A Problem...

Hello all,
I am a long time lurker, and I now have reason to submit my latest conundrum for public comment. Hopefully I can gain some insight.

The Situation:
A friend's laptop (XP Home) was running slowly. He suspected malware, a virus, or much worse. Noting that the laptop only had 256 mb of ram, I advised increasing that to 512. The laptop ran better. The laptop, running behind a router with both encrypted wireless and Cat 5 connections available, lacked a firewall and antivirus program. However, my friend always uses the limited user account and Firefox. So, in spite of the missing critical elements, his practices are relatively safe. (Nor does he have a penchant for Russian porn sites.....)

At his request, I shut down some non essential in services.msc (nothing network related), installed AdAware and Spybot, ran those and only came up with data mining cookies and Alexa toolbar related stuff. All were removed. I then installed Avast antivirus and Agnitum firewall.

At this point, life was good. Connectivity (browser and e-mail) was fine in both the admin and limited users' accounts.

The Results:
Four hours after I left, wireless connectivity was lost, although the Cat 5 connectivity was fine for all accounts. However, when he started or closed the browser, he would get the messgae "aupdate can't open log file."

As a starting point, I suggested looking at ipconfig to check the connectivity. The wireless, Cat 5 and gateway addresses all show up, as well as 169.254.178.127 showing up sporadically, which I understand to be a reserved local link address. The wireless card reported a decent connection, but it then showed that packets were being sent yet none were being received.

Things have gone downhill since. Neither the wireless or Cat 5 is providing connectivity.

My Suspicions (and Confusion):
1) Should I do a more thorough job of running the spware utilities and antivirus? Other utilities?
2) Could the installation of Avast and Agnitum have brought down the connection(s)? I did get a couple of statements from my friend to the effect of "a box appeared-I clicked on it-I don't know what happened." In other words, could my friend's lack of understanding, expecially of the firewall, have led to the destruction of the connections?
3) So, I am trying to form a methodical plan to solve the problem.
a- Should I rerun a set of malware/spware utitilites, given the "aupdate log file" message?
I found no evidence of a browser hijack, backdoor, key logger etc.
b- Should I unistall Avast and Agnitum? I was worried that my friend would not understand
these products. Or, is the firewall, especially if my friend managed to create an incorrect rule,
the culprit? This begs a question: since these products are price friendly, which products (free)
would be best for a less than savvy user?
c- Will networking have to be reestablished from the ground up?

Thanks.

My guess is that it is a configuration problem, since
it happened right after you made changes. Try disabling
the firewall and going through all the network
config stuff. Or do a system restore, back to before
you installed the AV and firewall.
:cool:

I love how people install all of this "Helpfull" software for other people who don't understand it and then wonder why problems occur.

OK, first off, software Windows firewalls, generally have pop ups, or they did back when I used Windows / Software firewalls in Windows. Like it would ask can this program do this? He said something popped up, which was probably a service asking can it do something, he probably said no, and now it doesn't work... Shocking....

Uninstall the firewall, uninstall the anti virii, turn the services you shut down back on.... It's maybe going to work after that. Then, reinstall the Anti Virii software. Let that update, and make sure it works. Then, shut down services one at a time until you have whatever you shut down as shut down and if it's still working, you can safely assume the firewall had a pop up and he didn't read it.

Quote:

---

you can safely assume the firewall had a pop up and he didn't read it.

---

This is most likely your issue

I think Gore has nailed it ;)

MLF

Gore,
I had some suspicions that my recovery process would be similar to yours, less the cynical sarcasm about helpful software. I suppose I should not have installed anti virus and a firewall on the computer, on the assumption that the user was a moron and that it would only complicate matters?
Perhaps the real concern is educating users to the learning curve of firewall pop ups?

Hi and a belated welcome to AO... :p

have you tried doing any of these scans in "Safe Mode", one thing you can try is to go into Safe Mode with Networking option see if you have any connection problems then.

If you are able to go online, I would then recommend a Housecall and let them scan your PC and follow their prompts.


As for services
Elder Geek services info

Or you can do a System Restore to the point before all of these changes and maybe this will reset everything back to normal....

I did try to boot to Safe Mode with Networking at the very beginning of the whole process. The computer stalled. In regular mode, I tried to Housecall and that too stalled. I ran Avast, and it came up clean.

Quote:

---

I had some suspicions that my recovery process would be similar to yours, less the cynical sarcasm about helpful software

---

Dont take it personally....Gore is far to cynical for his age....most of us are used to it. ;)

As for "software" firewalls...I personally dont like them ...as most users dont understand how to use them. When helping out friends\relatives with securing thier internet connections...I reccommend NAT routers....which filter out most of the garbage out there, a good AV\ASW...and regular system updates

Heres a great site to reccommend to users....if they are interested...just found it myself this morning
http://www.malwarehelp.org/

I also*** TRY*** to explain to them about thier surfing and email habits and the importance of updating the system\av\asw etc regularly.

If it is a laptop and they travel with it...I just enable the XP firewal...and pray that they do not get infected by some hotels un secured\malware infested network :eek:

and if they do....I fix it for them...keeps me in a job...and wine :D

MLF

Morgan,
My friend Charlie is a retired math professor. The latop doesn't travel. His computing practices are sound. He is trying to broaden his knowledge at this point. I sure as heck wasn't going to start preaching about IPTABLES on a Linux gateway to him.

Professors are the worse students. You said he was already behind a router.... Why install a software firewall that he knows nothing about when one interface is between him and the net already?

Second, why would you need to talk about Linux in this at all? Or IPTables? what does this have to do with a gateway?...