Someting Disables my PC's Network Adapter Card settings

Discussion in 'malware problems & news' started by odysseus79, Oct 16, 2003.

Thread Status:
Not open for further replies.
  1. odysseus79

    odysseus79 Registered Member

    Joined:
    Oct 16, 2003
    Posts:
    8
    o_OHello, guys; Hope you'll be able to answer a security question or direct me to the proper forum on you site.

    Something strange affects My PC's Network Adapter Card settings, preventing Internet connection on DSL Line.

    It began a week or so ago, when I suddenly was unable to connect to the Internet.
    Running all available PC utilities did not reveal any abnormalities except two:
    1.   In "System Information" utility-When the Network Adapter is highlighted, in the right pane there is a message in red saying that the Adapter Card is not functioning or missing drivers etc.
    2.   Running IP utility displays only local host (127.0.0.0.) installed on my machine and all "000" for other IP address.
    There is no alert mark next to any of the items listed on the "Devise manager".
    At that time (~7days ago) I simply scanreg /restore'd the registry dated when I new my INet worked.
    On re-boot I had everything working.

    Two days later the exact same thing happened again- Network Adapter Card settings gone, no Internet connection.

    Since I turn off PC at night and power it back on the next day I've noticed the unusually long time it now takes before My Desk Top and icons appear on boot-up.

    Full VScan of "My Computer" can never complete its scan and crashes when it reaches one particular Zip file C:. Could be a co-incidence since I've had this file on my HD for 2 years without any problems before. However, VScan does not find problems when C: Drive and Windows folder scanned separately but not as full "My Computer" sequence.

    All this makes me think of warms, scripts and alike. I'm on LAN and at least 1 other machine seems to have developed same symptoms but not 8 or 10 others. Could be another co-incidence?

    Restoring previously "working registry" every 2 days does not work anymore either.

    Interestingly (?) VS cannot access Network Neighborhood at all. Gives a warning: Drive does not exist.
    From DOS I deltree'd history, cookies and Tempor~1.


    I'd be very grateful for your expert advise.


    ________________________________________________________
    PC-Acer SE Celeron 700/64/20. OS-Win98se-factory pre-installed OEM.
    McAfee VScan v 5.12
    Lavasoft Ad-aware Release 5.8, ZA, Naviscope, All relevant IE settings disabled for security.
     
  2. pin

    pin Registered Member

    Joined:
    Nov 4, 2002
    Posts:
    116
    i'm by no means an expert, but let me give my experience. it's not quite the same as yours, but something you said reminds me of it and maybe you will get some use out of it:

    there was a time when my DHCP stopped working. what i mean is that the router refused to give me an IP address and i was forced to manually enter the data. DHCP seemed to be working fine on my pc, and it just quit for no *apparent* reason one day. so i had no internet access (until i did my manual reconfiguration of IP, DNS, Gateway), and whenever i rebooted, it would take a really long time for my desktop to finish loading because the LAN connection was waiting for the router to assign an IP address, eventually giving up and letting everything else load. it just seemed to fix itself one day. this only seemed to happen on my pc, no one else in the LAN was affected.

    sorry if this was not useful!
     
  3. odysseus79

    odysseus79 Registered Member

    Joined:
    Oct 16, 2003
    Posts:
    8
    Thanks for your reply, PIN. I myself is far from being an expert and that is the reason I have several *heavy duty* defensive programs installed. They served me well for few years without a glitch but, apparently, nothing is 100%.
    I'd be glad to try manual IP configuration as you mentioned in your post. I know my static IP address (copied it long before this happened) and the port is 8080. If you could post step-by-step instructions I'd be very interested to try.
    I already DL'd and burned Spybot on another comp to install and test it on my PC tomorrow.
    I'll post the results soon as they're obtained.
    Thanks again.
     
  4. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    771
    Location:
    Headquarters - London & Field Offices -Worldwide
    Hello odysseus 79

    A) Is any part of your network wireless? If so - consider a MAC clone problem. For further information on this please ask us or anyone knowledgeable here about this situation.

    B) Have you had anyone check a HijackThis print out? If not - download HijackThis from here and then paste the report here on this forum and some experts will take a look at it and advise.

    Best wishes
     
  5. BWMerlin

    BWMerlin Registered Member

    Joined:
    Aug 11, 2003
    Posts:
    71
    It sound like a broken ISPconnection, i had this problem were one of my lan pc could not connect to the net no matter what i tried. Finaily i posted a hijack this log and someone idetified a broken connection in the o10 entires. Here is a tool that might fix your problem. http://cexx.org/lspfix.htm but i might be wise to post the log first to make sure that this is the problem.
     
  6. pin

    pin Registered Member

    Joined:
    Nov 4, 2002
    Posts:
    116
    well it's not exactly the same because you are using DSL, so you shouldn't have a router to give you problems, so i think you should indeed post that hijack this log. if nothing is found there, i will try and step you through resettting your DSL manually. what version of windows are you running?

    good luck.
     
  7. odysseus79

    odysseus79 Registered Member

    Joined:
    Oct 16, 2003
    Posts:
    8
    Very many thanks to all of you great people who find the time to respond to troubles like mine.

