Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Only at Home


  • Please log in to reply
22 replies to this topic

#1 troublesh00ter

troublesh00ter

  • Members
  • 561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Deep South
  • Local time:01:38 AM

Posted 20 September 2010 - 04:40 PM

I have cable internet at home and it works great! Fast and all love it! However, I have to reboot my laptop every time I come home from work.

When I go into work in the morning and start it up, the connection comes through in a snap without any issue.

When I get back home and open the lid, the connection appears to be on but the browser delivers 0 results... all three of them! IE, FF, Chrome

I've even tried restarting the connection from the laptop but it doesn't work.

For some reason it will only patch through after a reboot of the computer.

I really don't understand this.

Everything is set as it should be... Connect Automatically, Connect even if not broadcasting, Password is correct

I just don't get it...
for3ver,
goose90proof

BC AdBot (Login to Remove)

 


#2 Orecomm

Orecomm

  • Members
  • 266 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roseburg, Oregon
  • Local time:11:38 PM

Posted 21 September 2010 - 12:35 PM

OK, this is pretty curious. Do you by chance use the same network name (SSID) at home and at work ? As another possibility, could there be multiple profiles on your machine using the same network name (SSID) as your home ? A quick test would be to log into your home router and change the network name to something unique, then connect to it with your laptop (and presumably everything else that currently connects to it) and see if the problem persists.

Let us know what you find.

#3 troublesh00ter

troublesh00ter
  • Topic Starter

  • Members
  • 561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Deep South
  • Local time:01:38 AM

Posted 24 September 2010 - 08:43 AM

The SSID's are quite unique.

It takes a really long time to resolve the host and thats usually where it screws up.

Sometimes even a reboot won't solve the issue. Lately it hasn't been able to contact the DNS at all.

I tried flushing the cache and it worked for 5 minutes, but when I start browsing around for a while it starts acting up again.

I did notice something yesterday (and this is really suspicious)...

Right after I flushed the cache and typed in a url, (google for instance) I was watching the progress bar and it said "waiting for google" (like it's supposed to) BUT then some place called (and I'm kinda guessing cuz I can't remember) "as.addthis" is contacting or is being contacted.

Is this malware or would it do that at both work and home networks?
for3ver,
goose90proof

#4 Layback Bear

Layback Bear

  • Members
  • 1,880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ohio
  • Local time:01:38 AM

Posted 24 September 2010 - 11:25 AM

I would not have "as.addthis" on my computer. Doesn't look good. Check this site out. http://superuser.com/questions/36223/are-s...-addthis-secure
If it was my computer I would remove it and run updated scans of your anti virus, Super Anti Spyware and Malwarebytes Anti Malware.

#5 Orecomm

Orecomm

  • Members
  • 266 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roseburg, Oregon
  • Local time:11:38 PM

Posted 24 September 2010 - 12:02 PM

The behavior you describe is decidedly suspicious. I'd second Layback's recommendation and add a good antivirus to the list (Avast! and Avira are two good ones that have free-for-home-use options as well as good low-cost paid versions). We can go through troubleshooting your DNS issues but if you are infected the problem will be hidden. Any anti-virus or anti-malware already on your system may have been disabled already so download a fresh copy and run it before rebooting. You may also want to consider signing up for OpenDNS (free for basic users) and see if changing to their DNS servers clears things up, but I'd scan first.

Let us know what you find.

#6 troublesh00ter

troublesh00ter
  • Topic Starter

  • Members
  • 561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Deep South
  • Local time:01:38 AM

Posted 24 September 2010 - 12:03 PM

I didn't let it on here. If it actually resides anywhere on my computer I didn't give it permission.

Yea, I use facebook but I"m the kind of guy that closes all the adds and selects the "Offensive" feedback option to make them go away.
I don't play farmville or any of that becuase I'd have to let it "access all my information".

I try to run a pretty tight ship here.

I use spyware blaster, I have MBAM on demand (which I ran and it picked up nothing)! I have KAV which is up-to-date.

