Windows XP - totally fucked
I am very knowledgeable of windows XP, but recently ive come across something that I cannot figure out on my own.
This is pretty weird.
So when I got to my control panel, and try to acess Windows Firewall, I get an "Windows firewall Service has not been started yatta yatta" error. I hit "start", but the service fails to start.
So then i go to Administrative tools and try to manually boot the service or set it to automatic start, but none of this works.
Next, I try to connect to the internet and do some research, but Firefox cannot establish a connection. I AM connected, but firefox can't see it. I mean i can Instant Messenger and stuff, but no browsing.
So Internet Exporer leads me through a diagnosis and says the Winsock has problems and needs to be reset. I let it reset the winsock, and i reboot. No success. I manually reset it through DOS "netsh winsock reset", but alas no success.
So pretty much I can ping and Instant messenger and talk to people, but no firefox, no browsing.
Now i think ive got a virus or something, so i boot up AVG 8.0
I hit update, but it cannot connect to the server. So this is bad.
Now ive booted up from a Mandriva live CD, which DID have success in firefox. So its definitely something in the OS.
Im going to try to find a downloadable definition file for AVG and pop that over to windows XP and try to virus scan.
In the meanwhile, does anybody else have any ideas, or ever had this happen?
Help!
Another recommendation for spybot here, its a quality piece of free software, I dont have a windows machine running without this installed.
edit - Wait, can you ping through port 80? like www.google.com?
jjbutler88 wrote: Another recommendation for spybot here, its a quality piece of free software, I dont have a windows machine running without this installed.
edit - Wait, can you ping through port 80? like www.google.com?
Lol. If he were unable to ping (or basically send generic packets of data to see if a host/server is alive) through to port 80, he wouldn't be able to browse the internet either (well not through HTTP anyway). Now, if you're talking about hosting something on port 80, it could be your ISP preventing you from using any server that uses port 80.
Now (I just read the post), try browsing through HTTPS and see what happens (I.E. https://www.hellboundhackers.org). I'm not sure why you'd be able to ping a site, but be unable to browse using a standard browser.
Lol. If he were unable to ping (or basically send generic packets of data to see if a host/server is alive) through to port 80, he wouldn't be able to browse the internet either (well not through HTTP anyway).
Not necessarily. If just TCP packets on port 80 were blocked, no web traffic could get though, but pings use the ICMP protocol, which might not have been blocked. Its unlikely I admit but just tryin to get to the bottom of the problem, the solutions not going to be simple if the poster is knowledgeable (no reason not to believe it)
I believe I had something similar once. I don't know about the firewall problem because I wasn't using it then. I could still browse, using IP. Sometimes everything worked, sometimes just didn't. Problem was some msn virus, which showed up in the processes.. I think it was called winudspm.exe, which was removed with combofix.exe. I guess that spybot/etc could have seen it too. Not sure. Use HijackThis, if out of ideas. Or system restore point. Just my thoughts.
Ok Avg is good but from what you tell me I would suggest scanning with avira because they usuially pick up a lot of virus and malware. I would say scan with that
@digitalfire we've been through this before did you try Disabling Netbios over TCP/IP then reanabling it. Check your services and running processes for any rogue firewalls that may have been installed without your knowledge. Also check the event viewer for errors. post back with your full error on the firewall with the code.
Interestingly I had a similar problem recently. Firefox and explorer couldn't connect yet I was able to connect with seamonkey. I tried everything in firefox and even resorted to a complete reinstall(deleted everything first). Nothing. Tried rebooting killing useless processes in task manager. I even tried messing with my firewall to see if it was blocking only to find it turned off. So restored it to defaults got a new antivirus (deleted norton). No viruses were found though. I also finally got around to ripping the preinstalled software of my computer and what not. And suddenly I noticed that firefox was randomly working again….
Whatever. I decided to forget about it as a windows fluke and just went back to customizing my system settings (and got wireshark just in case). I had done this to my other computers just not my newest one yet (wanted to see if vista really is that bad, it is.)