    I apologize if my responses seem somewhat tardy. Since yesterday, Friday, I also lost telephone service due to some malfunction at the phone company’s end. My local telephone crevice provider does not provide any services, including emergency repairs, on weekends. So now and for the next 2-3 days I’m unable to use my other PC*s (at another location) Dial Up connection either. Luckily, friend*s old PC and its 3.5 floppy still work allowing me to post here and DL *Hijack This*. Soon as I go back, install and run it I*ll post back.
    Also, McAfee VScan finally did the entire “My Computer” without a stumble-All Clean.

    No, no part of my network is wireless - just regular dsl.

    Below is the copy of *Hijack This* scan

    Logfile of HijackThis v1.97.3
    Scan saved at 5:33:20 PM, on 10/18/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v5.00 (5.00.2614.3500)

    Since I was at it I ran the Start Up List Scan. Copy Below



    StartupList report, 10/18/03, 5:44:14 PM
    StartupList version: 1.52
    Started from : C:\PROGRAM FILES\HIJACKTHIS NEW 10-18-03\HIJACKTHIS.EXE
    Detected: Windows 98 SE (Win9x 4.10.2222A)
    Detected: Internet Explorer v5.00 (5.00.2614.3500)
    * Using default options
    ==================================================

    Running processes:


    C:\PROGRAM FILES\HIJACKTHIS NEW 10-18-03\HIJACKTHIS.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\WINDOWS\Start Menu\Programs\StartUp]
    System Monitor.lnk = C:\WINDOWS\SYSMON.EXE
    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    McAfee TaskMaster = "C:\Program Files\McAfee\McAfee Shared Components\Crash Protector\TASKMSTR.EXE" /taskman:1
    TrueVector = C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    minilog = C:\WINDOWS\SYSTEM\ZoneLabs\MINILOG.EXE -service

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    Kana Reminder = C:\PROGRAM FILES\KANA REMINDER FOLDER\REMINDER.EXE

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 20/5/2002, 14:5:34)

    [rename]
    NUL=c:\windows\TEMP\GLB1A2B.EXE

    --------------------------------------------------

    C:\AUTOEXEC.BAT listing:

    SET PATH=%PATH%;C:\PROGRA~1\MCAFEE\MCAFEE~2
    SET PATH=%PATH%;C:\PROGRA~1\MCAFEE\MCAFEE~2
    C:\essolo.com

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\WINDOWS\SYSTEM\NZDD.DLL - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C}
    URL Monitor1 - C:\PROGRA~1\ROBINS~1\GETIT\IEHLPOBJ.DLL - {7DAFD8A1-A6F8-11D3-9B51-0000E85300BA}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Tune-up Application Start.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\SWFLASH.OCX
    CODEBASE = http://active.macromedia.com/flash2/cabs/swflash.cab

    [Update Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37733.6198958333

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

    --------------------------------------------------
    End of report, 4,618 bytes
    Report generated in 0.670 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only

    Many thanks again. Will Look for further advise.

    _____________________________________________________

    PC-Acer SE Celeron 700/64/20. CD-CDRW OS-Win98se-factory pre-installed OEM.
    McAfee VScan v 5.12
    Lavasoft Ad-aware Release 5.8, ZA, Naviscope, Test-Run, All relevant IE settings disabled for security.
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi odysseus79,

    Could you check the properties of C:\WINDOWS\SYSMON.EXE and see if they match:
    http://vil.nai.com/vil/content/v_100381.htm

    It probably is the real thing: http://www.onecomputerguy.com/app_info/sysmon.htm
    Just making sure.

    And try disabling this BHO:
    O2 - BHO: URL Monitor1 - {7DAFD8A1-A6F8-11D3-9B51-0000E85300BA} - C:\PROGRA~1\ROBINS~1\GETIT\IEHLPOBJ.DLL
    using BHODemon and see if that helps.

    I would appreciate a copy of that IEHLPOBJ.DLL so I can add it to the BHO List
    Please use the address in my profile.

    TIA,

    Pieter
     
  9. odysseus79

    odysseus79 Registered Member

    Joined:
    Oct 16, 2003
    Posts:
    8
    :oops:
    Hi, Pieter; Thanks for your response and advice.
    1.   My SYSMONITOR.exe is:- File version 4.10.1998; Size 80.0KB (89,920bytes) 89,920bytes used
    2.   My SYSMONITOR is permanently ON (starts with Windows every time) and monitors 3 parameters: Kernel, Memory and Swap File. So far, haven’t noticed anything unusual.
    3.   BHO- I’d be happy to send it to you but I’m more then certain that it isn’t it. I have BHO Cop showing this BHO registered properly. This BHO belongs to the little prog. called “GetIt” by Robin Software. It’s nothing more than a very simple, yet quite useful, Download Manager, which has been on my PC for at least 2+ years. v 1.0 I have, is not even integrated into IE. Yet, if you still need this BHO I’ll send it with my next post (I'm far from that PC now).
    4.   I also looked (scanned) for SYSMON.INI and IRSETUP.DAT as mentioned in the McAfee Bulliten-Neither is found.

