Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not able to access internet with firewall on


  • Please log in to reply
6 replies to this topic

#1 leted_82

leted_82

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 06 October 2008 - 06:37 PM

Glad to be where the pros are, hopefully someone can guide me in the right direction. Yesterday my internet connection got very slow, then the browser froze up. After restarting my computer, I had the message in the lower right corner similar to "limited or no internet activity". I use Trend Micro PC-cillin Internet Security, and a short time later I got an alert about "cryp_fakeav-2". It was shown in a folder I could not access to delete it, and I restored my computer to an earlier point, which did not help.

I also got an alert about some type of an outgoing attempted connection, so I chose to block it. I had never seen this message before. I just figured out that if I turn off my Trend Micro firewall, I can access the internet. The firewall shows "Last Attack Information" on 10/06/08 at 18:25 (a few minutes ago). It shows the source IP address as 216.16.93.8 and shows an attack type of "Security rule matched".

Where should I go from here? I am concerned that if I continue to operate with the firewall off, it could be harmful since it shows a recent attack within the last few minutes? Is there any way to know the type of attack this is or why it is happening? Thank you very much in advance for any help!!

BC AdBot (Login to Remove)

 


m

#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,570 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:05:26 AM

Posted 06 October 2008 - 06:51 PM

Have you done any scans with Trend Micro, and if so what did they report?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Staff Emeritus
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:02:26 PM

Posted 07 October 2008 - 02:03 AM

If you still have TrendMicro disabled, at least enable the Windows firewall to use until you figure out the solution. Windows firewall will block incoming connections, but not outgoing. And even that is better than nothing at all.

Can you go through TrendMicro and find the outgoing connection you blocked? If so, and you do find it, post it here.

Edited by Queen-Evie, 07 October 2008 - 02:16 AM.


#4 leted_82

leted_82
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 07 October 2008 - 02:26 PM

I ran Trend Micro virus scan and it detected nothing. I have also run Malwarebytes' Anti-malware and it deleted a couple of adware things, but now shows the system clean. Obviously I am still not getting a connection to the internet though on that computer.

I have a window up now that is titled "Network Diagnostics for Windows XP" It is telling me the following: "Windows has detected a problem with the Winsock provider catalog on this computer. This catalog allows programs to communicate with this computer across the network. Would you like Windows to reset the catalog to the default configuration?" Does this sound legit? Should I do the reset or is that a risk?

#5 hamluis

hamluis

    Moderator


  • Moderator
  • 54,818 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:26 PM

Posted 07 October 2008 - 02:37 PM

Life is a risk :thumbsup:.

It's not likely that Windows will do anything to impair itself...as it tries to solve a troublesome circumstance, IMO.

Louis

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,570 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:05:26 AM

Posted 07 October 2008 - 03:35 PM

Try these general fixes:

Log on as an administrator, go Start > Run and type: "cmd". In the window that appears type: "netsh winsock reset". When the program is finished, you will receive the message: "Successfully reset the Winsock Catalog. You must restart the machine in order to complete the reset." Close the command box and reboot your computer.

Go Start > Run > type: "cmd" In the window that appears type: "ipconfig /flushdns". Close the command box.

Go Start > Control Panel > Network Connections. Right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties. Double-click on the Internet Protocol (TCP/IP) item. Select the radio button that says "Obtain DNS servers automatically". Reboot. Warning: Some Internet Service Providers need specific DNS settings. You need to make sure that you know if such DNS settings are required before you make this change.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:26 PM

Posted 07 October 2008 - 05:08 PM

The IP address 216.16.93.8 relates to PrairieWave Telecommunications is this your ISP?
http://samspade.org/whois/216.16.93.8
http://www.prairiewave.com/

As for the connection problem, i think Budapest has give you the answer to it.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users