Networking Problem.

[Whizbang]

If no one "bugged" us, we would not be here.  I advise going through all the steps suggested for eliminating any possible hijacker, trojan or whatever.  

[Aaron_T]

ok rang up belkin they guided me through setting up the router from scratch, he told me to reset the router and follow his instructions, now the network is on and working, he told me to observe the connection for a while to see how it goes.

i asked him about why the connection keeps dropping and not working, the only explanation he could give was that it was possibly a confict with my cordless phone or any other transmission around the house, he told me in his experience i should keep the phone at least a few feet away from any wireless product and things should be ok.

im still not convinced, still i the process of getting rid of this broswer hjacker though :)

[Aaron_T]

sorry for all the double posts, but im updating as stuff happens.

ok the network died again, so i rang up belkin again.

For the first time the man asked me if i was using a firewall and if so what firewall was it, i told him that it was Zonealarm and he went silent for a few seconds and then told me that using Zonealarm was the reason the connection kept dropping/failing, he told me that the configuration that zonealarm uses was the same as the built in firewall which the router uses and this causes a conflict.

he assured me that this was the reason and told me to uninstall zonealarm one only one of the computers which were networked, he said the reason for this was so that i could monitor the difference between the computer with and the one without zonealarm installed.

He said he was 99% sure that the PC without Zonealarm would not have any connection problems whatsoever.

but as always im not so sure... we'll just have to see...

[Whizbang]

sorry for all the double posts, but im updating as stuff happens.

ok the network died again, so i rang up belkin again.

He said he was 99% sure that the PC without Zonealarm would not have any connection problems whatsoever.

but as always im not so sure... we'll just have to see...

I guess he is the expert, but I really doubt that is the problem.  Zone Alarm is the only aggressive firewall.  Once it is set to the restrictions and permissions you put in, it sees only the ports that the hardware firewall allows and does not compete because it just assumes that the incoming line is all that is available.  The only possible conflict I see that could happen is if one firewall is set to static IP and the other to dynamic, and they somehow cross information at times.  I just keep both set to DHCP and set the full range of IP addresses for the network as stated.  We will just have to see.   :-\

[Aaron_T]

well thats exactly what i thought, i also dont think zonealarm is the problem, i havent really been online enough to tell, but so far so good, no abnormal disconnections.

to clarify, he said something like zonealarm uses the same protocols as the firewall router and this causes the confict, he told me not to use mcafee because some people (not everyone) has had problems with that aswell.

i asked him to reccomend me a firewall which would work with the router and he said Norton, but he also said Sygate would be ok also.

[Aaron_T]

you were right whiz that wasnt the problem the connection failed again.

i rang them back up and he guied me through changing the wireless channel, and a few other tweaks but i can see that it simply isnt going to work.

sick of this every day :(

[popeye]

Who's your ISP? For example mine's SBC. I notice under control panel I now have "setup wireless network" I don't remember seeing option before installing SBC software about 2 months ago. But there's been so many MS updates it might of snuck in there sometime under MS. Do you have this  option in CP? If you installed ISP supplied security software there's no telling how many security programs you have running concurently. Whizbang helped me with my one network issue, that I had to add permissions via I.P.s in ZA in order for P.C.s to "see" each other. If your service allows for static I.P's you should use them. You could have anything from a weak P.S. for router to a flakey router. I'd send the router back under warranty. Or get advice on setup from your ISP's Help Desk. ja's advice is great about I.T. guy, but for what you pay him you can buy a wired router for your situation at Walmart for $39.95. You could have some envirenmental situation at your house that you'll play heck trying to figure out.

[Whizbang]

you were right whiz that wasnt the problem the connection failed again.

i rang them back up and he guied me through changing the wireless channel, and a few other tweaks but i can see that it simply isnt going to work.

sick of this every day :(

With all respect, due or undue, I think he is just "kicking the tires."  I will keep looking.  Be sure to "squash the bugs."

[Aaron_T]

ok before i take this router kit back and say its faulty im gonna have one more try, now i cant get rid of these pesty broswer hiajcker things, need a bit more help with that is thats ok.

plus i forgot to mention theres another internal network card which i didnt realise this PC had, could it be possible that this internal card is affecting the adapter somewhow, because no matter what i do i cant get rid of it ive even tried uninstalling it.

thanks for any more replies, i feel like im being a right pest at the moment.

[Bill]

Aaron
Someone suggested you run "Hijack This."  You should try it.  It creates a long report of what is running or present on you system  You can poast the log here and people will look at it for you.

Bill

[Aaron_T]

ok i have a variety of things, which i know shouldnt be there, and could be affecting the connection, i can see these files when i open up my computer and click C drive they are called:

is.exe
mmxateam.exe
low.exe
sw (MS-Dos Batch File)
tb.exe
xe.exe
zxvcc73x.exe

also i have monitored my connectiona little and found out that the connection stops responding between 25 and 30 minutes every time i connect up. Up until that point in time the connection works flawlessly.

this to me proves that this is no freak because it wouldnt be at a set time would it.

i have rang the place where i purchased the wireless equipment and they have said they will give me a full refund or exchange, which is a good backup i guess...

[Aaron_T]

just got a blue screen error message on my other PC, could these hijackers be affecting both PC's?

i dont think i'll ever find out exactly what is wrong with this, gonna change it for the BT router

[Whizbang]

ok i have a variety of things, which i know shouldnt be there, and could be affecting the connection, i can see these files when i open up my computer and click C drive they are called:

is.exe
mmxateam.exe
low.exe
sw (MS-Dos Batch File)
tb.exe
xe.exe
zxvcc73x.exe

also i have monitored my connectiona little and found out that the connection stops responding between 25 and 30 minutes every time i connect up. Up until that point in time the connection works flawlessly.

this to me proves that this is no freak because it wouldnt be at a set time would it.

i have rang the place where i purchased the wireless equipment and they have said they will give me a full refund or exchange, which is a good backup i guess...

