• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 371
  • Last Modified:

Windows XP Pro machine suddenly blocking incoming connections - The Sequel

We have a Windows XP Pro machine running a web server which all the XP Pro client machines on our network access.  Suddenly it has stopped serving pages.  On futher invesitgation the machne can't be pinged by any of the client machine or by the router (to which they're all connected) however it can ping the client machines and the router.  I created a shared folder on the web server however none of the client machines can access this folder.  I have disabled the Firewall on the web server and uninstalled AVG Anti Virus (which has been known to cause problems).  The last time we know for sure that a client machine accessed the web server was last Wednesday so I rolled the web server back to the Friday before that using System Restore but this made no difference.  The technical support team that supports the software running on the server have checked the settings for the web server software and they can find nothing wrong, in fact it works fine when used on the host machine - only the network clients can't get pages from it.

NEW NOTE:-
We have made a small amount of progress - we have discovered that if you boot the machine in 'Safe Mode with Network Connection' all these issues vanish.  I'm beginning to wonder if the problems are caused by a Firewall issue (the Firewall is disabled by default in Safe Mode I believe) - is there any way to verify that the Firewall is definitively off other than believing what the Windows GUI tells you?  I have messed about with 'NETSH FIREWALL' via the command prompt to no avail.
0
frasierphilips
Asked:
frasierphilips
  • 5
  • 4
1 Solution
 
Davis McCarnOwnerCommented:
As long as the Firewall has port 80 open (which probably happened by default installing the web server) it is probably not your problem.
1) Verify you don't have a TDSS/Aleurion Trojan ( Doesn't do anything unless the Trojan is detected) ( http://support.kaspersky.com/faq/?qid=208280684 )
2) Use Autoruns to inspect Windows and look for odd drivers, services, or lsp providers ( http://www.filehippo.com/download_autoruns/ )  As a note; everybodies network firewalls love to not unintsall correctly, leaving a driver behind that can rear it's ugly head years later.
3) Run WinSockFix to reset WinSock back to factory defaults; but you may need to restore the http layer afterwards ( http://majorgeeks.com/download4372.html )
0
 
frasierphilipsAuthor Commented:
Did all of this, still no result but did notice that Autoruns showed that 'TrueVector Device Driver' was installed (by Zone Labs LLC of ZoneAlarm fame?) - could this be the culprit?  I disabled it and rebooted the system (to no effect) but the puzzling thing is where did it come from?  We haven't installed it.
0
 
Davis McCarnOwnerCommented:
Use the removal tool to get rid of it: http://download.zonealarm.com/bin/fr...load/clean.exe
TrueVector is almost undoubtedly the cause; but, also has installed some root devices and linked them to the TCP/IP stack.
If it still won;t work after running the clean tool, run WinsockFix to reset networking to defaults: http://majorgeeks.com/download4372.html
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
frasierphilipsAuthor Commented:
The Zone Alarm link isn't valid - do you have a good one?
0
 
frasierphilipsAuthor Commented:
It's OK, I found it via Google
0
 
frasierphilipsAuthor Commented:
Thanks - that worked a treat.  Do you know if ZoneAlarm is used by Malware to purposely isolate PCs?  We never installed it but the machine it was on turned out to have 11 virus infected files.
0
 
Davis McCarnOwnerCommented:
One of my real frustrations is that it is very difficult to get accurate info about what each new Trojan does exactly; but, I sure wouldn't put it past them.
0
 
frasierphilipsAuthor Commented:
Me neither - thanks for all your help.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now