Solved

Cannot get onto the Internet - sometimes

Posted on 2011-03-24
24
545 Views
Last Modified: 2013-11-22
One PC running XP Pro SP3 on a network of seven XP Pro/Vista Biz PCs keeps having a problem with the Internet.

The web page appears to connect then the app closes - any ideas.

I have set the IP to fixed settings and the DNS points to the router, but I have also tried setting it to 4.2.2.2 - any ideas?
0
Comment
Question by:mikeabc27
  • 9
  • 8
  • 6
  • +1
24 Comments
 
LVL 38

Expert Comment

by:younghv
ID: 35205912
mikeabc27,
Any error messages in your Event Viewer?

I have a generic Article on basic trouble-shooting that will get you started.
Read through it and run CCleaner & Malwarebytes and let us know the results.

http://www.experts-exchange.com/A_1940.html (Basic Malware Troubleshooting)
0
 
LVL 17

Expert Comment

by:houssam_ballout
ID: 35205919
0
 
LVL 38

Expert Comment

by:younghv
ID: 35205943
mikeabc27,
Please DO NOT install and run ComboFix -

That may be an option if other (lesser intrusive) tools do not help, but it is definitely NOT indicated at this point.
0
 

Author Comment

by:mikeabc27
ID: 35206020
Thanks - I'll try:

1. ccleaner - and check
2. mbam - and check
3. combofix - and check.

In that order, but I am a fan of combofix.
0
 
LVL 38

Expert Comment

by:younghv
ID: 35206097
mikeabc27,
I am a big fan of CF and donate money to sUBS every year as my way of thanking him for the work he does.

My concern is that we have a number of "Experts" around here who post 'Run ComboFix' as a first response to every sign of malware. Not one of them is a "Trusted Helper" (certified), but they sure grab a lot of points with their suggestions.

CF should never be used lightly - as noted in any legitimate forum discussing its use - due to the slight potential for damage to System files.

I always treat it as the sledge-hammer to be used when my regular hammers don't work.

Thanks.
0
 
LVL 38

Expert Comment

by:younghv
ID: 35206198
Before finally turning to CF, please consider both of the following:

TDSSKILLER found here:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip

* Download the file TDSSKiller.zip and extract it into a folder on the infected (or potentially infected) PC.
* Execute the file TDSSKiller.exe.
* Wait for the scan and disinfection process to be over. You do not have to reboot the PC after the disinfection is over.

If the tool finds a hidden service it will prompt you to type "delete",  you can also just hit "Enter" without typing in and the scan will continue...
The user can then post the log to be analyzed.
***********************
and

http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_4922.html (Rogue-Killer-What-a-great-name)
Let us know the results and we can take the next steps.
0
 

Author Comment

by:mikeabc27
ID: 35206442
OK younghv, I'll move CF to no. 4. The reason I jump into CF is the timeline/cure ratio is so much higher than mbam which is currently running.
0
 
LVL 38

Expert Comment

by:younghv
ID: 35206495
Understood - and clearly you are comfortable with using CF.

I get a little irritated with these "me too" posts, since I clearly identify using ComboFix in my Article:
**********************

"In all cases, I start by cleaning out all of the "Junk/Temp" files (many forms of malware sit in these folders). My program of choice for this is CCleaner (www.ccleaner.com), but there are a wide variety of alternatives.

For broad spectrum identification and cleaning, my favorites are:

"Malwarebytes' Anti-Malware" (http://www.malwarebytes.org/mbam.php) and "ComboFix" (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)...."
0
 

Author Comment

by:mikeabc27
ID: 35209325
I left mban running for nearly two during which time it found nothing - I then had to pass full control back to the user. Out of around 30 scans during two years it has only detected/fixed two problems so not a big fan. Had combofix have been able to resolve the issue, it would have completed in 30 minutes. Thanks for your ideas which I totally appreciate.

CCleaner I agree is an excellent tool.

I have since found the Internet problem can be resolved with a reboot, so maybe a conflict of files?

Nothing in Event Viewer to give any obvious clue.

