1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

no sent/received data, but says connected...

Discussion in 'Networking' started by tmg75, Sep 22, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. tmg75

    tmg75 Thread Starter

    Joined:
    Sep 22, 2004
    Messages:
    8
    We're trying to get this networked PC to work. It's on a Windows 2000, and the internet was working a few days ago, and now it's not. I have a feeling the night time guy did something to it but won't admit it. I see it had viruses on the 15th, but now it's clean. It says its connected, speed 10.0 Mbps, but no data is going back and forth.
    Any ideas? If you need more info let me know.

    (the IP/DNS settings are all correct)
     
  2. etaf

    etaf Moderator

    Joined:
    Oct 2, 2003
    Messages:
    65,294
    First Name:
    Wayne
  3. tmg75

    tmg75 Thread Starter

    Joined:
    Sep 22, 2004
    Messages:
    8
    can't ping from other computers. can ping itself though.. not sure if that means anything.
    He had a Backdoor Agent B i think, Trojan Horse, Bloodhound Exploit 6, and I forget the other. I can look it up again tomorrow. (at home now). He downloads from Kazaa.
     
  4. etaf

    etaf Moderator

    Joined:
    Oct 2, 2003
    Messages:
    65,294
    First Name:
    Wayne
    kazaa wil be the problem - have a look through these forums for info.
    i would suggest you post a hijackthis log - however, the secruity gurus when adviseing how to cleanup the PC will advise to remove P2P - note this forum will not support the illegal copying of copyrighted material - again see forums.

    so if they want to take kazaa off and clean up the PC please do the following

    post a hjt log


    HIJACK THIS:

    Download and copy hijackthis to its own folder , it makes backups so keeping them separate and available can be useful.

    Note the Spyware tools websites are very often under attack and so I have provided more than 1 location to download from:

    http://www.tomcoyote.org/hjt/
    http://209.133.47.200/~merijn/downloads.html
    http://www.thespykiller.co.uk/
    http://www.majorgeeks.com/download3155.html
    http://aumha.org/downloads/hijackthis.exe
    http://www.thewhities.com/
    http://www.sherrylynn.us/privacypolicy (this has an older version 1.97 - if you can not get to any of the above sites)

    Close all open windows and open Hijack This. Click “Scan”. When the scan is finished (it only takes a second), the scan button will change to “Save Log”.
    Click on “Save Log” and then save it to NotePad.
    Click on “Edit” – “Select all” – “copy” and then “paste” into the thread.
    DO NOT FIX ANYTHING wait advice from one of the many security experts in this forum.

    I currently do not have the skill/competence to advise and poor advice can be far more damaging to your PC with this software, and so I will be unable to add any advice on the log and so will nolonger be replying to your post with regards to the HJT issue, so please have patience and wait for one of the secruity experts to provide further detailed advice

    i will however, be notified when you post the log
     
  5. tmg75

    tmg75 Thread Starter

    Joined:
    Sep 22, 2004
    Messages:
    8
    I don't see any trace of Kazaa on the computer. ALready checked for that. He just got a brand new hard drive a couple weeks ago. He had screwed up the last one as well.


    Logfile of HijackThis v1.97.7
    Scan saved at 9:33:06 AM, on 9/23/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\NavNT\vptray.exe
    C:\WINNT\system32\ntvdm.exe
    C:\Program Files\Quick View Plus\PROGRAM\QVP32.EXE
    C:\WINNT\System32\MDM.EXE
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\WINNT\system32\Notepad.exe
    C:\Documents and Settings\TRader\Local Settings\Temp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://nslijhealthport.northshorelij.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\n2jux\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\n2jux\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://healthport
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\n2jux\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by NSLIJHS
    O2 - BHO: (no name) - {4A921961-0BF0-4DB4-95F6-7EDEE2FFF6C9} - C:\WINNT\system32\cahpoll.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - Global Startup: CLEANUP.BAT
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://healthport
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D2B4A68C-CBB6-4971-BDE3-A71676AF0DF9}: NameServer = 167.206.112.3,167.206.112.4
     
  6. tmg75

    tmg75 Thread Starter

    Joined:
    Sep 22, 2004
    Messages:
    8
    I can ping myself but can't ping the Default gateway ip address. Could it be just a hardware problem?
     
  7. etaf

    etaf Moderator

    Joined:
    Oct 2, 2003
    Messages:
    65,294
    First Name:
    Wayne
    can you post V1.98.2 available from the sites listed
    surprised about kazaa
    I can see some problems in the log - but not an expert - so we need a secruity guy yo have a look - as soon as you have loaded 1.98.2 i'll get an email
     
  8. tmg75

    tmg75 Thread Starter

    Joined:
    Sep 22, 2004
    Messages:
    8
    sorry, I did download from one of those sites, but they must not have had the new version up.

    Logfile of HijackThis v1.98.2
    Scan saved at 1:48:16 PM, on 9/23/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\Quick View Plus\PROGRAM\QVP32.EXE
    C:\WINNT\system32\mmc.exe
    C:\WINNT\System32\MDM.EXE
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\TRader\Local Settings\Temp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://nslijhealthport.northshorelij.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://healthport
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\n2jux\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\n2jux\LOCALS~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\n2jux\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by NSLIJHS
    O2 - BHO: (no name) - {4A921961-0BF0-4DB4-95F6-7EDEE2FFF6C9} - C:\WINNT\system32\cahpoll.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - Global Startup: CLEANUP.BAT
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O14 - IERESET.INF: START_PAGE_URL=http://healthport
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D2B4A68C-CBB6-4971-BDE3-A71676AF0DF9}: NameServer = 167.206.112.3,167.206.112.4
    O18 - Filter: text/html - {37110B49-5653-447F-A96B-D6B846C349B0} - C:\WINNT\system32\cahpoll.dll
    O18 - Filter: text/plain - {37110B49-5653-447F-A96B-D6B846C349B0} - C:\WINNT\system32\cahpoll.dll
     
  9. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Hi tmg75

    You have a hijack that usually requires a special tool to identify and remove a hidden file that keeps reloading the hijack. In order to run this tool you must have IE6 SP1 installed. Before I can post the link to that tool for you to use, you need to go to Windows update and install IE 6 and the other "Critical Updates". You really need to have it anyway as it is much more secure and you are more vulnerable to attack now running IE 5.51.

    Once you have those installed, rescan with Hijack This and post another log,
     
  10. tmg75

    tmg75 Thread Starter

    Joined:
    Sep 22, 2004
    Messages:
    8
    I can't because I don't have an internet connection.

    I can't just delete the file? I am experienced with editing/deleting items in registry (i just don't have much networking experience) so if thats an option let me know.
    Thanks
     
  11. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
  12. tmg75

    tmg75 Thread Starter

    Joined:
    Sep 22, 2004
    Messages:
    8
    The winsock fix didn't work.
     
  13. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Sorry I haven't gotten back to you sooner, but I have been out of town. Have you made any progress here?
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - sent received data
  1. kenwoodfox
    Replies:
    16
    Views:
    407
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/276931

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice