Can't get online or ping after virus infection...

Dew itt right

2[H]4U
Joined
Oct 28, 2005
Messages
3,314
I have a P4 XP repair that's stumping me. It had a virus problem that looks to be cleared. It took the PC offline and appears to have removed all links to internet explorer. Clicking the default "Internet" button in the start menu only takes you to the Internet Options window. Anyway, I've tried the existing IE7, newly-installed IE8, renewing IP address, and pinging external sites and nothing works. The IP address will release but it won't renew. The NIC looks to be fine but I installed another one anyway and still nothing. Both show up as healthy and enabled in the Device Manager but I can't seem to get this thing online. I haven't checked to see if it can see anything local yet like another PC or the router. I'll try that when I get home. Any other ideas?

EDIT: I forgot to mention that the owner does not have any installation discs. The case has the XP COA sticker but I don't have any windows discs to use. So it would appear reinstalling windows is out of the question for now...
 
Last edited:

Lucasta

Weaksauce
Joined
Nov 22, 2007
Messages
79
Have you checked the IE connection properties to make sure it isn't trying to use a proxy with the loopback address?
 

Dew itt right

2[H]4U
Joined
Oct 28, 2005
Messages
3,314
Well the WinSock fix almost fixed it. After that, I can now ping internal and external addresses and I can repair or release/renew the IP info. But I still can't get online. The network status show a normal amount of both sent and received as well. In Firefox and IE it'll find the website, wait for a reply, and then start "transferring data from xxxxxxxx.com..." and it'll sit there indefinitely loading the page. It doesn't freeze, just acts like it's trying to download the page but cant.

I've already tried installing IE8 as well as resetting all IE configurations and personal settings. I just installed SP3 and then updated the LAN drivers to the newest available and still the same thing. Anything else I can try...
 

YeOldeStonecat

[H]F Junkie
Joined
Jul 19, 2004
Messages
11,330
I meant before...when you had a "repair" and "a virus problem that looks to be cleared".

What sum of tools was used to clean the drive?
 

GabbyCatt

[H]ard|Gawd
Joined
Nov 4, 2006
Messages
1,478
Sounds like it still may have a few issues. Although it may just be a browser hijacker, I'd start back at the beginning.
Some good anti virus, AVG, or AVast(this has a nice boot scan). Both are free and work.
Run them in this order, safe mode and then normal mode.
SDfix(safe mode to normal mode and highly effective tool)

Malwarebytes
Spybot S&D

Hijack This will clean up anything else, stray BHO items and the like but should be used with caution, as not all BHO's are malicious.
 

-(Xyphox)-

Supreme [H]ardness
Joined
Sep 9, 2004
Messages
6,518
I would start by booting into safemode
Checking the host file, run hijack this and maybe lspfix
Install malware bytes and scan the pc in safemode
 

TechieSooner

Supreme [H]ardness
Joined
Nov 7, 2007
Messages
7,601
+2 for checking HOSTS file, that was the next thing I was gunna suggest.

Once you get it online, stick MSE on there and also run a MalwareBytes scan.
 

Dew itt right

2[H]4U
Joined
Oct 28, 2005
Messages
3,314
I meant before...when you had a "repair" and "a virus problem that looks to be cleared".

What sum of tools was used to clean the drive?

My bad. Long story short, this PC got an infection and somebody tried to clean it but gave up so the owner just bought a new PC. Five years later, their "new" PC is down so they drug this back out and asked if I could fix it. So I'm not sure what the first guy used when he tried to fix it the first time. When I got it recently I ran it through my standard gamut:

1) MalwareBytes
2) Smitrem
3) Smitfraudfix
4) RogueRemover
5) Aproposfix
6) HiJackThis
7) CCleaner
8) CleanUp
9) EasyCleaner
10) Microsoft Security Essentials
11) MalwareBytes (again)

After running through the cleaners, MSE and Malwareytes both came out clean. I forgot about Spybot, I'll have to run that, SDfix, and lspfix when I get home. I've never messed with HOST files before. Is THIS the recommended action to take or is there something better?
 

TechieSooner

Supreme [H]ardness
Joined
Nov 7, 2007
Messages
7,601
My bad. Long story short, this PC got an infection and somebody tried to clean it but gave up so the owner just bought a new PC. Five years later, their "new" PC is down so they drug this back out and asked if I could fix it. So I'm not sure what the first guy used when he tried to fix it the first time. When I got it recently I ran it through my standard gamut:

1) MalwareBytes
2) Smitrem
3) Smitfraudfix
4) RogueRemover
5) Aproposfix
6) HiJackThis
7) CCleaner
8) CleanUp
9) EasyCleaner
10) Microsoft Security Essentials
11) MalwareBytes (again)

After running through the cleaners, MSE and Malwareytes both came out clean. I forgot about Spybot, I'll have to run that, SDfix, and lspfix when I get home. I've never messed with HOST files before. Is THIS the recommended action to take or is there something better?

I wouldn't worry about Spybot S&D myself... I haven't been a fan of it for years.
You did a very good cleaning job there.

We've just got to get you back online I guess :)

And yes- that link will work for the HOSTS file.
The HOSTS file is just what Windows looks at before it does anything else. It'll over-ride DNS entries and everything.
IE, if you want yahoo.com to go to 127.0.0.1 (your loopback IP: IE, it doesn't go anywhere) you can stick that in HOSTS. Regardless of the DNS (which would actually route to the proper server IP), that entry will over-ride it.

Anyway that's how it works. Some malware creates entries in this. Like- re-routing most major domains to malware sites, or re-routing them locally, etc.

You can just look at your HOSTs file to see what's in there. A typical HOSTS file will only have one entry of localhost going to 127.0.0.1 (See that photo in the link you posted).
 

TechieSooner

Supreme [H]ardness
Joined
Nov 7, 2007
Messages
7,601
Or heck just try this as a test as well.
Pop 209.191.93.52 into your address bar (It's an IP of a Yahoo.com server). Does it pull Yahoo up?
If it does then it's probably something with your HOSTS or DNS.
 

Dew itt right

2[H]4U
Joined
Oct 28, 2005
Messages
3,314
Well it wasn't the HOST (209.191.93.52 did nothing) but I ran the fix anyway. I also ran SDfix and lspfix and still no dice.

So I finally said screw it and got an XP disc from my brother. Did a full reinstall this morning (early) and still no internet connection! I put the PCI NIC I tried before back in and still nothing. So I went downstairs and found yet another PCI NIC, threw it in, and it works perfectly! Turns out the integrated LAN and the NIC I tried to get working originally were both bad all along! Oh well, you live you learn I guess. Good educational experience...
 
Top