A Windows 98 & ME forum. Win98banter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » Win98banter forum » Windows ME » Internet
Site Map Home Authors List Search Today's Posts Mark Forums Read Web Partners

Can't access Internet through network



 
 
Thread Tools Display Modes
  #1  
Old May 29th 04, 07:57 PM
matero
external usenet poster
 
Posts: n/a
Default Can't access Internet through network

I have been fighting this problem for more than a week!
I had trojan downloader.keenval.j. Browser kept trying
to default to incredifind, but could not access the
internet. It appears that I have been able to clean up
the trojan, but I still can't access the internet from
the previously infected computer. The other computers on
the network have no trouble. The infected computer can
access other computers on the network and other computers
can access it. Hijack This log follows:

Logfile of HijackThis v1.97.7
Scan saved at 12:44:02 PM, on 5/29/2004
Platform: Windows ME (Win9x 4.90.3000A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
D:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\TASKMON.EXE
D:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\CYB2K.EXE
D:\PROGRAM FILES\IE NEW WINDOW MAXIMIZER\IEMAXIMIZER.EXE
D:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
D:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
D:\PROGRAM FILES\ROCKET SOFTWARE\ROCKETTIME\ROCKETTIME.EXE
D:\PROGRAM FILES\D-LINK\D-LINK AIR UTILITY\UTILITY.EXE
D:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS
SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
D:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dll?
prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.alltel.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.microsoft.com/isapi/redir.dll?prd=
{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=hom e
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dll?
prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://www.msn.com
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://www.microsoft.com/isapi/redir.dll?
prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,
(Default) = http://www.google.com/keyword/%s
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings,ProxyServer = 192.168.0.103:3128
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - D:\PROGRAM FILES\ADOBE\ACROBAT 5.0
\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-
CF10577473F7} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-
009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE
TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ScanRegistry]
C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth]
C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\CYB2K.EXE
O4 - HKLM\..\Run: [IE New Window Maximizer] D:\Program
Files\IE New Window Maximizer\iemaximizer.exe
O4 - HKLM\..\Run: [AVG_CC] D:\PROGRA~1\GRISOFT\AVG6
\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] D:\PROGRA~1\ZONELA~1
\ZONEAL~1\zlclient.exe
O4 - HKLM\..\RunServices: [*StateMgr]
C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] D:\PROGRA~1
\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [TrueVector]
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: Rocket.Time.lnk = D:\Program Files\Rocket
Software\RocketTime\RocketTime.exe
O4 - Startup: D-Link Air Utility.lnk = E:\Program Files\D-
Link\D-Link Air Utility\Utility.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk =
D:\Program Files\Common Files\Microsoft Shared\Works
Shared\wkcalrem.exe
O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions present
O8 - Extra context menu item: &Google Search -
res://D:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page -
res://D:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages -
res://D:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links -
res://D:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page -
res://D:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1
\Plugins\NPDocBox.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1
\Plugins\NPBelv32.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
Class) -
http://v4.windowsupdate.microsoft.co...6/ansi/iuctl.C
AB?37880.4788194444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/s.../cabs/flash/sw
flash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
(Shockwave ActiveX Control) -
http://download.macromedia.com/pub/s.../cabs/director
/swdir.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C}
(ICSScannerLight Class) -
http://download.zonelabs.com/bin/free/cm/ICSCM.cab

It was suggested to someone with a similar problem that
port 80 could be blocked. How do I check this? How do I
unblock it?

I have no good restore points. I must fix this problem.
Please help!
  #2  
Old May 30th 04, 10:26 AM
Noel Paton
external usenet poster
 
Posts: n/a
Default Can't access Internet through network

You may have a virus/spyware hijack

download the Stinger from here and run it to make sure that A-V-disabling
viruses are not present on your PC
http://download.nai.com/products/mca...rt/stinger.exe

- update your virus scanner and run a full system scan of all files.

Reboot to Safe Mode and run CWShredder - to remove variants of the
CoolWebSearch hijacker.
http://www.merijn.org/cwschronicles.html

Use CWShredder, the removal tool:
http://www.merijn.org/files/cwshredder.zip
http://www.merijn.org/files/CWShredder.exe
http://www.spywareinfo.com/downloads...CWShredder.exe
http://www.zerosrealm.com/downloads/CWShredder.zip

download AdAware from www.lavasoftusa.com, install, update, and run it to
remove spyware, adware,
and other such nasties from your system.

