A Problem...
Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: A Problem...

  1. #1
    Junior Member
    Join Date
    Mar 2005
    Posts
    5

    A Problem...

    Hello all,
    I am a long time lurker, and I now have reason to submit my latest conundrum for public comment. Hopefully I can gain some insight.

    The Situation:
    A friend's laptop (XP Home) was running slowly. He suspected malware, a virus, or much worse. Noting that the laptop only had 256 mb of ram, I advised increasing that to 512. The laptop ran better. The laptop, running behind a router with both encrypted wireless and Cat 5 connections available, lacked a firewall and antivirus program. However, my friend always uses the limited user account and Firefox. So, in spite of the missing critical elements, his practices are relatively safe. (Nor does he have a penchant for Russian porn sites.....)

    At his request, I shut down some non essential in services.msc (nothing network related), installed AdAware and Spybot, ran those and only came up with data mining cookies and Alexa toolbar related stuff. All were removed. I then installed Avast antivirus and Agnitum firewall.

    At this point, life was good. Connectivity (browser and e-mail) was fine in both the admin and limited users' accounts.

    The Results:
    Four hours after I left, wireless connectivity was lost, although the Cat 5 connectivity was fine for all accounts. However, when he started or closed the browser, he would get the messgae "aupdate can't open log file."

    As a starting point, I suggested looking at ipconfig to check the connectivity. The wireless, Cat 5 and gateway addresses all show up, as well as 169.254.178.127 showing up sporadically, which I understand to be a reserved local link address. The wireless card reported a decent connection, but it then showed that packets were being sent yet none were being received.

    Things have gone downhill since. Neither the wireless or Cat 5 is providing connectivity.

    My Suspicions (and Confusion):
    1) Should I do a more thorough job of running the spware utilities and antivirus? Other utilities?
    2) Could the installation of Avast and Agnitum have brought down the connection(s)? I did get a couple of statements from my friend to the effect of "a box appeared-I clicked on it-I don't know what happened." In other words, could my friend's lack of understanding, expecially of the firewall, have led to the destruction of the connections?
    3) So, I am trying to form a methodical plan to solve the problem.
    a- Should I rerun a set of malware/spware utitilites, given the "aupdate log file" message?
    I found no evidence of a browser hijack, backdoor, key logger etc.
    b- Should I unistall Avast and Agnitum? I was worried that my friend would not understand
    these products. Or, is the firewall, especially if my friend managed to create an incorrect rule,
    the culprit? This begs a question: since these products are price friendly, which products (free)
    would be best for a less than savvy user?
    c- Will networking have to be reestablished from the ground up?

    Thanks.

  2. #2
    AO Curmudgeon rcgreen's Avatar
    Join Date
    Nov 2001
    Posts
    2,716
    My guess is that it is a configuration problem, since
    it happened right after you made changes. Try disabling
    the firewall and going through all the network
    config stuff. Or do a system restore, back to before
    you installed the AV and firewall.
    I came in to the world with nothing. I still have most of it.

  3. #3
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    I love how people install all of this "Helpfull" software for other people who don't understand it and then wonder why problems occur.

    OK, first off, software Windows firewalls, generally have pop ups, or they did back when I used Windows / Software firewalls in Windows. Like it would ask can this program do this? He said something popped up, which was probably a service asking can it do something, he probably said no, and now it doesn't work... Shocking....

    Uninstall the firewall, uninstall the anti virii, turn the services you shut down back on.... It's maybe going to work after that. Then, reinstall the Anti Virii software. Let that update, and make sure it works. Then, shut down services one at a time until you have whatever you shut down as shut down and if it's still working, you can safely assume the firewall had a pop up and he didn't read it.

  4. #4
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    you can safely assume the firewall had a pop up and he didn't read it.
    This is most likely your issue

    I think Gore has nailed it

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  5. #5
    Junior Member
    Join Date
    Mar 2005
    Posts
    5
    Gore,
    I had some suspicions that my recovery process would be similar to yours, less the cynical sarcasm about helpful software. I suppose I should not have installed anti virus and a firewall on the computer, on the assumption that the user was a moron and that it would only complicate matters?
    Perhaps the real concern is educating users to the learning curve of firewall pop ups?

  6. #6
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    Hi and a belated welcome to AO...

    have you tried doing any of these scans in "Safe Mode", one thing you can try is to go into Safe Mode with Networking option see if you have any connection problems then.

    If you are able to go online, I would then recommend a Housecall and let them scan your PC and follow their prompts.


    As for services
    Elder Geek services info

    Or you can do a System Restore to the point before all of these changes and maybe this will reset everything back to normal....
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  7. #7
    Junior Member
    Join Date
    Mar 2005
    Posts
    5
    I did try to boot to Safe Mode with Networking at the very beginning of the whole process. The computer stalled. In regular mode, I tried to Housecall and that too stalled. I ran Avast, and it came up clean.

  8. #8
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    I had some suspicions that my recovery process would be similar to yours, less the cynical sarcasm about helpful software
    Dont take it personally....Gore is far to cynical for his age....most of us are used to it.

    As for "software" firewalls...I personally dont like them ...as most users dont understand how to use them. When helping out friends\relatives with securing thier internet connections...I reccommend NAT routers....which filter out most of the garbage out there, a good AV\ASW...and regular system updates

    Heres a great site to reccommend to users....if they are interested...just found it myself this morning
    http://www.malwarehelp.org/

    I also*** TRY*** to explain to them about thier surfing and email habits and the importance of updating the system\av\asw etc regularly.

    If it is a laptop and they travel with it...I just enable the XP firewal...and pray that they do not get infected by some hotels un secured\malware infested network

    and if they do....I fix it for them...keeps me in a job...and wine

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  9. #9
    Junior Member
    Join Date
    Mar 2005
    Posts
    5
    Morgan,
    My friend Charlie is a retired math professor. The latop doesn't travel. His computing practices are sound. He is trying to broaden his knowledge at this point. I sure as heck wasn't going to start preaching about IPTABLES on a Linux gateway to him.

  10. #10
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Professors are the worse students. You said he was already behind a router.... Why install a software firewall that he knows nothing about when one interface is between him and the net already?

    Second, why would you need to talk about Linux in this at all? Or IPTables? what does this have to do with a gateway?...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •