the "Issues" (registry cleaner) function of CCleaner (www.ccleaner.com). Run it 2-3 times, re-boot and run it again.
Good Luck,
Vic