Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

How do I determine if an attack has occured? [RESOLVED]


  • This topic is locked This topic is locked

#31
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Did you look in the Device Manager for the other bit? If you're not sure how, in the Control Panel, click on System | Hardware tab | Device Manager.

eddie
  • 0

Advertisements


#32
HamWest

HamWest

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
there are no other items marked w/ either ! or ?. The listing I mentioned does have a red X.
  • 0

#33
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Okay, in the Device Manager, try rightclicking on the adapter and selecting Enable. Does it allow it to be enabled? If so, see if that helps.
  • 0

#34
HamWest

HamWest

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Yes, enabled caused the network card to turn on. The Network Connections folder is empty and the Printer and Faxes folder is empty.
  • 0

#35
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Okay, lets run the repair:

TCP/IP stack repair options for use with Windows XP with SP2/SP3.

Start, Run, CMD to open a command prompt:

In the command prompt window that opens, type type the following commands:

Note: Type only the text in bold for the following commands.

Reset TCP/IP stack to installation defaults, type: netsh int ip reset reset.log

Reset WINSOCK entries to installation defaults, type: netsh winsock reset catalog

Reboot the machine.



Then post an IPCONFIG /ALL

Hold the Windows key and press R, then type CMD to open a command prompt:

In the command prompt window that opens, type type the following command:

Note that there is a space before the /ALL, but there is NOT a space after the / in the following command.

IPCONFIG /ALL

Right click in the command window and choose Select All, then hit Enter.
Paste the results in a message here.

If you are on a machine with no network connection, use a floppy, USB disk, or a CD-RW disk to transfer a text file with the information to allow pasting it here.

eddie
  • 0

#36
HamWest

HamWest

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
after the reboot the network adapater was off again - had an x over it in the dev manager. I did the ipconfig /all and it was blank. So i enabled again in dev manager and ran the ipconfig /all. Here is the entire results of both:

Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\FITZPATRICK>ipconfig /ALL

Windows IP Configuration


C:\Documents and Settings\FITZPATRICK>ipconfig /ALL

Windows IP Configuration

Host Name . . . . . . . . . . . . : DGR3TS51
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection
Physical Address. . . . . . . . . : 00-11-11-3E-6F-30
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 65.175.129.2

C:\Documents and Settings\FITZPATRICK>
  • 0

#37
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
This is starting to look like a bad Ethernet controller. What does you get in IPCONFIG with no cable connected?
  • 0

#38
HamWest

HamWest

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
C:\Documents and Settings\FITZPATRICK>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : DGR3TS51
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection
Physical Address. . . . . . . . . : 00-11-11-3E-6F-30

C:\Documents and Settings\FITZPATRICK>
  • 0

#39
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Okay, looking at the above, it says:

Media State . . . . . . . . . . . : Media disconnected

Media disconnected indicates the cable is disconnected. That can be a bad cable, bad port on the router, or perhaps a bad NIC in the machine.

Do you use this cable for your other pc? If so, we can rule that out.
You also say that you don't have a router, that its a lead straight from the phone line to your computer, if I'm right in thinking that.

So, it may be either down to the cable (if you have a spare one to test it with) or the Network card, which I believe is Onboard.


When you plug in the cable, have a look at the socket going into the pc, and make sure the green light is on, which means its connected with the NIC. I know on one I worked on, it was a little loose, so had to wiggle it around, until I saw the light, so to speak.

eddie

Edited by eddie5659, 15 September 2008 - 06:19 AM.

  • 0

#40
HamWest

HamWest

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
umm - I am a bit confused. You asked that I run IPCONFIG with the cable disconnected, so I unplugged the cable, which caused the media disconnected message. As soon as I plug the cable back in I get lights on the adapter.

I do have a router - my earlier comment was that this machine does not plug into a modem. It plugs into a switch that has 3 other computers plugged in. One of those computers is the router So this is a computer is connecting to a local network.
  • 0

Advertisements


#41
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Please supply the following info, exact make and models of the equipment please.

Make and exact model of the broadband modem.
Make and exact model and hardware version of the router (if a separate unit).
Model numbers can usually be obtained from the label on the device.
If wireless, encryption used, (none, WEP, WPA, or WPA2)
Version and patch level of Windows on all affected machines, i.e. XP-Home (or XP-Pro), SP1-SP2, Vista, etc.



  • If you're using a wireless connection, have you tried a direct connection with a cable to see if that changes the symptoms?
  • For wireless issues, have you disabled all encryption on the router to see if you can connect that way?
  • Have you connected directly to the broadband modem to see if this is a router or modem/ISP issue?
  • If there are other computers on the same network, are they experiencing the same issue, or do they function normally?




On each of the computers in the network, I'd also like to see this:

Hold the Windows key and press R, then type CMD (COMMAND for W98/WME) to open a command prompt:

Type the following commands:

NBTSTAT -n

IPCONFIG /ALL


Right click in the command window and choose Select All, then hit Enter.
Paste the results in a message here.

If you are on a machine with no network connection, use a floppy, USB disk, or a CD-RW disk to transfer a text file with the information to allow pasting it here.

Edited by eddie5659, 16 September 2008 - 01:06 AM.

  • 0

#42
HamWest

HamWest

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
There are three computers on this network that are running fine - it has been configured like this for 5 years. There is no wireless connection here. The fourth is the system we've been working on. It has been connected to this network while I've been working with you - it is owned by a friend.

