Something keeps corrupting the WINSOCK on my XP-Pro Computers ...

Posted on 2010-01-11
Medium Priority
Last Modified: 2012-05-08

We are several sites throughout the city (WAN) and we are experiencing a very weird problem during the past 3 weeks.

1.      We have several sites throughout the city, they all are part of our Enterprise Network, connected via the Internet and Broadband connection.
2.      Each site have their own IP Subnet.
3.      3 weeks ago, 3 computers, each from different locations had problems connecting to the Internet, connecting to other local computers in the same subnet, and could not talk to any other external computer.  So, after troubleshooting the problem we found out that by fixing the  Winsock using the command  NETSH WINSOCK RESET, will fix the problem.
4.      A day or two later, other 5 computers, each from different locations starting doing the same thing, could not connect to anything, nor we could connect to these computers either remotely, like it was not plugged into the network.
5.      Last week and today we have experienced the same with a couple of computers.

We want to know what may corrupt the winsock on a XP computer, randomly.  We use panda for Antivirus, Firewall, Malware, etc protection, also we have scanned one of this computers with the problem  using MalwareBytes and have found nothing.   But the resolution is pretty consistant .... we solve it with NETSH WINSOCK RESET.

Any ideas?

Question by:Aaron Thorn
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 2
LVL 17

Accepted Solution

Mike_Carroll earned 1000 total points
ID: 26288313
Scan the machine that had th eproblem with ComboFix... you can get it here http://download.bleepingcomputer.com/sUBs/ComboFix.exe and the instructions are here http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Sounds like a potential rootkit that MBAM may not be finding

Author Comment

by:Aaron Thorn
ID: 26288333
We have been using Panda, and we have a contract with them as far as updates, etc.  But thanks for the info, and i will try it asap, and will let you know.

Assisted Solution

danlein earned 1000 total points
ID: 26289055
Also, there is this file I've used on many clients who have had some issues before and after we have fixed some malware, etc.  Works wonders.


Per the site, here is a brief description:

"WinSock XP Fix offers a last resort if your Internet connectivity has been corrupted due to invalid or removed registry entries. It can often cure the problem of lost connections after the removal of Adware components or improper uninstall of firewall applications or other tools that modify the XP network and Winsock settings. If you encounter connection problems after removing network related software, Adware or after registry clean-up; and all other ways fail, then give WinSock XP Fix a try. It can create a registry backup of your current settings, so it is fairly safe to use. We actually tested it on a test machine that was having a Winsock problem due to some Adware removal, and after running the utility and rebooting, the connectivity was restored."

Let me know if ya use it and how it worked out.

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.


Author Comment

by:Aaron Thorn
ID: 26289327
Danlein --- I will try your advise also.  But, I really would like to know the Reason, I wonder what is causing so I can take further preventions, we know how to solve the problem with the NETSH WINSOCK RESET command.

Thank you again,  I am following all advises in here ... Will return.


Expert Comment

ID: 26289416
Basically, when you remove adware, sometimes it "fixes" the winsock, causing errors...  The tool I posted repairs it to its working state, and you should be good.

Author Comment

by:Aaron Thorn
ID: 26296545
I did run the ComboFix yesterday and it went well.  Attached is the ComboFixlog.txt created.  Please remember that I am looking for the WHY and the reason that my winsock on My XP-Pro SP3  keeps corrupting. Also I noticed that the Netlogon service gets disabled.  This is pretty consistent.


Author Comment

by:Aaron Thorn
ID: 26296629
One more thing.  Pretty much our workstations are identical in the setup, they all run Panda AV/Firewall.  and we don't use Adware, or any other programs.  And users have limited privileges to the workstations.   Is there a way to lock down the Winsock so nothing will damage it or change it, or is there a way to track it to see if something changes it.  Samething for the Netlogon service, is there a way to track this service?  for some reason it is not even registering in the Event Viewer when it goes down. --Thanks

Author Comment

by:Aaron Thorn
ID: 26306020
All the solutions given here work great on fixing it.  My main question now is how to lock down my "winsock"  so nothing can corrupt it.  I still cannot fifure the cause of it, there are no traces anywhere in Panda log, or eventviewer.   Thanks again.

Author Comment

by:Aaron Thorn
ID: 26318579
We have no way about finding out what really corrupted the winsock.  Anyway, at least we were able to figure a fast solution if it happen again.  From this site (experts-exchange) we have found a batch file that basically does the ipconfig and winsock cleanup.  What we are trying to do right now is to push this batch file to all the workstation via the netlogon.bat feature in the Active Directory.  We will push this to be copied to a specific folder on all the workstations, then when something like the winsock is corrupted we will instruct the user to run this batch file.  Anyway, thanks to all of you!!!!

Author Closing Comment

by:Aaron Thorn
ID: 31675795
Great support

Featured Post

WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
With the rising number of cyber attacks in recent years, keeping your personal data safe has become more important than ever. The tips outlined in this article will help you keep your identitfy safe.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question