lost my internet

Hi Rich,

Hopefully there will be a few replies here by the time you get back...

A quick question first... your McAfee alerts are all from the firewall component right? None are from the McAfee Anti-Virus product?

That sounds simply like the normal Internet probing we all see. Yes, it may be more than you are used to seeing, but external probes against your system does not mean that you have any malware on your system. Even a huge volume of probes on ports commonly used by Sub7 and other malware still does not indicate any problem on your system, just a lot of Internet traffic.

Yes, you could have a virus but most likely not because of the probes. As you said, the probes were alerted to you. It's not likely that "one sneaked through" unless you routinely disable your protections or do other risky operations like opening unsolicited emails that may have a virus in them, downloading dangerous programs, or run unprotected file sharing.

Recommendation 1: However regardless of the cause, have you done a full system scan with your Anti-Virus product? (At this point other background info from you is also needed. What is your Windows version? Are you running McAfee Anti-Virus or any other AV product? Was it active and running resident all along? Can you scan with it when you get home?)

This is highly unlikely. Spybot, SpywareBlaster, and SpywareGuard run together on countless thousands of systems and are not likely to cause ISP connection problems. (Please note that Spybot S&D is not from WildersSecurity or JavacoolSoftware. It is a separate product from a different source, but its author recommends using SpywareBlaster along side Spybot.)

Recommendation 2: You could disable all three tools to see if that restores your connection. To disable SpywareGuard > right click the tray icon, select Options button > clear the three protection options > click Save Settings button > click OK > then exit SpywareGuard from File menu.

Click this link to see image on disabling SpywareGuard.

SpywareBlaster's protections are disabled by opening the program, hitting the "Deselect All" button then "Remove Protection for Unchecked items" then OK. Exit SpywareBlaster.

Click this link to see image on disabling SpywareBlaster

Spybot's active protections are in its Immunize screen. You can "Undo" the immunity and "Uninstall" the download blocker from that screen.

If disabling these products restores your connection, then you'll have your answer and can come back here and tell us which one did it and then we can move forward from there.

Recommendation 3: You may want to attempt to disable your firewall temporarily to see if it is simply that which is blocking your ISP connection. (Here's where knowing your Windows version, software levels and configuration would be helpful.) If your system is fully current on patches, is not running any server processes as would be exploitable on an unpatched Win2000 or WinXP, then you can probably run a short time safely without the firewall to see if that is the problem.

If none of the above helps, then the next thing to do would be to post a HijackThis log here and let the experts take a look at what's shown there...

Recommendation 4: HijackThis is a tool that displays startup and configuration information from your system. It is a very good way to determine what spyware is present and it also allows it to be fixed.

Now all of this is more difficult since your only access is at the library, and that is highly restricted, so it may not be easy to communicate on all of this.

Try to copy out all the recommendations everyone makes here, answer as many questions as you can so that the replies back next time will be more specific to your configuration. And the more you tell us about what exactly your are seeing on that system, exact error messages and conditions involved, would be extremely helpful in getting an answer.

 

I hope one of those suggestions above helped, but if they didn't there are still a few things you can do.

There might be good news because you are running Windows ME. Windows ME (and Windows XP) each have a utility called System Restore. If it has been running on your system, it could be possible to use it to reset your system back in time to a point when it was working fine.

Take a look at this Microsoft page:

http://www.microsoft.com/windowsME/using/computerhealth/articles/systemrestore.asp

The lower half of that page shows you how to tell System Restore to move your system back to a previously good point in time. If this problem with your system started 3 or 4 days ago (when it started losing the connection) and if System Restore has been active then you can tell it to Restore my computer to an earlier time via the Start menu > Programs > Accessories > System Tools > System Restore function.

If that's available, it may get you back online right away.

You will need to get an anti-virus application though, no matter what happens. There are many AVs that you can trial for free for 30 days and there are also some totally free ones. Generally speaking the pay products are better, but some free products aren't bad either. Of course, to get one you'll either have to buy one at the store and load it by CD, or get your connection working first so you can download one. If System Restore works out, then you really should come back here and we'll talk about Anti-Virus packages.

 

Well, this is good news. (Identifying the primary cause of a problem is essential to being able to resolve it, so it really is good news.)

Your concerns about Sub7 hits against your system are unnecessary provided you are not infected by the Sub7 Trojan. (If you don't have the Sub7 server running on your PC, incoming attempts to get to it are absolutely harmless and you need not worry about them.)

One way to determine if Sub7 is there is to first check for open ports on your system. If you open up a DOS window via Start menu > Run... > type in "command" (without the quotes) > in the DOS box type "netstat -an" (again without the quotes) this will show you the open / listening ports on your system. You are looking to see if the default Sub7 port (the one McAfee is alert you about - 27374) is open on your system.

If would appear something like this:

[pre]C:\>netstat -an

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:27374 0.0.0.0:0 LISTENING[/pre]
The key is the 27374 on the left side, regardless of the Local Address itself. If that port is not there at all, you don't have to worry about attempts from Sub7 probes.

Now, you may be able to save yourself trips to the library while trying to get support from McAfee by deinstalling the McAfee firewall entirely, and using another software firewall temporarily. A free product like Zone Alarm could be downloaded and installed from here:

http://www.zonelabs.com/

Once you have that installed, you can easily work from home without worry. There are many other firewalls available, as well... Most any of the brand names will do, it's just I think it is important to get you online from home so you can save yourself some major effort.

Once up at home on the system itself, the next steps would be to download an anti-virus product (just a free trial) to scan your system. Also, we can take a look at what all ports are open / listening on your system and see if you have any issues there. And there are several others steps to verify everything we could do once you are online.