Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet speeds drop massively on machine previously infected with malware


  • Please log in to reply
33 replies to this topic

#1 kotoroshinoto

kotoroshinoto

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 AM

Posted 26 March 2015 - 08:50 AM

speeds drop from 100Mbps to between 0 and 3 Mbps. 

I have purchased a PCI NIC to see if changing the hardware did anything (in case of failing on-board NIC).

The only thing that restores my proper speeds are disabling/re-enabling the device or using driver install to reset the drivers. Indicates the TCP/IP stack might be getting corrupted, but it happens frequently.

Other machines sharing same network for their internet connection are experiencing no problems at all. (2 laptops over wifi and a roku3). This machine is wired-in to the router.

I have no idea how to troubleshoot this any further than I have already. Perhaps there are remnants of malware present messing about with my networking software?

Edit: Topic moved from Windows 7 to AII ~ Computerxpds

Edited by computerxpds, 26 March 2015 - 10:46 AM.


BC AdBot (Login to Remove)

 


#2 kotoroshinoto

kotoroshinoto
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 AM

Posted 26 March 2015 - 08:54 AM

I very strongly want to solve this without doing a reinstall, and any relevant restore points would be far too old to bother using (i've installed and done things since that I don't want to lose, and i'd have trouble pinpointing the correct timepoint anyway).



#3 mremski

mremski

  • Members
  • 493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NH
  • Local time:10:02 AM

Posted 26 March 2015 - 09:00 AM

Does the router have multiple wired LAN ports?  If so, try moving the problem machine to a different one.  That would help diagnose things.


FreeBSD since 3.3, only time I touch Windows is to fix my wife's computer


#4 kotoroshinoto

kotoroshinoto
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 AM

Posted 26 March 2015 - 09:02 AM

OS is windows 7 x64,

I have moved from one lan port to another at the advice of my comp-sci major friends. It has had no effect on the speed.

when I reset the drivers (either by reinstalling the drivers or disabling/re-enabling the device) it runs back at top speed for a while. It doesn't seem like the cable or the port are bad unless its in a very subtle way.


Edited by kotoroshinoto, 26 March 2015 - 09:02 AM.


#5 kotoroshinoto

kotoroshinoto
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 AM

Posted 26 March 2015 - 09:03 AM

Should add the symptoms happen with both the on-board port AND the new PCI port.



#6 JohnC_21

JohnC_21

  • Members
  • 23,203 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:02 AM

Posted 26 March 2015 - 09:23 AM

Possibly resetting TCP/IP would help. At an elevated command prompt CMD > Right Click Run as Administrator

netsh int ip reset c:\resetlog.txt

Reboot



#7 kotoroshinoto

kotoroshinoto
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 AM

Posted 26 March 2015 - 09:37 AM

disabling / re-enabling device immediately restores 100+ Mbps without a reboot, will issuing that command do anything that doesn't do?


Edited by kotoroshinoto, 26 March 2015 - 09:37 AM.


#8 kotoroshinoto

kotoroshinoto
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 AM

Posted 26 March 2015 - 09:38 AM

I'll have to wait to test that for when the symptom comes back again. Will likely be within a day or 2.



#9 JohnC_21

JohnC_21

  • Members
  • 23,203 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:02 AM

Posted 26 March 2015 - 09:53 AM

It resets the TCP/IP stack. I can't say it will solve the problem but it is worth a try. It rewrites these registry keys.

SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ 
SYSTEM\CurrentControlSet\Services\DHCP\Parameters\

Edit: As you say, there may be some malware remnents. You can do a HitmanPro Scan. It requires an internet connection and uses the cloud to check you computer. When you check tcpip.sys and ipsec.sys in C:\Windows\System32\drivers are the file attributes the same as what you have on the other computers?


Edited by JohnC_21, 26 March 2015 - 09:57 AM.


#10 kotoroshinoto

kotoroshinoto
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 AM

Posted 26 March 2015 - 10:17 AM

the other computers are both Fedora21, they don't have the same kind of registry, if anything in linux could even be called a registry anyway. (they wouldn't have the windows drivers either unless we're looking in a wine directory)

I'll have hitman pro do a scan in the meantime


Edited by kotoroshinoto, 26 March 2015 - 10:22 AM.


#11 kotoroshinoto

kotoroshinoto
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 AM

Posted 26 March 2015 - 10:21 AM

I could check on my one dual boot laptop actually, there is a small windows 7 installation there. When I have a chance i'll do that.



#12 JohnC_21

JohnC_21

  • Members
  • 23,203 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:02 AM

Posted 26 March 2015 - 10:22 AM

Okay, I thought they were both Windows 7. No registry in linux which is a good thing. :wink:

 

Edit: If anything shows up in HitmanPro, I would go to either the "Am I infected Forum" or the "Malware Removal Forum". Once you have started a new thread there you can post the link here and a moderator will close this thread to avoid confusion.


Edited by JohnC_21, 26 March 2015 - 10:27 AM.


#13 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:07:02 AM

Posted 26 March 2015 - 10:27 AM

@JohnC_21

 

Tools like Hitman Pro are malware removal tools and may not be run in the Windows forum.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#14 JohnC_21

JohnC_21

  • Members
  • 23,203 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:02 AM

Posted 26 March 2015 - 10:32 AM

@JohnC_21

 

Tools like Hitman Pro are malware removal tools and may not be run in the Windows forum.

Thanks dc3 for pointing that out. I have to remember this. From now on I will point the posters to either of the two forums where the tools are allowed.



#15 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:07:02 AM

Posted 26 March 2015 - 10:38 AM

@kotoroshinoto

 

If this computer is still infected, trying to make other repairs could exacerbate its condition make your situation worse.  For this reason I have requested that this topic be moved to the Am I Infected forum where tools like Hitman Pro may be used.

 

It would help if you were to list what tools you used to clean the computer of this infection.  I suspect that if there are scans which would create a log you may be requested to post these logs.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users