Ping OK, Shares Ok but no Internet browsing.

[mprkiran]

Hi all,
This is pavan from hyderabad. Working as System administrator.

In my office, i am not able to access the internet (browsing) but i am able to access all shares in my network, pinging is possible to google, yahoo but not able to access web pages.

Internet Explorer error is "Internet Explorer could not open the search page"

I also installed Mozilla FireFox but no use. FireFox does not display any error messages.

My system details are

Operating System : Windows XP Pro Service Pack 2
Antivirus : McAfee Enterprise 8.5.0i

Internet Connection : ADSL Router 256kbps

Computer Configuration : Pentium(R) 4 CPU 2.66GHz 512 RAM

Could anyone give any information about this error.

Regards,
Pavan Ram Kiran.

 

[Madxgraphics]

Try reseting your router..

 

[mprkiran]

i replaced another router instead of ADSL Router(256 kbps)
but no use. same problem is coming.

 

[JaLing]

If your able to ping name based addresses then we know your settings at the TCP/IP level are correct.

1) Do you have any firewall software installed ? If so try disabling it and test.
2) Although your settings are correct your network may require you to enter proxy settings
3) You may have a virus/spyware generating issues on your PC (or the remnants of)
4) Loads more possibilities...

 

[mprkiran]

1) I have no firewall software.Only McAfee Software installed.

no updates due to no internet.

2) Proxy settings.....where ?

3) virus was removed by McAfee. first i removed hard disk(from virus system1 ), placed at another system2(this system has updated McAfee) and scaned all drives. virus was removed and I fixed the hard disk at original place.

Ping OK, Shares Ok but No internet browsing and also virus list was not removed from MSCONFIG.MSC Tool.

*) dc c:\windows\dc.exe

*) SVIQ c:\windows\SVIQ.EXE

*) Fun c:\windows\system\Fun.exe

*) Other c:\windows\inf\Other.exe

*) lphcesbj0ej0l c:\windows\system32\lphcesbj0ej0l.exe

*) win c:\windows\system32\config\win.exe

*) SHSTAT c:\Program Files\Network Associates\VirusScan\SHSTAT.EXE*/

*) rhcasbj0ej0l c:\Program Files\rhcasbj0ej0l\rhcasbj0ej0l.exe

But virus files were removed completely. I saw all drives and folders in "Show all files and folders" mode.

I modified some more regestry paths...see them

a)

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1

*) string value

FriendlyName



http://antivirus-2008pro.com/scanner.php?aff=DB

http://antivirus-2008pro.com/scanner.php?aff=DB

Antivirus 2008 PRO

b)

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Antivirus 2008 PRO

c)

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Antispyware 2008

d)

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe

C:\WINDOWS\dc.exe

C:\WINDOWS\system\Fun.exe

e)

HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache

f)

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Webcheck\Store.1\{D322370E-E6BE-01C8-0000-0000681B8206}

*)default

http://antivirus-2008pro.com/scanner.php?aff=DB

g)

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows

*)string value

load

C:\WINDOWS\inf\Other.exe

run

C:\WINDOWS\system32\config\Win.exe

h)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Load

*)string value

command

C:\WINDOWS\inf\Other.exe

item

Other

i)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Run

*)string value

command

C:\WINDOWS\system32\config\Win.exe

item

Win

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

*)string value

dc

C:\WINDOWS\dc.exe

dc2k5

C:\WINDOWS\SVIQ.EXE

Fun

C:\WINDOWS\system\Fun.exe

MSMSGS

"C:\Program Files\Messenger\msmsgs.exe" /background

j)

HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache

*)string value

C:\WINDOWS\SVIQ.EXE

SVIQ

C:\WINDOWS\dc.exe

dc

C:\WINDOWS\system\Fun.exe

Fun



4) I set all values default.

5) my system have two lan cards. One is on board lan and second is additional card.

D-Link DFE-520TX PCI Faxt Ethernet Adapter

Realtek RTL8139/810x Family Fast Ethernet NIC

Physical Address Transport Name

=================================================

00-16-76-70-1D-1B \Device\Tcpip_{7B6E5E29-4DD1-490A-B85C-C86399046485}

00-1C-F0-15-39-47 Media disconnected


pls give solution.

 

[JaLing]

Yup... reload time for you m8.

What I believe has happened is that you've removed the viruses but left the damage.
You should only ever remove a drive and scan it on another computer as a last resort for it will only remove the virus and repair infected files (doesn't always repair them). Files which have been altered but not infected are not fixed as they are not considered required files for applications due to the exsisting versions on the main drive being fine.