I don't know where it's running from!

I also just downloaded MVP host file to try and help but I'm at work where there are no problems so the true test will be when I go home.

Any thoughts?
for3ver,
goose90proof

#7 NpaMA

NpaMA

  • Members
  • 635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Memphis, TN
  • Local time:02:38 AM

Posted 24 September 2010 - 07:23 PM

Check your WIFI/Wireless drivers. What is the make and model of your PC?

As a test could you see if the problem is from disconnecting from one network, and connecting to another?(Connect at home, close lid, go to work network and see if same problem occurs)

#8 troublesh00ter

troublesh00ter
  • Topic Starter

  • Members
  • 561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Deep South
  • Local time:01:38 AM

Posted 27 September 2010 - 09:35 AM

Samsung R480 Laptop Win7 Home Premium 64bit
KAV v9.0;MBAM(current);SpywareBlaster(current)


My drivers are up to date (all of them).
I just recently got a new license for KAV. I typically run MBAM once every week (Sunday is maintenance day)!
I have spywareblaster and I keep it updated.
I have the MVP hosts file.
I've been flushing my DNS cache when the network starts hiccuping (it seems to help).
Browser settings are fine. (I primarily use chrome but I have IE and FF as well and they are performing in the same manner)

It always seems like the problem is happening during domain name resolution

As for your suggestion, I do that on a daily basis. Connect at home, go to work (connects to network). There's never a problem at my office. Is my router infected?

I considered switching to OpenDNS but not really sure what the process entails. I've always just stayed with my ISP's DNS.

Looking through the running processes displayed in task manager, I didn't notice any unusual processes running on the computer. Just the norm of windows processes and the stuff that I'm running.

I'm not using an ungodly amount of resources either. Processor load is light, memory usage is par.

It really confuzzles me. I like to think I'm pretty tech savvy. I know more than most but this is really throwin curves at me.

Thanks for the help,
Looking forward to a response.

Edited by goose90proof, 27 September 2010 - 01:33 PM.

for3ver,
goose90proof

#9 Layback Bear

Layback Bear

  • Members
  • 1,880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ohio
  • Local time:01:38 AM

Posted 28 September 2010 - 07:13 AM

Post #3. Right after I flushed the cache and typed in a url, (google for instance) I was watching the progress bar and it said "waiting for google" (like it's supposed to) BUT then some place called (and I'm kinda guessing cuz I can't remember) "as.addthis" is contacting or is being contacted.

#10 troublesh00ter

troublesh00ter
  • Topic Starter

  • Members
  • 561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Deep South
  • Local time:01:38 AM

Posted 28 September 2010 - 08:30 AM

Ok..... I was fairly certain it had something to do with the problem. How can I track it down and get rid of whatever is screwing with my connection?
for3ver,
goose90proof

#11 _sjm_

_sjm_

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:38 PM

Posted 28 September 2010 - 10:47 AM

The addthis could be just the website trying to load a page from them and some of your settings not allowing the true content in (the hosts file?). On the wireless issues, do you have your home network as the first in the list of networks for your card to try? Try moving it to the top.

#12 troublesh00ter

troublesh00ter
  • Topic Starter

  • Members
  • 561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Deep South
  • Local time:01:38 AM

Posted 01 October 2010 - 08:30 AM

I've tried all the suggestions here and I'm still having the same problem.

When I take my computer home...

It connects to the network.
Tray icon says it is connected.
Can't navigate to any websites though.
It always seems to hang at domain name resolution.

Should I post in the Am I infected thread?
for3ver,
goose90proof

#13 Orecomm

Orecomm

  • Members
  • 266 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roseburg, Oregon
  • Local time:11:38 PM

Posted 02 October 2010 - 11:50 AM

It's possible your router is compromised, or something odd is happening on your machine in DNS resolution that we will have to isolate. You might try resetting your router to factory defaults and setting it up again or even re-flashing it with latest code. You will probably have to download the code at work, from the sounds of it.