Hey everybody, thanks for the replies. The problem remains, however :angry:
So: -Whoever said try https, that was a good idea, and i was excited. Yet that failed, so its more than just port 80 that is being blocked.
Korg: I DID try resetting netbios and doing a "netsh winsock reset", but this time it didnt work. The exact error from the firewall is:
Windows Firewall
---------------------------
Windows Firewall settings cannot be displayed because the associated service is not running. Do you want to start the Windows Firewall/Internet Connection Sharing (ICS) service?
---------------------------
Yes No
---------------------------```
I click "yes" and get
```markup---------------------------
Windows Firewall
---------------------------
Windows cannot start the Windows Firewall/Internet Connection Sharing (ICS) service.
---------------------------
OK
---------------------------```
I did not see any processes that looked suspicious, and killed all of them that were under my name. There were a few from "NETWORK RESOURCES" or something like that, and when i ended them, it rebooted my computer. Svchost has LOTS of spawns, not quite sure what they are up to. Speaking of Svchost, evertime my computer starts i get a
```markup---------------------------
svchost.exe - Application Error
---------------------------
The instruction at "0x7c918fea" referenced memory at "0x00000010". The memory could not be "written".
Click on OK to terminate the program
Click on CANCEL to debug the program
---------------------------
OK Cancel
---------------------------```
this happens on the LOGIN screen. Im pretty sure its one of the processes i have on "auto" start, failing.
When i went through the control panel to access the event viewer, i went. Start>control panel>admin tools>comp management. When i clicked on any of the log categories, i got
```markup---------------------------
Event Viewer
---------------------------
Unable to complete the operation on "System".
The interface is unknown.
---------------------------
OK
---------------------------```
this happens for any of the categories, not just system.
Thanks for your help guys, any more ideas?
the status remains at : i cannot use Firefox or IE to access the web, but aim runs fire. AVG fails to update. Https fails as well.
another thing ive noticed recently and didnt before, is my system tray. there used to be only one network icon, for Local Area Network. Now there are 2, one for LAN and one for internet. Everytime i boot it says "now connected to internet", which it never used to do before. If that helps at all.
thanks yall.
can you connect via telnet??
start –> run type cmd click ok
at the command prompt type telnet www.google.com 80
if you can connect you'll get a blank screen, if not you'll get a prompte that say connecting to www.google.com
personnally, i would say you PC has RootKit installed on it, but that is not 100% for sure.
When the windows firewall service can't start it means that another programming is using that windows NDIS Driver shim for that service. For example, when running Routing and Remote Access (RRAS or the NAT and VPN sevice) on a windows 2003 service, you can't start the windows internet connection sharing/windows firewall service on the box.
A trojan can also cause the issue, a well designer virus will install such an NDIS driver on a PC and hide itself. When windows looks up it drivers it does so by using linked nodes……
<–Previous driver = Z(Driver a)Next driver–>B|<–previous driver=A(driver b)–>Next driver–>C|<–previous driver=B(driver C)–>Next driver=D|<–etc… etc..
A good virus will do this <–Previous driver = Z(Driver a)Next driver–>C|<–previous driver=A(Virus driver b)–>Next driver–>C|<–previous driver=(driver C)–>Next driver=D|<–etc… etc..
In essence hidding itself from windows, because when windows enumerates its drivers it will skip from A to C, skipping B altogether.
Another issue that can cause this is DNS… but as someone suggested before ( I would image you tried it) even with DNS issues you should still be able to browse a site by it IP address, ie, for google.com http://64.233.183.99 should open google.
If ou can't use google via IP and DNS is working (start–> run Nslookup type google.com and check you get an answer) you have some deep OS issues. If telnet does not work, again OS issue (assuming you don't have a cisco router or the like blocking HTTP Traffic). Have you tried running wireshark as suggested and sniffing the packets….
I would love to troubleshoot this, very interesting issue..