OK.  Here is another post on another forum with exactly the same problem.  No definite solution was offered.

Lets start over again.  
Run MSCONFIG and copy every line down and poast here on this thread.

[Aaron_T]

how do i copy it?

i cannot right click and select copy, and my print screen button does not work.

[Whizbang]

You will need to type to Notepad text utility by hand.  Just type out the entries right by the check box.  Skip the details on each line until we look at the abreviated listl.

[Aaron_T]

NvCpl
nwiz
SOUNDMAN
ashDisp
RealPlay
p_981116
LVCOMS
jusched
ctfmon
MsnMsgr
Ares
swdoctor
Trojan Guarder Gold
4 blank spaces


Adobe Gamma Loader
Microsoft Office

[Whizbang]

Nothing incriminating there.

Apparently a worm has infected your computer.  This site identifies it as the mytob worm.  AVG antivirus was used to identify and remove.  AVG does a better job of worm removal than many of the other antivirus programs.

Reappearance first documented on October 19, 2005.  Run Google search for Mytob worm.  Many antivirus sites identify it.  If diagnosis and information is all correct, it is an emailing worm that speads via email without having email program active by using its own SMTP program and can be downloaded via backdoor from infected web sites.  Firewall and antivirus are mandatory because entry and exit are port specific.  Firewall will prevent infection from surfing.  Antivirus email scan will prevent email infection.

You might also run HijackThis to see where all of the executables are being activated.  Since the problem appears to be a worm, it has already spread and is tedious to remove, but not impossible.  Just like knitting, let's take it one stitch at a time.   :-\  

Free Zone Alarm firewall would detect any outgoing Internet activity that is unauthorized and prevent further infection, in addition to identifying the villain.

Without finding the "mother" worm engine, any attempt to remove the executables would be futile because they are regenerated from the "head," just like tapeworms.     :P

[Aaron_T]

yeah had a look on help2go, what can i do to eliminate this problem?

[Whizbang]

Since you have Norton installed, I would go to their site and use the recommended procedure.  That way, it would not conflict with their program.  

[Aaron_T]

i dont have norton installed, im using avast

[Whizbang]

here is Symantec recommended removal tool  It is a download, not a web page.  Be prepared to save to a download folder of your choice.

Oops, my mistake on the antivirus you have.  Many of us use AVG freebie.  You could still use the Symantec tool for removal of worm.

[Aaron_T]

i ran the removal tool and when it finished it said it couldnt find the mytob worm on my computer, i did the check while i was online could that be the problem?

[Aaron_T]

ran the scan whith internet off and the same effect, it says it has not found the mytob worm, this is very strange, why is this happening?

im going to get windows updates, see if they might help

[Whizbang]

I checked the Symantec site, and that worm is programmed to interfere with many antivirus programs.  I don't think it would matter whether you were online or not.

Check Zone Alarm to see what programs it is allowing to access the Internet.  If nothing turns up, Run HijackThis.

[Aaron_T]

well Whiz thanks for the help ive really appreciated it, but ive had quite enough of this now, im taking the router kit back tomorrow and getting the BT one, this one comes with an easy to use config and setup and also includes built in 128 WEP encryption which doesnt need to be activated.

i still need to get rid of this worm or whatever it is but i guess that will have to wait.

thanks for the help everyone especially you Whiz youve been great :)

sorry for me pesting you guys too.

[Whizbang]

No problem.  The following is what I would do to find any pest.

1)  Check ZA for allowed programs.
2)  Run HijackThis to try to find any illicit file.
3)  Update SpyBot and then run and immunize against threats.
4)  Turn off Avast while running the TrendMicro online antivirus program at the lower left of this page.
5)  Download AVG free antivirus and uncheck all startup entries for Avast.  Install AVG freebie, update, and run full scan.

I would stop at any point in this procedure where a program seems to have identified and removed the threat.  If step five is needed and proves to work, I would leave AVG installed and remove Avast antivirus.  Never install any program while running any antivirus.

From the drift of this poast, I am guessing that you got this computer from someone else and that the pest likely was already resident.  If that is the case, it has been burrowing for quite a while.

[Aaron_T]

thanks again whiz i'll try my best, yeah you are right, i got this computer of my mams friend and they diid have the internet on it a while ago, perhaps thats why they gave us the PC is does seem pretty good just to give away.

[Whizbang]

Until you can get an OS installation disk, see if you can scrounge up another hard drive to store what you have by using the manufacturer's disk copy utility to store the infected OS, while you are working with what you have.  There is the strong possibility that the computer has been so deeply penetrated that the removal of this pest may cause bootup problems that are almost impossible to resolve.

Do not do any important work regarding banking transactions, credit card use, or bill paying with this computer until it is free of this and/or any other trojan or virus.  Do not store financial account passwords or any other passwords involving purchasing or money transfer.  I have never believed that those critical passwords should ever be stored on a computer anyway.  

[Aaron_T]

hey again everyone, just to let you guys know i took back my belkin router and got the BT one like i said, everything is working great although speeds are a little low, but this is because of server upgrades by my ISP.

ive been connected to the internet now for 9 solid hours and none of what was happening before is now happening.

still havent managed to get rid of the browser hijackers but i will eventually.

thanks again to everyone for being so patient, i think the problem may finally be over now :)