    Thanks again for your time and support.

    Much appreciate further advice.
     
  10. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi odysseus79,

    Thanks for the info on the BHO. I will add it on the next update.
    Have you tried installing another NIC?

    Regards,

    Pieter
     
  11. odysseus79

    odysseus79 Registered Member

    Joined:
    Oct 16, 2003
    Posts:
    8
    :oops:Hello; Pieter, that DLL you requested is on its way to you.

    No, I did not try replacing NIC card for several reasons. I have a strong feeling the card itself isn't at fault, rather something else, may be one of my other apps. acting up somehow prevents the Card from loading or keeps changing its setting. In one of previous PIN's posts he mentioned how his Card sometimes stops/starts working for no apparent reason.

    So far now, I'd like to wait for PIN's instructions and try configuring the Card manually.

    I re-checked hardware as to how I'm connected to DSL:
    I'm sure that I'm not part of Network since 1. I cannot see other computers in my Network Neighborhood - just my machine. 2. My DSL line is connected through a "Link Box" (has its own working port), from there strait to one of the Hubs (there are 4 in all).

    I'd like to be reasonably certain before attempting replacement of components.

    So, I'd rather wait until Pin or someone else has a chance to post instructions here for me first.

    Thanks again.
     
  12. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi odysseus79,

    Thanks for the sample and good luck on solving your problem. :)

    Regards,

    Pieter
     
  13. odysseus79

    odysseus79 Registered Member

    Joined:
    Oct 16, 2003
    Posts:
    8
    You*re very welcome, Pieter. Hope it*ll come in handy.

    Hope someone will help me with manual Network configuration.

    Bye, for now
     
  14. pin

    pin Registered Member

    Joined:
    Nov 4, 2002
    Posts:
    116
    hello again, i'm sorry to see you are still have problems.

    i asked around for some advice and now believe what i suggested won't do anything, since your card isn't even properly recognized. here is some other advice i got that you could try if you haven't already:

    1. run system-file-checker ("sfc"), windows will attempt to replace any missing system files.

    2. look for conflicts, i assume you have done this already if you've been searching the system information.

    3. look for new drivers for your card, maybe there was some sort of conflict with old drivers and now they aren't recognized.. also check to see if your drivers are in the system directory.. maybe they have been deleted or corrupted.

    4. try someone else's card and see if you get any different results. look for physical damage on your card.

    5. do a format/reinstall of windows.

    6. buy a new card.

    good luck again!
     
  15. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    I wanted to list a couple of other possibilities, because this sound like it could be hardware-related.

    1. How is the HDD? Might try scandisk and see if you have some bad/failing sectors.
    2. If the NIC is PCI, try re-seating it, or even switching to another slot. You may have a cranky slot.
    3. The NIC may be failing. I'd definitely consider that as an option as well.

    Hope these weren't redundant--and good luck! ;)
     
  16. odysseus79

    odysseus79 Registered Member

    Joined:
    Oct 16, 2003
    Posts:
    8
    Thanks for your reply, Pin, JimIt.
    Yes, I tried everything on you list, including Re-format/Re-install with Acer CPR Recovery CD and Patch (couldn*t do it and now glad about it too).
    Here is why:
    I just turned the PC on and it booted up as if nothing has ever happened. All the configurations*re in place and IE works. Go figure...
    However, don*t know for how long this time. This tells me that there is a conflict somewhere, which now needs to be monitored and probably nothing else.
    Therefore, I*d still like the instructions on manual *winipcfg* Network Configuration in the event it may happen again, if this is not much trouble for you and, of course, when you have a chance.

    Thanks in advance.
     
  17. pin

    pin Registered Member

    Joined:
    Nov 4, 2002
    Posts:
    116
    here is some instructions for playing around with winipcfg settings:

    http://support.morehouse.edu/winipcfg.html

    here is another:

    http://www.ncsu.edu/resnet/pages/setup/winipcfg.php

    besides playing around with the settings, i was only thinking about calling up your provider, getting all the ips manually, and entering them here or directly in your tcp/ip configuration menu.

    this is all i was talking about, so i don't think you will have much success here, and it's not really a fix it's just a workaround until you get the real problem sorted out. if however this does get you up and running i'll be very happy to hear it!
     
  18. odysseus79

    odysseus79 Registered Member

    Joined:
    Oct 16, 2003
    Posts:
    8
    o_OThanks for your reply, PIN and everyone;
    So far, everything is on.
    Still, I re-checked and cleaned it again before putting it to work. Of course, this once more gave me a chance to note/log all of the Network Settings Configuration.
    I'm also quite certain to have found the cause of all troubles. I will post what I found in a couple of days after making sure that my resolution is correct. Just want to mention that a shortcut to a tiny program that's been on my HD for at least a year without a glitch caused this whole 3-week epos.
    Nevertheless, I'm glad to have had an opportunity to gain more knowledge communicating with good people.
    Many thanks.
     
Loading...
Thread Status:
Not open for further replies.