NOTHING Repairs Internet on PC after Malware Fixes

Hi everyone! I'm having a very frustrating Networking problem after an older XP machine with SP3 got hit by some strange combo of viruses/rootkill malware. Short version is I had some combination of at least regedit.com and Trojan Agent/Ge.IE FAKE virus attack my machine. I got everything straightened and managed to clear that situation up. I even posted my logs post cleanup over in the Malware Removal forum to be sure I was as clean as I could get.

Everything on the PC now seems fine for the past 2 days or so except I cannot get this box to connect to the internet via either IE or FireFox. FF gives me the "Server not found" error message and IE tells me it "cannot display the webpage"

I'm no networking genius but from what I can tell my settings are fine (this machine was connecting flawlessly prior to the malware issue).

Here's the basic setup:
The PC in question has NVIDIA nForce MCP Networking Controller with the same driver it's always had. (I have never found an updated driver anyway). DSL comes from a Westell MOdel 6100G Modem (set to bridged mode) which goes to a Belkin NF5d8236-4 Wireless/wired router. The router connects via wired connection to the PC with issues, two other desktops, and a laptop which usually connects wirelessly.

I KNOW the router and internet are functioning b/c the other 2 desktops connect just fine. The laptop and a WII and Xbox 360 also connect wirelessly just fine as well. All the machines can see each other and transfer files.

On the PC that refuses to connect to the internet I can ping loopback, I can ping the router, I can ping the other machines, and I can ping outside sites by IP address via command prompt but NOT via host name. Likewise in my web browsers I cannot type in a website or I"ll get the error messages I previously mentioned. If I enter an IP address the browers will give me at least some form of their attempt at displaying a website. I can also access my router's homepage by typing in its IP address.

In the Network connections area the LAN and Internet show as connected and show it transferring packets.

No matter what this thing will NOT connect to the internet by domain name.

I've tried:
- Using the internet repair option in SAS
- Windows XP's built in repair function
- Winsockfix.exe
- I've followed the intstructions related to restoring internet after a "browser redirect" virus
- I've made sure the browsers aren't set to use a proxy
- DNS flush, ipconfig /release /renew
- Power Cycling everything
- The router settings look the same as they've always been
- I've made sure there is NO MAC address or IP filtering enabled on the router
- I believe all my settings in XP for the network connection (obtain ip addresses automatically etc.) are correct.

None of it has worked.

I've attached a copy of my MGlogs.zip file which I believe would show my current settings etc. and I'd appreciate ANY help or suggestions at this point.

I've read some posts where people had to throw in the towel because nothing works and do a complete reinstall of the OS. I fought so hard to bring this box back w/o doing that. I'd hate to have to do a fresh install anyway.

 

Try running this command from a command prompt. It'll reset TCP/IP. You have to reboot the PC after it is done.

netsh int ip reset c:\resetlog.txt

If it doesn't work then check your hosts file in c:\windows\system32\drivers\etc. It should look like this. If there are extra lines get rid of them.

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

 

Thanks for the input, but unfortunately it didn't work.
Prior to cemiaph's suggestions I've also tried the following to no avail:

Ran LSPfix: Showed no problems found
Tried "netsh winsock reset catalog" at command prompt and rebooted.
I've also tried the suggested netsh int ip reset suggestion which didn't work.

I checked my host file which literally only contains one singe line which looks exactly like this (w/o the quotes)
"127.0.0.1 localhost"
There is none of the # intro instructions.

Nothing has changed. :banghead

 

Every time I have ever ran into this issue it has been a TCP/IP stack problem. Before XP we use to just completely remove the TCP/IP protocol and re-install it, but XP doesn't really allow that to occur(hence the netsh commands).

I hate to suggest this especially since you just cleaned out the PC, but remove the security software(anything that would act like a filter or firewall) and see what happens.

 

Unfortunately that didn't work either. I had already tried disabling Windows Firewall (the only firewall on the machine) and I had also disalbed Avast Antivirus early on as well. Neither worked.

Just to be sure I totally unistalled avast antivirus and it made no difference.

 

I know very little about networking. What do you mean when you you say: "If I enter an IP address the browers will give me at least some form of attempt at displaying a website". How much of an attempt do you get?

I'm wondering if it would be worth installing a torrent program such as utorrent and attempting to download something safe and fast like OpenOffice by way of torrent. Then you could verify that you indeed have a connection to the internet running at your normal DSL speeds. If you get normal DSL download speeds +200kB/s then the problem is browser network settings related.

Like I said I don't know much about the technical settings for networking but I would want to be sure I was truly connected to the internet. If pinging specific IPs gives you this information then just ignore this suggestion.

 

Well I definitely don't know much about networking either. But this is driving me crazy. I have 2 other Desktops connected wired to the same router and the connection is fine. A laptop also flawlessly still picks up the wireless connection just fine as well.

On the affected PC, the LAN shows as connected, shows internet connection but it won't connect to the internet via an internet browser.

At a command prompt I can ping a site like Yahoo.com..but ONLY via IP address. If I type in ping 72.30.2.43 (Yahoo's ip) I get the following response:

Reply from 72.30.2.43: bytes 32 time=294ms TTL=57
Reply from 72.30.2.43: bytes 32 time=273ms TTL=57
Reply from 72.30.2.43: bytes 32 time=326ms TTL=57
Reply from 72.30.2.43: bytes 32 time=316ms TTL=57

Ping Stats for 72.30.2.43
Packets sent =4 rec'd =4 lost =0

However..if at a command prompt I type "ping www.yahoo.com" I get the following response:
Ping request could not find host www.yahoo.com. Please check the nae and try again.


Likewise in my browsers if I just type a domain "www.yahoo.com" I'll get nothing. In my internet browser if I type yahoo's ip address "http://72.30.2.43" it slowly loads a yahoo homepage but w/o images and only text.

I also remember when I had avast installed (just temporarily installed to see if antivirus software was a factor) it would connect directly to the avast server for virus database updates. The connection there seemed normal speed.


I have a restore point in system restore when I still had remnants of the malware but internet was working fine. I was desperate enough to revert to that point earlier this evening but I can't even do that. I rarely need system restore but I just discovered it's not working. When I click to try the system restore it says it's encountered a problem and must close.

 

Most of this reads like a DNS problem. Try setting the problem PCs' network adapter TCP/IP settings to use OpenDNS, 208.67.222.222 and 208.67.220.220.

 

I think I have it fixed. What a nightmare! :hammer

Nothing was working and I had read several posts on the internet about people with the same situation needing to format and reinstall the entire OS for things to go back to normal.

Before I did that I decided to do a repair install of XP...which I had already tried at one point. This time I deleted my browsers (IE 8 and Firefox) before doing that. I did the repair install and found it didn't change the problem. Now I had reverted myself back to IE 6 and Windows SP1. I figured I might as well get myself back to where i was before the repair install attempt and I threw in my SP3 install disc. I did that install, rebooted and bingo! Everything worked!??:confused

I have no idea why that made the difference. Especially since I had checked the settings for both browsers no less than 6 times to make sure I hadn't missed a proxy connection checked or something stupid like that. I had even reset browser settings back to default a couple of times yesterday just to make sure I wasn't missing something. All the TCPIP settings and all the settings relating to the LAN are just the same as I had them.

I had tried EVERYTHING. Pretty much anything within the first 20 pages of google search results I had tried. If this didn't work i was going to throw in the towel, back up what I needed and format and re-install. In the long run it would have been less work anyway

Thanks so much for all the suggestions guys! I can only hope it stays fixed and I don't need to ask for help again!