Re: strange characters in ping results
From: Bryan Holland (bholland_at_rpjktech.com)
Date: 09/15/04
- Next message: Matt Hickman: "VT1005v, Bridging, DHCP, DNS and Wireless"
- Previous message: anonymous_at_discussions.microsoft.com: "Re: windows xp direct parallel connection"
- In reply to: Chuck: "Re: strange characters in ping results"
- Next in thread: Chuck: "Re: strange characters in ping results"
- Reply: Chuck: "Re: strange characters in ping results"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 15 Sep 2004 13:24:49 -0500
Thanks Chuck. It was a corrupt winsock, or more specifically, more mal-ware
that had not been detected. The second KB article helped me solve the
problem.
"Chuck" <none@example.net> wrote in message
news:ubugk0lcf5o9s7688vch6a61sg47btu9kf@4ax.com...
> On Wed, 15 Sep 2004 12:08:44 -0500, "Bryan Holland"
<*email_address_deleted*>
> wrote:
>
> >I have a Windows XP home workstation that cannot browse the Internet. I
> >have verifed the IP configuration, including DNS addresses. I can
> >sucessfully ping my local address, gateway, and remote host. I can
resolve
> >domain names with the nslookup utility. Yet, I cannot browse by entering
> >either a domain name or known web server IP address as a URL.
> >
> >The one strange symptom that I see is that I the ping utility has strange
> >charachters that show up. The first line after you hit enter is supposed
to
> >say: "pinging 127.0.0.1 with 32 bytes of data" However, rather than
> >displaying the IP address is has a solid right arrow symbol. Also in the
> >line that states: "Ping statistics for 127.0.0.1:" the IP address is
> >replaced by random ASCII characters.
> >
> >I have performed a full virus scan, and performed mal-ware scan with
spybot
> >S&D and ad-aware. Mutliple mal-war items were fixed.
> >
> >Any suggestions?
> >
> >thanks,
> >Bryan
>
> Bryan,
>
> You did update Spybot before scanning?
>
> Possible Winsock corruption. DNS resolution ("random ASCII characters")
is
> affected by the LSP / Winsock subsystem.
> http://support.microsoft.com/?id=318584
> http://support.microsoft.com/?id=811259
>
> Give LSP-Fix and WinsockLSPFix a shot <http://www.cexx.org/lspfix.htm>
>
> Do you have XP SP2? Start - Run - "cmd". Type "netsh winsock reset
catalog"
> into the command window.
>
> Then reset TCP/IP.
> http://support.microsoft.com/?id=299357
>
> Start - Run - "cmd". Type "netsh int ip reset c:\netsh.txt" into the
command
> window.
>
> Reboot afterwards.
>
> Then do an extended malware check. Spybot is good, but it may not be the
only
> tool needed. Look for a hosts based hijack first.
>
> Search your entire system drive, including hidden and system folders, for
file
> "hosts". There is one legit copy, in C:\WINDOWS\system32\drivers\etc\.
The
> others are possibly bogus, and part (but just part) of the problem.
Examine the
> contents of each copy found, using Notepad. (HINT: Scroll to the end of
each
> Hosts file, by hitting Ctrl-End, then back up to the top, page by page,
before
> deciding that the file is empty. Look out for blank lines at the
beginning and
> end of the file, after localhost, placed there by an exploit!)
>
> Try one or more of these free online virus scans, which should complement
your
> current protection:
> <http://www.bitdefender.com/scan/license.php>
> <http://www.pandasoftware.com/activescan>
> <http://www.ravantivirus.com/scan/>
> <http://security.symantec.com/ssc/home.asp>
> <http://housecall.trendmicro.com/housecall/start_corp.asp>
>
> Now check for, and learn to defend against, additional problems - adware,
> crapware, spyware.
>
> Start by downloading each of the following additional free tools:
> AdAware <http://www.lavasoftusa.com/>
> CWShredder <http://www.majorgeeks.com/download4086.html>
> CoolWWWSearch.SmartSearch (v1/v2) MiniRemoval
> <http://www.majorgeeks.com/download4113.html>
> HijackThis <http://www.majorgeeks.com/download.php?det=3155>
> LSP-Fix and WinsockLSPFix <http://www.cexx.org/lspfix.htm>
> Stinger <http://us.mcafee.com/virusInfo/default.asp?id=stinger>
>
> Create a separate folder for HijackThis, such as C:\HijackThis - copy the
> downloaded file there. AdAware and Spybot S&D have install routines - run
them.
