Removed some malware off work computer. Now it doesn't connect to the network correctly.

M

Mike1233

n00b
Joined
Feb 18, 2016
Messages
7
*Just to clarify, I don't have internet access, I also reset everything (hosts file, flushed dns, release and renewed CHCP, etc... with a program called "netadapter repair all in one" that is on the bleeping computer site*



So we had some malware on the work computer, it was "dns" something. I think it was DNS unlocker but I'm not 100% sure. I removed it with malwarebytes & adwcleaner and it now recognizes that its connected via ethernet cable, but it says unrecognized network. Its a Windows 7 PC and it worked fine before and other Windows 7 PCs work fine.


I believe it has to do with the sonicwall or something else. We have a cable modem/router (2 in 1), a big switch, and a sonicwall. I tried restarting all of them, but that didn't help. So I bypassed the sonicwall and it works, but now that computer doesn't see the network printer!


So basically I would be ok with bypassing the sonicwall as long as I can get the network printer to be recognized, but its not and when I open an explorer window and click on "network" on the left, the other computer that is connected through the sonicwall doesn't show up so I can access the shared printer (the printer is connected via USB to the other computer for now temporarily so 1 computer can use it).


I would prefer to do things correctly and have it work with the sonicwall, but I'm not sure how, any ideas?

Some things I noticed or tried:


1. The computer that does work has an IP, subnetmask, etc... put into it while the computer that doesnt work has it set to obtain the IP automatically. I tried adding +1 to the end of the IP address and entering it in the second computer (so the one that works has the IP 10.10.5.5 (just an example) and I tried 10.10.5.6 in the one that doesn't work) and that didnt work.

2. Tried "diagnosing" it with windows but it couldnt fix it.

3. Under network and sharing, it shows (NAME OF PC) ---> Unidentified network (I think thats what it said) ---> internet, but it had an "X" inbetween unidentified network and internet. Clicking on the "X" didn't fix it. Under "active network" it said "public network" and it wouldn't let me change it, but I used a microsoft fix it tool to change it to "work network" like the other computer and it didn't help.

4. Under "network map" it showed the PC I was using and the gateway, but nothing else after the gateway. It did show another computer we don't use that is connected, that one is bypassing the firewall as well.
The other computer that does work shows more than just "gateway" and it has a few things after it on the map (can't remember what they were)

5. I tried removing the driver for the ethernet card and reinstalling it. It didn't fix it. I tried reseating the cable on both ends and using a laptop and the internet didn't work on a laptop either.


Any ideas?
 
Last edited:
Had a similar one before. From memory try manually resetting the TCP/IP stack.
 
N4CR said:
Resetting TCP/IP to Default | iiHelp

enjoy

resets everything related to network
Click to expand...

Thank you. Didn't work unfortunately. When you have a sonicwall installed, do you need to put in special IP settings into the computers that are connected or do you just have the computer obtain the information automatically?

The reason I ask is because the computer that does work has an IP, default gateway, etc... put into it. I tried copying it and adding +1 to the end of the IP address (for example, on the computer that works its 10.10.10.10 and I put in 10.10.10.11 on the computer that doesn't with the same default gateway and other stuff) and it didn't work.
 
Check for any static routes. There should only be one listed as 0.0.0.0 pointed at the default gateway. That gateway should be the private IP of the sonic wall (Which is what it should be handing out with DHCP enabled).

If internet still doesn't work, you need to check the logs on the sonicwall itself. Does it see traffic coming from the client IP? Is it allowing or blocking it? Is there some kind of firewall rule that only allows certain IPs to reach the WAN? The issue appears to be with sonicwall, and you will need to diagnose it there.


*edit* Also, check DNS itself. Is sonicwall doing DNS forwarding and working correctly? Can both machines ping google.com and get an IP? Can you ping by IP directly (8.8.8.8 for google DNS).

Lastly, try manually adding 8.8.8.8 for the DNS in the network settings (the current entry should be the private IP of the sonicwall machine).
 
System restore back before the infection. Your other choice is to manually import missing registry keys, from a working machine, in an attempt to rebuild the damage.
 
Did you check the proxy settings in IE yet? If it was using a proxy server you'll have something configured in there.


Open IE, settings, Internet options, connections tab, lan settings. Make sure that all of that stuff in unchecked. (Default is auto detect proxy, but you don't want that enabled these days either)
 
Have you run sfc /scannow already?