On your machine, from the command prompt (Start->Run->cmd) type nslookup and pay particular attention to the default server and IP address that is returned (if nothing comes back but a prompt try the command "server"). Do they match your ISP's DNS or is it the address of your router (neither is wrong, it just tells us whether your router is running DNSmasq) ? It should match whatever shows up in your network config. Or is it something entirely different (uh oh)?

Then at the > prompt enter the name of one of the sites you know you are having problems with (www.google.com, no http://) and see what the result is. You should get back a server name and list of IP's.

This should help narrow things down.

Try manually setting your DNS at home to 208.67.222.222, which is one of the OpenDNS servers. See what happens.

#14 troublesh00ter

troublesh00ter
  • Topic Starter

  • Members
  • 561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Deep South
  • Local time:01:38 AM

Posted 04 October 2010 - 10:08 AM

Thanks. I'll give this a shot and let you know what kind of results I get.
for3ver,
goose90proof

#15 Wired68

Wired68

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:38 PM

Posted 05 October 2010 - 09:14 AM

First when you are having the issue, before rebooting, can you ping google.com? Can you ping the address 4.2.2.2?

4.2.2.2 as well as 8.8.8.8 are two very well known and reliable free publicly available (and pingable) DNS servers owned by Level3 Communications and Google, which also work great as test pings to verify internet connectivity (plus they're easy to remember ;) ).

First even though you've tried mulitple browsers, I'm curious if you can even ping a dns name such as google.com or yahoo.com. If not can you ping one of these public IP's?
* If neither work then possibly something is up with your NIC or the router since a reboot fixes it. Also check option 5 below to verify local routes.
* If you can still ping the public IP's but not the DNS name, then something may be up with the DNS server you're using, in which case, change your NIC to use 4.2.2.2 and 8.8.8.8 as your DNS servers. If this fixed your problem, you may want to check with your ISP about the DNS servers given to you, though feel free to leave these configured if they work; I'm using them right now.
* Now if ping works to both google.com and 4.2.2.2, but you still can not browse the net, then that tells you DNS is working fine and ICMP packets are going, though TCP and/or UDP are are failing which could be caused by a number of things. For starters I'd check the following:

1) At work, do you use a proxy server to connect to the net? If so it may have not cleared out. The proxy settings do not affect ICMP (ping) packets.
In Internet Explorer settings, check the proxy server under the Connections tab and make sure there nothing is checked. Even though you tried three browsers, all of them now use IE's proxy settings so you don't have to change it in each browser and so group policies work throughout.
You may also want to verify the proxy is off directly from registry under:
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" ProxyEnable should be set to 0

2) Check your home router. Verify there are no unwanted access lists or restrictions. You may also want to try rebooting the router and if necessary, resetting it back to factory and re-configuring it. There may be something cached in the router from the previous login that did not clear out for some reason until you rebootied the PC which sent a formal disconnect to the router.

3) As others have noted, because of your comment above about that suspicious "as.addthis" you saw, you may want to run a few more scans such as HijackThis. I'm leaning toward the other causes I mentioned above since you say everything always works good at your work, but you never know. Doesn't hurt to check.

4) Check your local hosts file. Even if google.com or yahoo.com was pingable, if you have a bad local hosts file, you could be seeing an enemy IP. Again, not to likely since you say all is fine at work, but still worth a glance anyway.
The location is: "%SystemRoot%\System32\drivers\etc\". The file is named hosts without any extension and can be opened with notepad.

5) In CMD, type ROUTE PRINT. This will show the local routes your computer uses to reach outside networks such as the internet. Check if anything looks off here and verify all the routes, especially the default "0.0.0.0" route, are pointing to the correct Gateway and Interface. I doubt anything will be off here if any of the ping tests worked, though still worth a check to verify it's not still showing your work Gateway.


Hope some of this makes some sense and I didnt just ramble on ;) Let me know what you come up with and if you have any other questions or need any more help, I'll be glad to give it a shot.


Good Luck!

-Wired68

Edited by Wired68, 05 October 2010 - 09:15 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users