Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Something keeps corrupting the WINSOCK on my XP-Pro Computers ...

Posted on 2010-01-11
10
Medium Priority
?
942 Views
Last Modified: 2012-05-08
Hi,

We are several sites throughout the city (WAN) and we are experiencing a very weird problem during the past 3 weeks.

1.      We have several sites throughout the city, they all are part of our Enterprise Network, connected via the Internet and Broadband connection.
2.      Each site have their own IP Subnet.
3.      3 weeks ago, 3 computers, each from different locations had problems connecting to the Internet, connecting to other local computers in the same subnet, and could not talk to any other external computer.  So, after troubleshooting the problem we found out that by fixing the  Winsock using the command  NETSH WINSOCK RESET, will fix the problem.
4.      A day or two later, other 5 computers, each from different locations starting doing the same thing, could not connect to anything, nor we could connect to these computers either remotely, like it was not plugged into the network.
5.      Last week and today we have experienced the same with a couple of computers.

We want to know what may corrupt the winsock on a XP computer, randomly.  We use panda for Antivirus, Firewall, Malware, etc protection, also we have scanned one of this computers with the problem  using MalwareBytes and have found nothing.   But the resolution is pretty consistant .... we solve it with NETSH WINSOCK RESET.

Any ideas?

Thanks!
0
Comment
Question by:Aaron Thorn
  • 7
  • 2
10 Comments
 
LVL 17

Accepted Solution

by:
Mike_Carroll earned 1000 total points
ID: 26288313
Scan the machine that had th eproblem with ComboFix... you can get it here http://download.bleepingcomputer.com/sUBs/ComboFix.exe and the instructions are here http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Sounds like a potential rootkit that MBAM may not be finding
0
 

Author Comment

by:Aaron Thorn
ID: 26288333
We have been using Panda, and we have a contract with them as far as updates, etc.  But thanks for the info, and i will try it asap, and will let you know.
Thanks,
0
 
LVL 3

Assisted Solution

by:danlein
danlein earned 1000 total points
ID: 26289055
Also, there is this file I've used on many clients who have had some issues before and after we have fixed some malware, etc.  Works wonders.

http://www.snapfiles.com/get/winsockxpfix.html

Per the site, here is a brief description:

"WinSock XP Fix offers a last resort if your Internet connectivity has been corrupted due to invalid or removed registry entries. It can often cure the problem of lost connections after the removal of Adware components or improper uninstall of firewall applications or other tools that modify the XP network and Winsock settings. If you encounter connection problems after removing network related software, Adware or after registry clean-up; and all other ways fail, then give WinSock XP Fix a try. It can create a registry backup of your current settings, so it is fairly safe to use. We actually tested it on a test machine that was having a Winsock problem due to some Adware removal, and after running the utility and rebooting, the connectivity was restored."

Let me know if ya use it and how it worked out.

0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:Aaron Thorn
ID: 26289327
Danlein --- I will try your advise also.  But, I really would like to know the Reason, I wonder what is causing so I can take further preventions, we know how to solve the problem with the NETSH WINSOCK RESET command.

Thank you again,  I am following all advises in here ... Will return.

Vic
0
 
LVL 3

Expert Comment

by:danlein
ID: 26289416
Basically, when you remove adware, sometimes it "fixes" the winsock, causing errors...  The tool I posted repairs it to its working state, and you should be good.
0
 

Author Comment

by:Aaron Thorn
ID: 26296545
I did run the ComboFix yesterday and it went well.  Attached is the ComboFixlog.txt created.  Please remember that I am looking for the WHY and the reason that my winsock on My XP-Pro SP3  keeps corrupting. Also I noticed that the Netlogon service gets disabled.  This is pretty consistent.

Thanks.
combofixlog.txt
0
 

Author Comment

by:Aaron Thorn
ID: 26296629
One more thing.  Pretty much our workstations are identical in the setup, they all run Panda AV/Firewall.  and we don't use Adware, or any other programs.  And users have limited privileges to the workstations.   Is there a way to lock down the Winsock so nothing will damage it or change it, or is there a way to track it to see if something changes it.  Samething for the Netlogon service, is there a way to track this service?  for some reason it is not even registering in the Event Viewer when it goes down. --Thanks
0
 

Author Comment

by:Aaron Thorn
ID: 26306020
All the solutions given here work great on fixing it.  My main question now is how to lock down my "winsock"  so nothing can corrupt it.  I still cannot fifure the cause of it, there are no traces anywhere in Panda log, or eventviewer.   Thanks again.
0
 

Author Comment

by:Aaron Thorn
ID: 26318579
We have no way about finding out what really corrupted the winsock.  Anyway, at least we were able to figure a fast solution if it happen again.  From this site (experts-exchange) we have found a batch file that basically does the ipconfig and winsock cleanup.  What we are trying to do right now is to push this batch file to all the workstation via the netlogon.bat feature in the Active Directory.  We will push this to be copied to a specific folder on all the workstations, then when something like the winsock is corrupted we will instruct the user to run this batch file.  Anyway, thanks to all of you!!!!
0
 

Author Closing Comment

by:Aaron Thorn
ID: 31675795
Great support
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like me and like multiple layers of protection, read on!
It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question