Posted 09 March 2010 - 09:10 PM
Hello everyone, I've come to request help about a little issue I'm having. I'm not exactly sure whether it's malware related or not so I thought this would be the best place to post.
In summary, after a period (of either idle or use) the internet will become almost inaccessible. Symptoms are that pages are unable to be loaded: Firefox shows a 'Loading' icon for a fraction of a second then just gives up with no explanation leaving a blank page with an (Untitled) tab.
Internet Explorer also fails, except with the standard "Page cannot be displayed" error.
Rarely in this state, a page can be accessed. Usually if this happens then a vast majority of the elements are missing, e.g. images and style sheets.
Other internet applications also frequently fail to work properly, e.g. Live Messenger.
The Windows Network Troubleshooting tool fails to find any sources for a problem.
If attempting to download a file during this unresponsive state using "Save file as..." for example, this error is returned in a dialogue box (by Firefox):
"The download cannot be saved because an unknown error occurred.
Please try again."
I also use Proxifier software, which occassionally returns the error during this unresponsive state:
"[(Timestamp)] Error : bind failed with error 10055"
According to a few sources, error 10055 is associated with a lack of buffer space, so I started a bit of investigating.
I downloaded SysInternals TCPView, and the log is filled with results like:
svchost.exe:1508 TCP 10.34.24.47:51251 22.214.171.124:8080 CLOSE_WAIT
With the same local and remote address, the same state, , the same protocol, the same process and the local address ports ranging completely (as in every port in this range has a connection) from 49157 to 65535.
A bit of background information:
I'm on a Uni residential network. Internet access is given by configuring applications to use a automatic proxy configuration script. This script provides load balancing across 4 proxy servers, one of which is the remote address given in the TCPView logs.
I'm just wondering whether these numerous connections are the cause of the internet access loss, and whether malware is a cause of these connections.