I had a laptop recently that did something similar. It *would* get an
address but pings to any host on the net that I know to be responsive
were responding anywhere between 900ms to 2.5s. Since she complained of
this issue as soon as she got her new wireless router I went straight to
diagnosing that not realizing that there was no anti-virus on her
computer.
I brought it home and loaded AVG, it cleaned 114 various viruses from
the laptop. I also loaded Spybot and Ad-Aware, updated, scanned, and
removed some spyware. After that everything network-wise worked
flawlessly.
WRT to the first system that will not connect no matter, have you tried
a new cable or NIC? Does anything show up in the ARP cache when you do
an ipconfig /renew? How does the machine react on a known-working
network connection? If it has a firewall installed, does disabling it
allow a connection?
My advice would be to run the full gamut on both machines, anti-virus
from multiple vendors (AVG, Trend Micro HouseCall, Stinger,
Symantec/McAfee), and to scan for and remove any spyware. If you
haven't already, a firewall should be installed. I'm partial to Kerio
(very verbose to the user) or ZoneAlarm.
Spybot has an interesting feature called TeaTimer that monitors key
areas of your registry for writes/changes and notifies you ZoneAlarm
style if you want to allow the change.
Good Luck!
Mike Fetherston
-----Original Message-----
From: Dan Denton [mailto:ddenton@PAYLESSOFFICE.com]
Sent: Monday, November 01, 2004 12:09 PM
To: focus-virus@securityfocus.com
Subject: Adware/Spyware (maybe a virus) that limits connectivity for
windows network interface
A company who I do consulting for has had 2 machines in the past 2
months who have been infected with adware and spyware who's network
interface shows "Limited or no connectivity". The first was some time
ago, and the only way I could get the machine to talk on the network
was
to slick and rebuild it (probably the responsible thing to do anyway).
From what I have read on the internet this means that the computer
cannot connect to it's DHCP server. A repair of the interface results
in
an error saying that an address couldn't be obtained from the server.
Reinstalling TCP/IP, Repair installs of WinXP, reinstalls of SP2,
Virus
and Ad-aware scans do not fix the problem. Dealing with the 2nd
machine
this has happened to, I've found a process called wmiprvse.exe that
didn't look familiar, and according to Symantec it could be a sign of
Trojan.Gletta.A or a Gaobot variant, however neither of these was
found
by a scan (Symantec or Trend). I'm looking for a course of action
other
than nuke/pave. Any suggestions would be greatly appreciated.
Dan Denton
Information Technology Manager, CCNA
Pay-LESS Office Products
402-891-6210 ext 61
ddenton@paylessoffice.com