What you need to do is ....
1) Get a list of what viruses were on there
2) Download the virus repair/removal executables for each virus from Symantec or who ever
3) Force run them with a command shortcut to make them think your infected so that they repair altered files.

For future reference most Antivirus products allow you to make a bootable version with updated detection etc.... this is what you should have used.

Ja-Ling

 

[mprkiran]

thanks for your information JaLing. i am following your suggestions now.

 

[mprkiran]

I got one software "SDFix" from the link http://www.bullguard.com/forum/9/Funexe-and-DCEXE_52990.html to remove dc.exe, sviq.exe and some viruses.

Download link is

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

But only desktop.exe,win.exe virus files were removed. It did not clean dc.exe,sviq.exe and other files.

 

[mprkiran]

From System 1

Microsoft Windows XP [Version 5.1.2600]

(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\pavanram>ping yahoo.com

Pinging yahoo.com [°ÿ] with 32 bytes of data:

Reply from 68.180.206.184: bytes=32 time=439ms TTL=44

Reply from 68.180.206.184: bytes=32 time=391ms TTL=44

Reply from 68.180.206.184: bytes=32 time=371ms TTL=44

Reply from 68.180.206.184: bytes=32 time=391ms TTL=44

Ping statistics for:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 371ms, Maximum = 439ms, Average = 398ms

C:\Documents and Settings\pavanram>



[°ÿ] what is this symbol. One small beep sound also come when I ping to.



From System 2

No beep, no symbol [°ÿ] from another system.

C:\Documents and Settings\srinivas>ping yahoo.com

Pinging yahoo.com [68.180.206.184] with 32 bytes of data: Reply from 68.180.206.184: bytes=32 time=307ms TTL=48

Reply from 68.180.206.184: bytes=32 time=303ms TTL=48

Reply from 68.180.206.184: bytes=32 time=302ms TTL=49

Reply from 68.180.206.184: bytes=32 time=303ms TTL=48

Ping statistics for 68.180.206.184:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 302ms, Maximum = 307ms, Average = 303ms

C:\Documents and Settings\srinivas>

pls anyone give suggestions.

 

[Abarbarian]

Try here,

http://www.hijackthis.de/

 

[mprkiran]

I installed HijackThis in my system, scaned whole system and got one "hijackthis" log file.I also uploaded log file at http://www.hijackthis.de/ .

I saw some lines have "right" mark and some lines have "wrong" mark. It is very helpful to remove unwanted programs in my systems.

I am checking one by one line.....

What is R1, R0, F2, 02...... number format. Could you tell some more info on this.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\Notepad.exe

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)

O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-1004336348-606747145-682003330-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-1004336348-606747145-682003330-1003\..\Run: [dc2k5] C:\WINDOWS\SVIQ.EXE (User '?')

O4 - HKUS\S-1-5-21-1004336348-606747145-682003330-1003\..\Run: [Fun] C:\WINDOWS\system\Fun.exe (User '?')

O4 - HKUS\S-1-5-21-1004336348-606747145-682003330-1003\..\Run: [dc] C:\WINDOWS\dc.exe (User '?')

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'c:\windows\system32\ntdll64.dll' missing

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1203677610578

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{7B6E5E29-4DD1-490A-B85C-C86399046485}: NameServer = 218.248.255.146,218.248.255.139,202.54.12.164,203.197.12.30

O17 - HKLM\System\CCS\Services\Tcpip\..\{C2142FA0-E7CA-4828-83AB-10C0CF923A8F}: NameServer = 218.248.255.146,218.248.255.139

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

 

[Abarbarian]

http://www.bleepingcomputer.com/

These folk might be able to help with the Hijack This file. HijackThis is complicated for the novice and most folk seek help with what to delete and what to keep.

 

[mprkiran]

thank you very much Abarbarian & JaLing for your valuable information.

Problem was solved.
​

1) I installed "lspfix" (from the link http://www.download.com/LSPFix/3000-2085_4-10417026.html) in my system and some internet settings were modified by software.

2) next I installed "Trend Micro HijackThis" software from the link http://www.hijackthis.de/

i followed instructions as the software asked me. and I also checked the web page http://www.hijackthis.de/ for the "hijackthis" log file. Its very good site.

3) Ping OK, Shares OK and Internet Browsing is also OK.

thank you very much Abarbarian & JaLing for your valuable information.

 

[mattcorps]

long path files

[mucks edit ... have a nice day ]