I have seen something similar before on someones PC where the core Windows DNS files were infected. The antivirus cleaned them but then DNS did not work at all afterwards and an sfc /scannow fixed it.
 
Mike1233 said:
*Just to clarify, I don't have internet access, I also reset everything (hosts file, flushed dns, release and renewed CHCP, etc... with a program called "netadapter repair all in one" that is on the bleeping computer site*



So we had some malware on the work computer, it was "dns" something. I think it was DNS unlocker but I'm not 100% sure. I removed it with malwarebytes & adwcleaner and it now recognizes that its connected via ethernet cable, but it says unrecognized network. Its a Windows 7 PC and it worked fine before and other Windows 7 PCs work fine.


I believe it has to do with the sonicwall or something else. We have a cable modem/router (2 in 1), a big switch, and a sonicwall. I tried restarting all of them, but that didn't help. So I bypassed the sonicwall and it works, but now that computer doesn't see the network printer!


So basically I would be ok with bypassing the sonicwall as long as I can get the network printer to be recognized, but its not and when I open an explorer window and click on "network" on the left, the other computer that is connected through the sonicwall doesn't show up so I can access the shared printer (the printer is connected via USB to the other computer for now temporarily so 1 computer can use it).


I would prefer to do things correctly and have it work with the sonicwall, but I'm not sure how, any ideas?

Some things I noticed or tried:


1. The computer that does work has an IP, subnetmask, etc... put into it while the computer that doesnt work has it set to obtain the IP automatically. I tried adding +1 to the end of the IP address and entering it in the second computer (so the one that works has the IP 10.10.5.5 (just an example) and I tried 10.10.5.6 in the one that doesn't work) and that didnt work.

2. Tried "diagnosing" it with windows but it couldnt fix it.

3. Under network and sharing, it shows (NAME OF PC) ---> Unidentified network (I think thats what it said) ---> internet, but it had an "X" inbetween unidentified network and internet. Clicking on the "X" didn't fix it. Under "active network" it said "public network" and it wouldn't let me change it, but I used a microsoft fix it tool to change it to "work network" like the other computer and it didn't help.

4. Under "network map" it showed the PC I was using and the gateway, but nothing else after the gateway. It did show another computer we don't use that is connected, that one is bypassing the firewall as well.
The other computer that does work shows more than just "gateway" and it has a few things after it on the map (can't remember what they were)

5. I tried removing the driver for the ethernet card and reinstalling it. It didn't fix it. I tried reseating the cable on both ends and using a laptop and the internet didn't work on a laptop either.


Any ideas?
Click to expand...

Thanks Obama!!!!
 
Reimage, if its work get them to do it with their built image.

aka

"Nuke from orbit, its the only way to be sure"
 
Reinstall the system, if it's a critical system, you don't want any leftovers from a threat.
 
Waste of time, as per this thread results. Just format and reinstall and start from scratch. You will be glad you did.
 
and using a laptop and the internet didn't work on a laptop either.
Click to expand...

Noone noticed this gem?
This should be your number 1.
The way I understand you is - you actually have a disabled port on your "big" switch. Is it a managed switch? Does it have any filtering rules like banning "weird" behavior such as spoofing MACs?
 
Agree with the gem post. Bring up your network hardware info. Check the inbound/outbound packet(data). At my work, it's the fastest way I know to see if it's something hardware related beyond my computer. You may see a normal flow of packages leaving and minimal coming back (if any). Or you may have nothing coming or going. Also, agreeing with above poster. You're troubleshooting a work computer? If not ignore the next part. They may have the firewall configured to specific IP groups and gateways. When you reset everything, as another poster mentioned, you put everything in default so it could be as simple as a phone call and asking what the gateway is? But most IT's hate other fudging with their stuff, I get that sometimes. Also, you mentioned one working computer and trying to use that computer as a gateway right? Did you redo the network configuration (cause I know from experience Windows used to have it) specifying that you are using "Another computer" as a gateway to the Internet, and the computer that is able to connect would need to be re-configured to be used as a "gateway to other computers". Wish I could tell you more or if this even helped at all. I would be a shitty tech support, it's simpler for me to sit infront of the problem computer and more or less find the issues and get it to tell me "what the issue is?". Best of luck.
 
You must log in or register to reply here.
Back
Top