Then see how your system responds- re-run HiJackThis and post back with the
new log

--
Noel Paton (MS-MVP 2002-2004, Win9x)

Nil Carborundum Illegitemi
http://www.btinternet.com/~winnoel/millsrpch.htm

Please read http://dts-l.org/goodpost.htm on how to post messages to NG's
or
http://www.microsoft.com/presspass/f.../Mar27pmvp.asp
"matero" wrote in message
...
I have been fighting this problem for more than a week!
I had trojan downloader.keenval.j. Browser kept trying
to default to incredifind, but could not access the
internet. It appears that I have been able to clean up
the trojan, but I still can't access the internet from
the previously infected computer. The other computers on
the network have no trouble. The infected computer can
access other computers on the network and other computers
can access it. Hijack This log follows:

Logfile of HijackThis v1.97.7
Scan saved at 12:44:02 PM, on 5/29/2004
Platform: Windows ME (Win9x 4.90.3000A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
D:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\TASKMON.EXE
D:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\CYB2K.EXE
D:\PROGRAM FILES\IE NEW WINDOW MAXIMIZER\IEMAXIMIZER.EXE
D:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
D:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
D:\PROGRAM FILES\ROCKET SOFTWARE\ROCKETTIME\ROCKETTIME.EXE
D:\PROGRAM FILES\D-LINK\D-LINK AIR UTILITY\UTILITY.EXE
D:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS
SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
D:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dll?
prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.alltel.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.microsoft.com/isapi/redir.dll?prd=
{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=hom e
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dll?
prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://www.msn.com
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://www.microsoft.com/isapi/redir.dll?
prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,
(Default) = http://www.google.com/keyword/%s
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings,ProxyServer = 192.168.0.103:3128
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - D:\PROGRAM FILES\ADOBE\ACROBAT 5.0
\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-
CF10577473F7} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-
009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE
TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ScanRegistry]
C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth]
C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\CYB2K.EXE
O4 - HKLM\..\Run: [IE New Window Maximizer] D:\Program
Files\IE New Window Maximizer\iemaximizer.exe
O4 - HKLM\..\Run: [AVG_CC] D:\PROGRA~1\GRISOFT\AVG6
\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] D:\PROGRA~1\ZONELA~1
\ZONEAL~1\zlclient.exe
O4 - HKLM\..\RunServices: [*StateMgr]
C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] D:\PROGRA~1
\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [TrueVector]
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: Rocket.Time.lnk = D:\Program Files\Rocket
Software\RocketTime\RocketTime.exe
O4 - Startup: D-Link Air Utility.lnk = E:\Program Files\D-
Link\D-Link Air Utility\Utility.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk =
D:\Program Files\Common Files\Microsoft Shared\Works
Shared\wkcalrem.exe
O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions present
O8 - Extra context menu item: &Google Search -
res://D:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page -
res://D:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages -
res://D:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links -
res://D:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page -
res://D:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1
\Plugins\NPDocBox.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1
\Plugins\NPBelv32.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
Class) -
http://v4.windowsupdate.microsoft.co...6/ansi/iuctl.C
AB?37880.4788194444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/s.../cabs/flash/sw
flash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
(Shockwave ActiveX Control) -
http://download.macromedia.com/pub/s.../cabs/director
/swdir.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C}
(ICSScannerLight Class) -
http://download.zonelabs.com/bin/free/cm/ICSCM.cab

It was suggested to someone with a similar problem that
port 80 could be blocked. How do I check this? How do I
unblock it?

I have no good restore points. I must fix this problem.
Please help!



 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot access internet with 1 pc thru router.... BOB Internet 0 July 22nd 04 03:06 AM
unable to access network properties Emm Kay Networking 0 June 24th 04 04:07 AM
Network Access Win98 Mat Networking 0 June 22nd 04 01:55 PM
i can log onto the network but not access the internet jbr Networking 0 June 17th 04 12:28 AM
Internet Access Bernie Internet 1 June 5th 04 11:00 AM


All times are GMT +1. The time now is 04:37 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 Win98banter.
The comments are property of their posters.