frasierphilips
asked on
Windows XP Pro machine suddenly blocking incoming connections - The Sequel
We have a Windows XP Pro machine running a web server which all the XP Pro client machines on our network access. Suddenly it has stopped serving pages. On futher invesitgation the machne can't be pinged by any of the client machine or by the router (to which they're all connected) however it can ping the client machines and the router. I created a shared folder on the web server however none of the client machines can access this folder. I have disabled the Firewall on the web server and uninstalled AVG Anti Virus (which has been known to cause problems). The last time we know for sure that a client machine accessed the web server was last Wednesday so I rolled the web server back to the Friday before that using System Restore but this made no difference. The technical support team that supports the software running on the server have checked the settings for the web server software and they can find nothing wrong, in fact it works fine when used on the host machine - only the network clients can't get pages from it.
NEW NOTE:-
We have made a small amount of progress - we have discovered that if you boot the machine in 'Safe Mode with Network Connection' all these issues vanish. I'm beginning to wonder if the problems are caused by a Firewall issue (the Firewall is disabled by default in Safe Mode I believe) - is there any way to verify that the Firewall is definitively off other than believing what the Windows GUI tells you? I have messed about with 'NETSH FIREWALL' via the command prompt to no avail.
NEW NOTE:-
We have made a small amount of progress - we have discovered that if you boot the machine in 'Safe Mode with Network Connection' all these issues vanish. I'm beginning to wonder if the problems are caused by a Firewall issue (the Firewall is disabled by default in Safe Mode I believe) - is there any way to verify that the Firewall is definitively off other than believing what the Windows GUI tells you? I have messed about with 'NETSH FIREWALL' via the command prompt to no avail.
ASKER
Did all of this, still no result but did notice that Autoruns showed that 'TrueVector Device Driver' was installed (by Zone Labs LLC of ZoneAlarm fame?) - could this be the culprit? I disabled it and rebooted the system (to no effect) but the puzzling thing is where did it come from? We haven't installed it.
Use the removal tool to get rid of it: http://download.zonealarm.com/bin/fr...load/clean.exe
TrueVector is almost undoubtedly the cause; but, also has installed some root devices and linked them to the TCP/IP stack.
If it still won;t work after running the clean tool, run WinsockFix to reset networking to defaults: http://majorgeeks.com/download4372.html
TrueVector is almost undoubtedly the cause; but, also has installed some root devices and linked them to the TCP/IP stack.
If it still won;t work after running the clean tool, run WinsockFix to reset networking to defaults: http://majorgeeks.com/download4372.html
ASKER
The Zone Alarm link isn't valid - do you have a good one?
ASKER
It's OK, I found it via Google
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks - that worked a treat. Do you know if ZoneAlarm is used by Malware to purposely isolate PCs? We never installed it but the machine it was on turned out to have 11 virus infected files.
One of my real frustrations is that it is very difficult to get accurate info about what each new Trojan does exactly; but, I sure wouldn't put it past them.
ASKER
Me neither - thanks for all your help.
1) Verify you don't have a TDSS/Aleurion Trojan ( Doesn't do anything unless the Trojan is detected) ( http://support.kaspersky.com/faq/?qid=208280684 )
2) Use Autoruns to inspect Windows and look for odd drivers, services, or lsp providers ( http://www.filehippo.com/download_autoruns/ ) As a note; everybodies network firewalls love to not unintsall correctly, leaving a driver behind that can rear it's ugly head years later.
3) Run WinSockFix to reset WinSock back to factory defaults; but you may need to restore the http layer afterwards ( http://majorgeeks.com/download4372.html )