0
 
LVL 38

Expert Comment

by:younghv
ID: 35209438
Kind of scary.
I don't think I've ever seen an MBAM scan take that long to run.

The TDSSKiller mentioned above can be excellent for stopping some of the rogue processes and I just found this last week (looks promising).

http://www.experts-exchange.com/A_4922.html (Rogue-Killer-What-a-great-name)
0
 

Author Comment

by:mikeabc27
ID: 35211545
Thanks - I won't be in the office until Monday now ans will try it then,
0
 
LVL 8

Expert Comment

by:JT92677
ID: 35215438
Mike,

Why do you turn off DHCP?:  It sets up a non-conflicting IP address, fills in the gateway IP address, and the DNS server address.

Suggestion: Turn on DHCP again, it works, and gives you a working set of IP addresses that are needed.

Jeff
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 38

Expert Comment

by:younghv
ID: 35215552
There are a lot of reasons for assigning static IP's - especially with only 7 systems to keep track of.

It is much more 'non-conflicting' than allowing DHCP - and will absolutely prevent some rogue user from plugging in their home computer and running on your wire.

From a security standpoint, it is a much better decision...but simply not feasible on large networks.
0
 
LVL 8

Expert Comment

by:JT92677
ID: 35215695
He's trying to solve a connection issue, not a security problem.
0
 
LVL 38

Expert Comment

by:younghv
ID: 35216244
JT92677,
It is very rude to post a "bold" response.

I understand clearly this situation and changing from static to DHCP will have exactly zero affect.
0
 
LVL 8

Expert Comment

by:JT92677
ID: 35216478
DHCP will avoid leaving out some parameters that might affect his success in accessing the net.

Sorry, I don't have as much time to post here as some others, and didn't realize that using a bold attribute would offend someone.
0
 

Author Comment

by:mikeabc27
ID: 35234066
Thanks Younghv and Jeff - it seems to have been ok since the reboot, so it's the worst type of problem because it will happen again, so much much easier when something just doesn't work. Well if a reboot resolves it, sobeit.

Jeff, it wasn't originally set to dynamic, I did this to point to an alternative DNS server, s'pose I could have just switched the DNS to dynamic - habit!
0
 

Author Comment

by:mikeabc27
ID: 35234081
PS - I would like to keep this open until it happens again and we crack it. If that's ok?
0
 
LVL 8

Expert Comment

by:JT92677
ID: 35236289
Mike,

I used to hard code IP information until the ability to "reserve" an IP assignment started appearing in these SOHO routers.  I run some services on my LAN that require a fixed IP so I can do the port forwarding, and the "reserved" approach works well for portable/laptop computers so no longer need hard coded IP, and I can move the laptop to another WiFi network and not have to edit the TCP/IP properties.

Jeff
0
 
LVL 8

Expert Comment

by:JT92677
ID: 35236311
Mike, I forgot to mention, you can use DHCP (Dynamic) IP assignment and still hard-code your favorite DNS server IP    Kind of a nice approach if you have a DNS server you like better than your ISP DNS server.

Jeff
0
 

Accepted Solution

by:
mikeabc27 earned 0 total points
ID: 35322876
Jeff and Younghv - the D-link needed to be set in Bridge mode and the Netgear supply the credentials. I had always used the D-link for credentials and Netgear for port forwarding.

Thank you for your help.
0
 
LVL 38

Expert Comment

by:younghv
ID: 35322957
I don't understand how that configuration could affect only one computer out of seven, but I won't 'Object' to the way you are trying to close this.

/unsubscribe
0
 

Author Closing Comment

by:mikeabc27
ID: 35360779
Found solution myself
0
 
LVL 8

Expert Comment

by:JT92677
ID: 35361884
D-Link and Netgear -- two routers?  The first time this was mentioned was in the "solution"

Hard to help solve a problem that is so poorly desribed.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Introduction If you're like most people, you have occasionally made a typographical error when you're entering information into an online form.  And to your consternation, the browser remembers the error, and offers to autocomplete your future entr…
Several part series to implement Internet Explorer 11 Enterprise Mode
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now