A friend of mine has a dial-up connection. She had been having issues with her modem randomly disconnecting her from the internet; she had to reboot the computer in order to be reconnected. Someone she knows advised her that it might be a trojan. She ended up asking me to take a look at it.
I went to her house, downloaded Malware Bytes (yes, it took forever), and ran the program. Tons of spyware and a couple of trojans to remove. I didn't take down the names of the trojans, but I had MB remove them. Rebooted, scanned again, no issues found except that her firewall is off and she has no antivirus software.
I then took her computer to my parents' shop so I could connect to broadband, install XP SP3, AVG Anti-Virus, and IE8. This did not work as planned, but ultimately, I was able to get the installs I wanted by transferring installation files via USB key. Also, I want to note that I'm very confident that the trojan is gone at this point, so I'm not worried about hooking the computer up to the network and I did not have any further virus/trojan issues today. I ran Malware scans on her computer and the other two computers on the network after I finished to be sure. This is where the weirdness came in.
Any other computer I've hooked up to this network is an easy plug and play ... I hook up the ethernet cable, connect computer to router, BOOM, done. Internet Explorer connects with no problems.
So I did what I normally do and IE6 will not connect to any website. I focus on trying to connect to the normal homepage, yahoo.com.
I check ipconfig ... DHCP is pulling just fine, addresses are assigned, no ip conflicts, gateway and subnet are correct, no issues there. Toggled the firewall just in case there was an issue there, no change.
I ping the router, the modem and yahoo.com with no issues. Unable to ping other computers on the private network, but not too concerned about that. I then took the IP address that returned from yahoo.com, pinged it and also got a response. So DNS seems to be working.
Entered the Yahoo IP address into IE's address bar ... "Page cannot be displayed." Same error as when I try to connect to yahoo.com. This in spite of me being able to ping both.
I checked all of IE's internet option settings, nothing is out of the ordinary. No proxies set up, toggled Automatically Detect Settings under LAN Settings, no response either way.
At this point, I figure that maybe the Trojan did something to damage the related registry values, so I run winsockfix.exe to make any repairs. No issues in running it, but it also doesn't resolve the problem.
Went into Device Manager; there are three devices listed. A wireless network card (disabled, no wireless where she lives now), a Realtek network card (factory standard, enabled, firewalled), and something just called "Network Controller" which has the alert symbol.
Checked out the Network Controller information. No drivers installed for it and it is unidentified. I ran a general device identifier program which says that this is an RAS Async Adapter. Can't find any drivers online and the little information I was able to find seem to indicate it was related to Visual Basic somehow. I may be completely wrong about this, so this is a potential hole in my troubleshooting.
At this point, I gave up on trying to connect via the network and just starting moving the installation files I wanted over by USB key. Everything is installed with no issues.
After installing IE8, I try to connect again. Still a complete failure.
My friend never connects through broadband, so this isn't a big deal to her and as far as I know, the computer is fine and she can still connect via dial-up. But it's driving me crazy, I have no idea why it won't connect when I can ping all sorts of websites outside of the network via domain name and ip address.
I don't have her computer anymore, she needs it for her job hunt and it's connecting on dialup with no more issues. So I can't do any more tests on it. At this point, all I'm wondering is if there's any further steps any of you would have taken, if there was anything obvious I missed, or potential solutions. I might have to go back and fix it later if she ever decides to switch to broadband, so basically I'm looking to pick some brains and find out what I may have done wrong in troubleshooting.
"I'm a mad god. The Mad God, actually. It's a family title. Gets passed down from me to myself every few thousand years."
Posts
A) the netshell repair, (netsh int ip reset reset.txt)
&
Uninstalling and reinstalling the driver for whichever of her network cards is the Ethernet controller. (this does seem to be the one place you saw unexpected things)
edit
&
C) maybe check to see if she's developed a #hosts file. spyware likes to use that to dns redirect you to their sites, and if you killed the spyware that could have fucked this up I think.