The modem is a Motorola SB4010
The router is a Netopia R7200

A single machine connects the router to the network we are dealing with. It has two NICs in it, one connects to the router, the other connects to a network switch with the other three computers. The logs for this bridge system are:

NBTSTAT -n

Local Area Connection:
Node IpAddress: [90.0.0.1] Scope Id: []

NetBIOS Local Name Table
Name Type Status
---------------------------------------------
PYXIS <00> UNIQUE Registered
TMI <00> GROUP Registered
PYXIS <20> UNIQUE Registered
TMI <1E> GROUP Registered

Local Area Connection 2:
Node IpAddress: [65.175.202.173] Scope Id: []

NetBIOS Local Name Table
Name Type Status
---------------------------------------------
PYXIS <00> UNIQUE Registered
TMI <00> GROUP Registered
PYXIS <20> UNIQUE Registered
TMI <1E> GROUP Registered
TMI <1D> UNIQUE Registered
..__MSBROWSE__.<01> GROUP Registered


IPCONFIG /ALL

Windows IP Configuration

Host Name . . . . . . . . . . . . : pyxis
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter
Physical Address. . . . . . . . . : 00-10-B5-48-13-58
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 90.0.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : fe80::210:b5ff:fe48:1358%4
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2
fec0:0:0:ffff::2%2
fec0:0:0:ffff::3%2

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4)
Physical Address. . . . . . . . . : 00-04-5A-8B-54-76
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 65.175.202.173
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : fe80::204:5aff:fe8b:5476%5
Default Gateway . . . . . . . . . : 65.175.202.1
DHCP Server . . . . . . . . . . . : 65.175.141.7
DNS Servers . . . . . . . . . . . : 65.175.128.46
65.175.128.47
fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
Lease Obtained. . . . . . . . . . : Wednesday, September 17, 2008 8:45:24 AM
Lease Expires . . . . . . . . . . : Thursday, September 18, 2008 8:45:24 AM

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 80-00-F9-6A-BE-50-35-52
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%6
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter 6to4 Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6to4 Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 41-AF-CA-AD
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 2002:41af:caad::41af:caad
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter 6to4 Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6to4 Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 5A-00-00-01
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 2002:5a00:1::5a00:1
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2
fec0:0:0:ffff::2%2
fec0:0:0:ffff::3%2
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Automatic Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 41-AF-CA-AD
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : fe80::5efe:65.175.202.173%2
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Automatic Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 5A-00-00-01
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : fe80::5efe:90.0.0.1%2
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2
fec0:0:0:ffff::2%2
fec0:0:0:ffff::3%2
NetBIOS over Tcpip. . . . . . . . : Disabled

And the logs for computer A on the switch:

Local Area Connection:
Node IpAddress: [90.0.0.5] Scope Id: []

NetBIOS Local Name Table

Name Type Status
---------------------------------------------
SASHA <00> UNIQUE Registered
TMI <00> GROUP Registered
SASHA <20> UNIQUE Registered
TMI <1E> GROUP Registered
TMI <1D> UNIQUE Registered
..__MSBROWSE__.<01> GROUP Registered

IPCONFIG /ALL

Windows IP Configuration

Host Name . . . . . . . . . . . . : SASHA
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : tmi.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : tmi.com
Description . . . . . . . . . . . : Intel® 82562V-2 10/100 Network Connection
Physical Address. . . . . . . . . : 00-1D-09-80-2D-57
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 90.0.0.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 90.0.0.1
DHCP Server . . . . . . . . . . . : 90.0.0.1
DNS Servers . . . . . . . . . . . : 90.0.0.1
Lease Obtained. . . . . . . . . . : Wednesday, September 17, 2008 8:43:01 AM
Lease Expires . . . . . . . . . . : Sunday, September 21, 2008 8:43:01 AM

And the logs for computer B on the switch:

Local Area Connection:
Node IpAddress: [90.0.0.4] Scope Id: []

NetBIOS Local Name Table

Name Type Status
---------------------------------------------
TIGGER2 <00> UNIQUE Registered
TMI <00> GROUP Registered
TIGGER2 <20> UNIQUE Registered
TMI <1E> GROUP Registered

Windows IP Configuration

Host Name . . . . . . . . . . . . : Tigger2
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : tmi.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : tmi.com
Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection
Physical Address. . . . . . . . . : 00-16-76-63-0E-21
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 90.0.0.4
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : fe80::216:76ff:fe63:e21%4
Default Gateway . . . . . . . . . : 90.0.0.1
DHCP Server . . . . . . . . . . . : 90.0.0.1
DNS Servers . . . . . . . . . . . : 90.0.0.1
fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
Lease Obtained. . . . . . . . . . : Tuesday, September 16, 2008 9:21:11 PM
Lease Expires . . . . . . . . . . : Saturday, September 20, 2008 9:21:11 PM

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter 6to4 Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . : tmi.com
Description . . . . . . . . . . . : 6to4 Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 5A-00-00-04
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 2002:5a00:4::5a00:4
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Automatic Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . : tmi.com
Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 5A-00-00-04
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : fe80::5efe:90.0.0.4%2
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Disabled
  • 0

#43
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Okay, what I'm going to do is as there is no malware present now, is suggest you create a new thread here:

http://www.geekstogo...2003-NT-f5.html

And the Tech guys can help on this issue. Just point them here to explain about what we've done, and hopefully they can solve it.

I'll close this one when you've replied here :)

eddie
  • 0

#44
HamWest

HamWest

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Ok - thanks for your help!
  • 0

#45
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP