• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Internet stops working after ~90mins, but on system reboot..

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Goto page 1, 2  Next
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Spyware // Adware // Trojans Discussion

View previous topic :: View next topic  
Author Message
warinx
Just Arrived
Just Arrived


Joined: 06 Mar 2009
Posts: 0


Offline

PostPosted: Fri Mar 06, 2009 11:00 pm    Post subject: Internet stops working after ~90mins, but on system reboot.. Reply with quote

Hi, I have a odd issue (I think).
Info on sys config>>Windows vista Ultimate
IE>>8
RAM>>2gb
connection type>>256kbps
Antivirus>>Avast
Firewall>>Zonealarm
Malware software tried so far>>Superantispyware, Trojan remover,Malwarebyte,spybot search & destroy.

Issue>>Iam able to connect to internet, my system is fast enough..but the issue is when iam online ~ after 90mins my internet stops working, but able to use my computer all services on my system works fine.
I have tried disconnecting & reconnecting my internet..nojoy
refreshing the IE...nojoy
deleting temp files & cookies..nojoy
Did a complete scan using above programes>>found no issue
But...
when I try to shutdown my pc or logout...nothing happens.
but iam able to switch between users but cant logout.
(what I do is, first I swich between useraccounts & then use then use the shutdown option on logon screen...result it would take ~5mins to shutdown (Normaly my system takes 30seconds to shutdown)
BUT AFTER SYSTEM REBOOT THINGS ARE BACK TO NORMAL.
able to connect to internet without anyissue & also able to shutdown pc in 30seconds..but after ~90mins its back to squareone.


summary>>unable to access internet after being online for 90mins & at the same time unable to logout/shutdown the pc..BUT AFTER SYSTEM REBOOT THINGS ARE BACK TO NORMAL.

pls help..Thanks in advance.
Back to top
View user's profile Send private message
Nonapeptide
Trusted SF Member
Trusted SF Member


Joined: 10 Nov 2008
Posts: 2
Location: Scottsdale, Arizona

Offline

PostPosted: Sat Mar 07, 2009 3:05 am    Post subject: Reply with quote

when did this start? How long has it been going on? Did you install anything, add any hardware or perform a windows update install at around the same time as the problem started?

Have you checked the Event Log for anything interesting at about the time you lose internet connectivity?

When you lose internet connectivity, what happens when you do an ipconfig /all? Does it say that the media is disconnected?

Have you checked computer management to see if the wireless adapter shows itself being in an alarm or error state? Does it even show up in computer management after you have the connectivity problems?

Have you installed the latest drivers for your networks card(s)?
Back to top
View user's profile Send private message Send e-mail Visit poster's website Yahoo Messenger
warinx
Just Arrived
Just Arrived


Joined: 06 Mar 2009
Posts: 0


Offline

PostPosted: Sat Mar 07, 2009 12:05 pm    Post subject: Reply with quote

Thanks for the reply...

Its been happening from past three weeks (asper my observation)...I haven't installed any new program, but did change from AVG antivirus to Avast to see if it will help the situation, I havent installed any new hardware, I leave Windows update "ON"..so its always running.

I havent checked event logger, I just checked it now ..and see thousand's of events ...did notice some windows updates which are installed but are not applicable for my OS ...but will check when the issue occurs.

This is something Interesting...when I lose internet connection..I cant access any website on IE...but IF I HAVE ANY DOWNLOAD IN PROGRESS...IT CONTINUES. (SOMETHING ODD) I dont loose the whole connection...(Partial loss of connection , which i discovered today:Neutral| download continues when this occurs...so I feel there is no issue with NIC or its drivers...& iam on wired connection using "Modem : Beetel 220BX " it doesnt have wireless features...& No USB...its just RJ45.
moreover there is no error message..all that happens is IE takes long time to load outcome "page can not be displayed".


(I will check event logger when this issue occurs...thanks again..)
Back to top
View user's profile Send private message
warinx
Just Arrived
Just Arrived


Joined: 06 Mar 2009
Posts: 0


Offline

PostPosted: Sat Mar 07, 2009 6:29 pm    Post subject: Reply with quote

There are 2 IE open on desktop
but in Task manager>>processes>>
there are 5 IE's running
CPU>>oo
Memory
1st IE>>11,780k
2nd IE>>11,252k
3rd IE>>11,724k
4th IE>>11,412k
5th IE>>8,144k


so closed all IE...
opened 1 IE...but noticed 2 IE process in task manager
CPU>>00
Memory
1st IE>>11,772k
2nd IE>>8628k

when I closed one IE..both processes closed.

After PC reboot
able to get online..
again opened one IE...
but two IE processes in Taskmanager.
Memory
1st IE>>9,420k
2nd IE>>13,444k
Back to top
View user's profile Send private message
Nonapeptide
Trusted SF Member
Trusted SF Member


Joined: 10 Nov 2008
Posts: 2
Location: Scottsdale, Arizona

Offline

PostPosted: Mon Mar 09, 2009 9:40 pm    Post subject: Reply with quote

warinx wrote:
I havent checked event logger, I just checked it now ..and see thousand's of events ...did notice some windows updates which are installed but are not applicable for my OS ...but will check when the issue occurs.


You can filter events by info, warning or error. My instinct would tell me that you would only be looking for errors. Use an event filter to make it easier to search through the events.



warinx wrote:
This is something Interesting...when I lose internet connection..I cant access any website on IE...but IF I HAVE ANY DOWNLOAD IN PROGRESS...IT CONTINUES. (SOMETHING ODD) I dont loose the whole connection...(Partial loss of connection , which i discovered today:Neutral| download continues when this occurs...so I feel there is no issue with NIC or its drivers...& iam on wired connection using "Modem : Beetel 220BX " it doesnt have wireless features...& No USB...its just RJ45.
moreover there is no error message..all that happens is IE takes long time to load outcome "page can not be displayed".


My suspicion is some kind of malware. Have you done a thorough scan with SpyBot S&D, Ad Aware, Malware Bytes, Hijack This, etc.? If you really wanted to get into the guts of the situation, you could do a wireshark packet capture at about the time you would expect your network connection to drop and then sift through the data when you eventually do lose connection. I won't guarantee that you'll find anything definitive, but it could give you more to go on.
Back to top
View user's profile Send private message Send e-mail Visit poster's website Yahoo Messenger
warinx
Just Arrived
Just Arrived


Joined: 06 Mar 2009
Posts: 0


Offline

PostPosted: Wed Mar 18, 2009 10:34 pm    Post subject: Reply with quote

I did notice this "TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts." in thsi event logger, does mean somthing....
Back to top
View user's profile Send private message
Nonapeptide
Trusted SF Member
Trusted SF Member


Joined: 10 Nov 2008
Posts: 2
Location: Scottsdale, Arizona

Offline

PostPosted: Wed Mar 18, 2009 10:43 pm    Post subject: Reply with quote

warinx wrote:
I did notice this "TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts." in thsi event logger, does mean somthing....


Are you running any peer-to-peer apps on your system? After doing a quick Google search, plenty of information is out there about that error and its possible causes. Here's just a single example. Just remember, never install a patch or hack that tries to increase the limit of TCP/IP connections since that is a violation of the Microsoft license agreement. Your situation is definitely non-standard and smacks of something amiss.
Back to top
View user's profile Send private message Send e-mail Visit poster's website Yahoo Messenger
bfarmer
Just Arrived
Just Arrived


Joined: 22 Jan 2009
Posts: 0


Offline

PostPosted: Thu Mar 19, 2009 4:38 am    Post subject: Reply with quote

warinx wrote:
There are 2 IE open on desktop
but in Task manager>>processes>>
there are 5 IE's running
CPU>>oo
Memory
1st IE>>11,780k
2nd IE>>11,252k
3rd IE>>11,724k
4th IE>>11,412k
5th IE>>8,144k



Looks to me like you have a rootkit hooked into IE. CPU is at 0% though?
Back to top
View user's profile Send private message
warinx
Just Arrived
Just Arrived


Joined: 06 Mar 2009
Posts: 0


Offline

PostPosted: Thu Mar 19, 2009 10:52 pm    Post subject: Reply with quote

Yep CPU=0% to ~ 5%, RAM =~50% ..Its not only IE which stops working, I even tried Opera & Firefox ...it made no difference..
Back to top
View user's profile Send private message
warinx
Just Arrived
Just Arrived


Joined: 06 Mar 2009
Posts: 0


Offline

PostPosted: Thu Mar 19, 2009 10:57 pm    Post subject: Reply with quote

I haven't installed any Peer-to-peer on the system & No tweaking programs on my system.
Back to top
View user's profile Send private message
Nonapeptide
Trusted SF Member
Trusted SF Member


Joined: 10 Nov 2008
Posts: 2
Location: Scottsdale, Arizona

Offline

PostPosted: Thu Mar 19, 2009 11:56 pm    Post subject: Reply with quote

Have you done a thorough scan of your computer with the freeware tools that I mentioned in the fifth post? Run everything except HijackThis in Safe Mode without networking. IMO, this seems like a malware issue. It could be something else, of course, but let's try to pluck the low hanging fruit.
Back to top
View user's profile Send private message Send e-mail Visit poster's website Yahoo Messenger
bfarmer
Just Arrived
Just Arrived


Joined: 22 Jan 2009
Posts: 0


Offline

PostPosted: Fri Mar 20, 2009 1:15 pm    Post subject: Reply with quote

warinx wrote:
Yep CPU=0% to ~ 5%, RAM =~50% ..Its not only IE which stops working, I even tried Opera & Firefox ...it made no difference..


Just for the heck of it, download Prevx CSI demo and see if it finds anything. It is a quick scan, and doesn't cost anything. It won't clean anything for free, but it will tell you what it finds.
Back to top
View user's profile Send private message
warinx
Just Arrived
Just Arrived


Joined: 06 Mar 2009
Posts: 0


Offline

PostPosted: Fri Mar 20, 2009 11:44 pm    Post subject: Reply with quote

Thank you for your suggestion, I did a scan with Prevx CSI & found "gendel32.exe " checked in google for the same & found>>> "Gendel32.exe is Trojan/Backdoor.
Kill the process gendel32.exe and remove gendel32.exe from Windows startup." so checked in Task Manger process, It wasn't there, checked in msconfig under startup programes, it wasn't there, so deleted the file directly from its location. One thing I haven't undestood is I usualy check process in Task Manager & startup programs but never found "gendel32.exe" running, & when I tried to delete it, it was simple & never got any message stating that this program is running, But Iam happy that this file is longer on my system (asper my knowledge).
Back to top
View user's profile Send private message
warinx
Just Arrived
Just Arrived


Joined: 06 Mar 2009
Posts: 0


Offline

PostPosted: Sat Mar 21, 2009 12:41 am    Post subject: Reply with quote

even after removing "gendel32.exe " ....nojoy.
so checked in event logger & found...
"The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state."
started this process,..still nojoy.
Back to top
View user's profile Send private message
RoboGeek
SF Mod
SF Mod


Joined: 13 Jun 2003
Posts: 16777166
Location: LeRoy, IL

Offline

PostPosted: Sat Mar 21, 2009 2:00 am    Post subject: Reply with quote

bfarmer likes that prevx stuff... just wait till I show him some real tools!! Laughing


If you have hidden IE's running, you have malware.
Back to top
View user's profile Send private message Visit poster's website
bfarmer
Just Arrived
Just Arrived


Joined: 22 Jan 2009
Posts: 0


Offline

PostPosted: Sat Mar 21, 2009 5:13 am    Post subject: Reply with quote

RoboGeek wrote:
bfarmer likes that prevx stuff... just wait till I show him some real tools!! Laughing


If you have hidden IE's running, you have malware.


Yep, that is a nice quick scan.

Gendel (or whatever it was) was most likely one of the instances of iexplorer you saw running.

Take the fact that you found it as evidence you have malware and run some scans with previously mentioned apps and see what pops up.
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Spyware // Adware // Trojans Discussion All times are GMT + 2 Hours
Goto page 1, 2  Next
Page 1 of 2


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register