rendrag Posted August 3, 2011 Posted August 3, 2011 Hi guys,A friend of mine brought me his laptop (XP SP3) claiming it was acting slow. Turns out he had a mess of viruses -- some trojans, google redirect... pretty nasty stuff. I finally got all that cleaned off (no small feat given the virus auto-rebooted out of safe mode), and now I can't get online. Whether I use wired or wireless, DHCP or static, nothing works. Renewing the IP fails, claiming the "socket operation encountered a dead network". Static IP's fail to get a DNS lookupI've tried all manners of winsock2 resets (both commandline and programs)I've reinstalled TCP/IP on both adaptersI've uinstall the wireless and wired adapters and had windows reinstall themI'm hoping I've missed something or someone has worked through this before and can offer me some suggestions. It's a Gateway laptop, and he claims not to have the original XP Home disk, so I don't know how possible a clean wipe/reinstall is (plus he's really pressing me not to go that route)So, any suggestions?
Joseph_sw Posted August 3, 2011 Posted August 3, 2011 (edited) most unwanted network "apps" (worms, virus, browser-plugins, spyware, malware, etc..) have nasty habit adding another uneeded layer in networking process,which its obvious reason to monitor/profiling/mining/re-directing the users' browsing habit.Those extra layers route might still exist in registry and used by system,and since the files need for the layer were now gone, the networking function got crippled.Adding network layer have it legitimate uses however,such as used by Internet Download Manger' Advanced Browser Integration.That feature will take over any downloading process that utilize TCP/IP and using HTTP' GET command.It works for any program (not just 'browser') by monitoring outgoing TCP/IP packets.Therefore, i would suggest to check registry for such entries. Edited August 3, 2011 by Joseph_sw
allen2 Posted August 3, 2011 Posted August 3, 2011 (edited) I would format anyway as you can't know for sure if you didn't missed something else when there are many virus/trojans.Did you checked if the loopback was still working (ping 127.0.0.1) ?Also, the error message you get is usually related to .net framework so may be removing it or reinstalling it might solve the problem. Edited August 3, 2011 by allen2
Yzöwl Posted August 3, 2011 Posted August 3, 2011 Although it doesn't sound like your issue, I've noticed that a common leftover after virus removal for users of Internet Explorer is usually fixed thus:navigate toInternet Options > Connections > LAN Settings > Proxy serverthenUncheck the Use a proxy server for your LAN checkbox
rendrag Posted August 3, 2011 Author Posted August 3, 2011 (edited) Therefore, i would suggest to check registry for such entries.Any suggestions as to where I should look? I've already deleted the winsock and winsock2 reg entries and had Windows recreate them.I would format anyway as you can't know for sure if you didn't missed something else when there are many virus/trojans.Did you checked if the loopback was still working (ping 127.0.0.1) ?Also, the error message you get is usually related to .net framework so may be removing it or reinstalling it might solve the problem.I'm still holding out hope that I can avoid a reformat, as much of a pipe dream as that may be. I've been able to scan the system in safe mode with spybot and hijackthis and ms security essentials with no hits, so I'm reasonably confident the system is clean.I haven't tried the loopback yet. What will that tell me? I'll try deleting the .net framework if he has it.Although it doesn't sound like your issue, I've noticed that a common leftover after virus removal for users of Internet Explorer is usually fixed thus:navigate toInternet Options > Connections > LAN Settings > Proxy serverthenUncheck the Use a proxy server for your LAN checkboxThat was unchecked and I rechecked the "automatically detect settings" box as well. No change in behavior. Edited August 3, 2011 by rendrag
allen2 Posted August 3, 2011 Posted August 3, 2011 (edited) If the loopback interface stil work, you'll know that the tcp/ip stack is working. Edited August 3, 2011 by allen2
Tripredacus Posted August 4, 2011 Posted August 4, 2011 Try going to this website:http://74.125.226.113/
Joseph_sw Posted August 4, 2011 Posted August 4, 2011 you might want to use Process Monitor very powerful utility that monitor registry/file/etc access, its report rather overwhelming though.run the Process Monitor,try to stop/start windows services that required for TCP/IP connection process, try to connect online, etc...then look in Process Monitor' reports for attempt to access non-existing files.
rendrag Posted August 21, 2011 Author Posted August 21, 2011 (edited) So I finally gave up and wiped the drive. Unfortunately because he doesn't have his original disks I couldn't use them to re-install windows, so I had to download a copy of XP SP3. Got windows installed, but Activation doesn't want to take the product key that's on the bottom of his PC. I tried calling MS, and after they reject the installation ID, they tell me to go to support.microsoft.com/pag, which tells me that XP is no longer sold and I have to buy win7. Is there any way around this? He has a legal copy of windows, so I'd rather not crack the activation.Any suggestions? Edited August 21, 2011 by rendrag
Guest Posted August 21, 2011 Posted August 21, 2011 http://www.tek-micro.com/products/Microsoft-Windows-XP-Professional-w%7B47%7DSP3-%252d-Full-Version.html
rendrag Posted August 23, 2011 Author Posted August 23, 2011 Thanks for the link. I did some more research before spending the dough and it turns out that I downloaded a Retail version of XP where the original was an OEM copy. Once I reinstalled an OEM copy, the key took just fine.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now