Joined: 17 Dec 2008 Posts: 490 Location: Nottingham, United Kingdom Thanked: 13 times
Posted: Wed Oct 28, 2009 4:52 pm Post Subject:
Prentice, you on a cable modem connection then? (you mentioned the modem had a RF connection, which is likely to be the coax broadband connection).
I wonder if your network settings are being hijacked. This happened to a friend's pc not so long back. Each time i manually assigned it or set it to auto, expecting it to pickup settings from the cable modem, it connected once then got hijacked (by spy/malware) and next time i checked the network connections settings they were all different.
Regardless of our earlier disagreement, as a Security specialist type dude Tonka may be able to advise on a more command based level to test things out....in the meantime i'll try and remember what i did to fix the issue i had.
But in the 1st instance i think i used malwarebytes and superantispyware (fully updated of course) to fully scan the pc for nasties.
Joined: 22 Jan 2008 Posts: 123 Location: United Kingdom Thanked: 16 times
Posted: Wed Oct 28, 2009 5:26 pm Post Subject:
That's a good point although it's a bit odd that it's only happening when the firewall is enabled. I'd expect to see some alerts popping up.
Malwarebytes is a good idea - it tends to detect and kill off most infections. Download it, run it and let it update and then see what it finds. Get it from here (free version):
Joined: 30 Jun 2009 Posts: 2120 Location: Londonderry, United Kingdom Thanked: 54 times
Posted: Wed Oct 28, 2009 10:59 pm Post Subject:
Run that malware stuff
and 3 infected
as follows
Rouge,Errorsafe folder c:\Document and settings compaq.owner
Rouge,Errorsafe folder c:\Document and settings compaq.owner
Rouge,Errorsafe file c:\Document and settings compaq.owner
Joined: 17 Dec 2008 Posts: 490 Location: Nottingham, United Kingdom Thanked: 13 times
Posted: Thu Oct 29, 2009 8:02 pm Post Subject:
can you try running a continuous ping test to your isp's dns servers (or any internet server tbh). Keep the window open when you try getting onto the internet in internet explorer, see if there is any packet loss at the same time.
open up a cmd prompt; start > run > "cmd" (without quotes)
from the black screen that opens up, type in:
ping 194.168.4.100 -t
This will run a continuous ping to one of Virgin Media's dns servers, until you stop it by pressing ctr+c or exiting the dos prompt.
Whilst you're at it open up another cmd prompt and type:
ipconfig /all
record the details
try accessing the internet, until it stops letting you access it, then do another
ipconfig /all
and see if the DNS is different.
If it is i'll bet your settings are being hijacked. How or why is down to malwarebytes and superantispyware to figure out for you.
what's a packet loss?
I have just run the anti spyware picked on adware tracking cookie I sent it to the pits of hell
tracking cookie is not usually anything to worry about, but its ok to delete it.
Packet loss is:
when you ping a server it make 4 attempts to echo it. If you get 0% packet loss then that's good, 100% is bad as its means nothing it getting to that server (some firewalls blocks ping requests though).
Did you try the ping test in my last post? A typical single attempt result would look like this
Code:
C:\Users\Kev ping 194.168.4.100
Pinging 194.168.4.100 with 32 bytes of data:
Reply from 194.168.4.100: bytes=32 time=15ms TTL=251
Reply from 194.168.4.100: bytes=32 time=26ms TTL=251
Reply from 194.168.4.100: bytes=32 time=11ms TTL=251
Reply from 194.168.4.100: bytes=32 time=9ms TTL=251
Ping statistics for 194.168.4.100:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 9ms, Maximum = 26ms, Average = 15ms
The time in ms and the packet loss are the relevent data here.
This is just a simple test to see if you can ping servers on the internet.
By doing ping 194.168.4.100 -t you can continously ping the server, and maybe you'll start seeing a blip in the pattern, for example if a ping request time goes sky high or it actually 'times out'.
You'll see what i mean if it happens.
Joined: 30 Jun 2009 Posts: 2120 Location: Londonderry, United Kingdom Thanked: 54 times
Posted: Fri Oct 30, 2009 1:18 pm Post Subject:
Not done the ping test yet as I didn't know what a packet loss was, so was unsure if I could find it.
But I have some good news, run the anti-spyware, removed the tracking cookies, but as you said didn't look anything too sinister as it was something to do with may me missus files for college work.
But I then totally removed the comodo firewall then reinstalled it and something weird but also wonderful has happened it now seems to function as it should, just that blasted hotstuff internet browser don't like it, tried to delete it but has not got the message.
Joined: 22 Jan 2008 Posts: 123 Location: United Kingdom Thanked: 16 times
Posted: Fri Oct 30, 2009 1:37 pm Post Subject:
That was going to be one of my next suggestions - occasionally, an installation will go wrong and it's a reasonable bet that the malware you had on the PC would have caused it. Good to hear you've finally got it sorted though
kjacko - I don't know if you know this trick but for future reference, if you want to check for hijacked connections use this command:
netstat -a
This gives you a list of all the current network connections including the ports they are using and their state - you can then whois any suspect IPs to find out what you're connected to.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Forum Index
Help
Register Free
Bookmarks
Search
Login
I sent it to the pits of hell 