> The other downloaded programs can be copied into, and run from, any
convenient
> folder.
>
> First, run Stinger. Have it remove any problems found.
>
> Next, close all Internet Explorer and Outlook windows, and run
> CoolWWWSearch.SmartSearchMiniRemoval, then CWShredder. Have the latter
fix all
> problems found.
>
> Next, run AdAware. First update it ("Check for updates now"), configure
for
> full scan (<http://www.lavahelp.com/howto/fullscan/>), then scan. When
scanning
> finishes, remove all Critical Objects found.
>
> Next, run Spybot S&D again. First update it ("Search for updates"), then
run a
> scan ("Check for problems"). Trust Spybot, and delete everything ("Fix
> Problems") that is displayed in Red.
>
> Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save
the
> HJT Log.
> <http://forums.spywareinfo.com/index.php?showtopic=227>
>
> Finally, have your HJT log interpreted by experts at one or more of the
> following security forums (and please post a link to your forum posts,
here):
> Aumha: <http://forum.aumha.org/index.php>
> Net-Integration: <http://forums.net-integration.net/>
> Spyware Info: <http://forums.spywareinfo.com/>
> Spyware Warrior: <http://spywarewarrior.com/index.php>
> Tom Coyote: <http://forums.tomcoyote.org/>
>
> If removal of any spyware affects your ability to access the internet
(some
> spyware builds itself into the network software, and its removal may
damage your
> network), run LSP-Fix and / or WinsockXPFIx.
>
> Finally, improve your chances for the future.
>
> Harden your browser. There are various websites which will check for
> vulnerabilities, here are three which I use.
> http://www.jasons-toolbox.com/BrowserSecurity/
> http://bcheck.scanit.be/bcheck/
> https://testzone.secunia.com/browser_checker/
>
> Block Internet Explorer ActiveX scripting from hostile websites
(Restricted
> Zone).
> <https://netfiles.uiuc.edu/ehowes/www/main.htm> (IE-SpyAd)
>
> Block known dangerous scripts from installing.
> <http://www.javacoolsoftware.com/spywareblaster.html>
>
> Block known spyware from installing.
> <http://www.javacoolsoftware.com/spywareguard.html>
>
> Make sure that the spyware detection / protection products that you use
are
> reliable:
> http://www.spywarewarrior.com/rogue_anti-spyware.htm
>
> Harden your operating system. Check at least monthly for security
updates.
> http://windowsupdate.microsoft.com/
>
> Block possibly dangerous websites with a Hosts file. Three Hosts file
sources I
> use:
> http://www.accs-net.com/hosts/get_hosts.html
> http://www.mvps.org/winhelp2002/hosts.htm
> (The third is included, and updated, with Spybot (see above)).
>
> Maintain your Hosts file (merge / eliminate duplicate entries) with:
> eDexter <http://www.accs-net.com/hosts/get_hosts.html>
> Hostess <http://accs-net.com/hostess/>
>
> Secure your operating system, and applications. Don't use, or leave
activated,
> any accounts with names or passwords with trivial (guessable) values.
Don't use
> an account with administrative authority, except when you're intentionally
doing
> administrative tasks.
>
> Use common sense. Yours. Don't install software based upon advice from
unknown
> sources. Don't install free software, without researching it carefully.
Don't
> open email unless you know who it's from, and how and why it was sent.
>
> Educate yourself. Know what the risks are. Stay informed. Read Usenet,
and
> various web pages that discuss security problems. Check the logs from the
other
> layers regularly, look for things that don't belong, and take action when
> necessary.
>
> And Bryan, please don't contribute to the spread and success of email
address
> mining viruses. Learn to munge your email address properly, to keep
yourself a
> bit safer when posting to open forums. Protect yourself and the rest of
the
> internet - read this article.
> http://www.mailmsg.com/SPAM_munging.htm
>
> Cheers,
> Chuck
> Paranoia comes from experience - and is not necessarily a bad thing.
- Next message: Matt Hickman: "VT1005v, Bridging, DHCP, DNS and Wireless"
- Previous message: anonymous_at_discussions.microsoft.com: "Re: windows xp direct parallel connection"
- In reply to: Chuck: "Re: strange characters in ping results"
- Next in thread: Chuck: "Re: strange characters in ping results"
- Reply: Chuck: "Re: strange characters in ping results"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
