Re: Network connection problems

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 09/22/04 

Date: Wed, 22 Sep 2004 13:40:12 -0500

Sounds like you have some sort of infection. I would try to get a second opinion as
far as malware is concerned and try some of the free tools from SysInternals to see
if you can track down for info on the process. Download TCPView, Process Explorer,
and Autoruns. These tools will give you detailed info on port use including process
mapping, detailed info on processes, and show all the various startup programs
configured on your computer including the option to try to disable startup programs.
Information you find can be helpful in identifying the problem or malware name which
may be needed to use a special removal tool.

http://www.sysinternals.com/ntw2k/source/tcpview.shtml

Trend Micro has a free Sysclean utility that scans and removes many common malwares.
See the links below and download Sysclean and the pattern file into the same folder
to execute them from. I also recommend that if you are using cable/dsl that you
consider using a NAT router/firewall instead of a computer as the gateway. The
Netgear ProSafe line is a real SPI firewall that is very affordable for SOHO use and
has basic abilities to manage outbound traffic also. --- Steve

http://www.trendmicro.com/download/dcs.asp
http://www.trendmicro.com/download/pattern.asp
http://www.microsoft.com/smallbusiness/gtm/securityguidance/hub.mspx -- MS small
business security guidance.
http://www.microsoft.com/technet/security/guidance/avdind_0.mspx -- MS Antivirus
Defense-in-depth Guide.

"Tim Payne" <tim@branded3.com> wrote in message
news:Oln4soIoEHA.3988@tk2msftngp13.phx.gbl...
>I wonder if I could trouble you guys for some advice?
>
> We have a machine that acts as the internet gateway for our office. This week it's
> been behaving rather oddly. It seems to be clogging the network so that all the
> other machines in the office struggle to connect to the internet (and if left on
> long enough causes problems for the entire building), and when they do get access
> is very slow and things like images don't load. Access the sites or FTP from the
> gateway box works fine as you'd expect, but for everyone else access is
> intermittent.
>
> I've checked the machine for viruses and trojans, but can't seem to find anything
> obvious. The only suspicious thing is that about the time this started we get a
> blank 'ok' confirmation box at startup. It shows up in the event log, but doesn't
> have any information against the event, other than 'Application Popup: :' as the
> name of the event. Running Spy++ on the alert seems to indicate that it's being
> spawned by the CSRSS process, but it's slightly suspicious that it's only started
> doing this at the same time that we've been having network problems.
>
> Another odd issue is that some websites that can be acccessed fine on the gateway
> box, come up with DNS errors on the other machines on the network.
>
> Does anyone have any ideas what this could be? Networking's not my strongest point,
> and I'm running out of ideas! Any help greatly appreciated.
>
> :)
>
> Tim.
>
>