No internet access but ping OK

  • Thread starter Thread starter Hex
  • Start date Start date
H

Hex

Hi,

Lets start by saying I'm a developer and networking isn't my strongest
suite. It's not my weakest either but this one has me stumped. It's a
friend's laptop with XP Home installed. He was complaining that when he
dialled AOL, he couldn't see the internet.

I tried it and it looks like he was right. It connects OK - you can ping
stuff but you can't browse anywhere - you get the DNS error screen in IE.
Tried a couple of other ISPs for luck (Freeserve and Virgin) and got the
same.

At home I've got a demon broadband wossname with one of these
router/switch/firewall/asdl modem all in one jobbies that's just always
worked without a hitch. 2 machines on the lan at the mo and I stuck this XP
laptop on my LAN.

It can browse to my local server so it looks like there's nothing wrong with
IE but it can't browse to anything the other side of my router. I can ping
anything in the outside world (eg www.google.co.uk) but can't seem to http
or telnet anywhere.

I'm not using ICS or the internal firewall thing.
I've tried using Dr TCP to set the MTU down to lower than 1500 and that
changed nothing.
I've turned WSP Client off.

This friend of mine has 6 other laptops in his company all exhibiting the
same behaviour so it must be something in the setup of XP on these machines
but I'm totally stumped. He brought it to me as his "IT Expert Mate". My
pride is at stake. Please help.


Hex.
 
If you've got it at your house, do this and report back:

1) At a command prompt, run "ipconfig /all" on the XP Home machine and one
of your machines that works. Everything but the IP Address and Host Name
should be the same. If there are differences, post the results from the
working and non working machine.

2) Check the Hosts file (%systemroot%\system32\drivers\etc\hosts). The only
entry without a # at the beginning should be:
127.0.0.1 localhost

3) Do the following:
Get properties on the network adapter in the Network Connections
Control Panel
Select "Internet Protocol (TCP/IP)" in the list on the General Tab
Press Properties
Press Advanced on the dialog that pops up (title: Internet Protocol
(TCP/IP) Properties)
Click the DNS tab on the dialog that pops up (title: Advanced TCP/IP
Settings)
In the top box (label: DNS server addresses, in order of use:) you
shouldn't see anything.

If you DO see anything in the DNS server addresses, or in the hosts file,
there was a worm going around a while back that made these changes and
ultimately broke name resolution. Broadcast name resolution, i.e. your home
network, would still work though, explaining why he could access your
server. Clean that stuff out (make a backup copy of hosts first, just in
case they have entries in there for some reason) and try again to see if it
resolves the problem.

4) Download a Spyware remover (or two) and scan the system.

Reply to this post if you need more info, have questions, or the above
doesn't work.
 
As a followup, if you do find alterations to the hosts file or DNS settings,
run a virus scan in case there are any bits left around of the trojan that
made the changes. If you find any variants of "Qhost" in the virus scan,
one of several removal tools to clean the mess up can be found at:

http://www.symantec.com/avcenter/venc/data/trojan.qhosts.html

You can find more info and more tools by searching for "qhosts trojan" (add
"remove" to find tools easier if thats all you want) on google.
 
Hi Matt,

Thanks for the response. And apologies for the delay in mine - time
difference accross the Atlantic.

OK - the IPConfig/all returned pretty much the same except for:
The XP Home Machine says
Node Type Unknown
IP Routing Enabled Yes
WINS Proxy Enabled Yes
My W2K Pro machine says
Node Type Broadcast
IP Routing Enabled No
WINS Proxy Enabled No

I don't know if these differences would have any effect.

Next, the Hosts file. This has a few lines in there that have been created
by "BT Expert Internet" (BT: massive UK telco - provider of asdl for my
friend's company). I've stuck a # in front of all that (I assume # is
comment in hosts file ?) and rebooted but no joy.

Next - the DNS server addresses: all fine, nothing in there.

I've stuck AVG on the machine and done a virus scan (although, obviously,
the machine can't pick up the latest update from grisoft) and it's not found
qhosts but it's found a worm called Nachi on
C:\Windows\System32\Wins\DLLHost.exe.

Still looking... any ideas ?

Hex.
 
I followed Macafee's instructions for manual removal of Nachi, and installed
the relevant MS Security Patch. Re-booted and re-scanned and the virus has
gone.

Now, we have some progress. I'm not sure at which stage this became the
case (modify of hosts file or removal of virus) but telnet now works and I
can browse in Netscape. Infact, the only thing not working seems to be IE.

Hex.
 
OK - Proxy server was checked in IE after doing all those changes. Not sure
why but hey.

Matt - thanks for your help. You are a dude. Next time I'm in Seattle I'll
buy you a beer.
 
Back
Top