September 21, 2020, 12:09:45 pm
News: GalahTech Community Based Technical Support!
Pages: [1]   Go Down
Author Topic: Lost Topic Title  (Read 824 times)
supagal
Monster Poster
*

Stars: +0/-0
Offline Offline

Posts: 1285



WWW
« on: January 29, 2004, 07:37:26 pm »

It seems that almost all of my customers with windows XP are having the same problem. It does not matter if its dial up, dsl, or wireless. The problem is they get connected and surf for a few minutes then nothing comes up any more, So they all restart and it works again and for the same amount of time.
O they are all using the same ISP and I am more or less looking into for the ISP.
Its strange being windows 98 on the same system works fine.
Some of my co-workers think it might be a bad patch or something like that.
Logged

supagal
Monster Poster
*

Stars: +0/-0
Offline Offline

Posts: 1285



WWW
« Reply #1 on: January 29, 2004, 08:39:59 pm »

Deleting the host file seems to fix this strange problem.
Logged

Pc_Madness
Ancient Poster
*

Stars: +0/-0
Offline Offline

Posts: 5349



WWW
« Reply #2 on: January 30, 2004, 06:48:42 am »

Whats in the host file?
Logged


wrack
Master of TMEOotAP
*

Stars: +3/-0
Offline Offline

Posts: 11116


Don't look back. Look in the mirror to look back.


WWW
« Reply #3 on: January 30, 2004, 07:14:09 am »

File used by Microsoft Windows Clients such as Microsoft Windows 98, Windows NT, 2000, XP to provide mappings of IP addresses to computer names (NetBIOS) names. The file generally located in the Windows or Winnt directory.

Looks something like this.

127.0.0.1          localhost    #example of the local host
123.0.123.7      example    #example of a fake ip and name

search for "lmhost"

Cheers.
Logged

Pc_Madness
Ancient Poster
*

Stars: +0/-0
Offline Offline

Posts: 5349



WWW
« Reply #4 on: January 30, 2004, 07:23:30 am »

Quote
Whats in the host file?

nana
Logged


wrack
Master of TMEOotAP
*

Stars: +3/-0
Offline Offline

Posts: 11116


Don't look back. Look in the mirror to look back.


WWW
« Reply #5 on: January 30, 2004, 07:37:10 am »

Quote
Looks something like this.

127.0.0.1          localhost    #example of the local host
123.0.123.7      example    #example of a fake ip and name
[/b]

Kinda tells the story Tongue
Logged

supagal
Monster Poster
*

Stars: +0/-0
Offline Offline

Posts: 1285



WWW
« Reply #6 on: January 30, 2004, 01:20:52 pm »

there was a strange font in a few of them.
Logged

wrack
Master of TMEOotAP
*

Stars: +3/-0
Offline Offline

Posts: 11116


Don't look back. Look in the mirror to look back.


WWW
« Reply #7 on: January 30, 2004, 01:48:14 pm »

blink
Logged

supagal
Monster Poster
*

Stars: +0/-0
Offline Offline

Posts: 1285



WWW
« Reply #8 on: January 30, 2004, 02:32:18 pm »

I wish I had a screen shot of it, but it looked like wingdings.

Found this at techtv.


Read the posts and links here
Mydoom.b thread <http://cgi.techtv.com/messageboards?action=whole_thread_view&board_id=12&topic_id=28&thread_id=2646604&per_page=50>

The latest version of mydoom / novarg/ mimail / sobig or whatever you want to call it, not only is capbable of installing even when the attatchment is not opened, merely when the mail is downloaded; but it modifies the hosts file to make many sites non accessible.
Logged

CornedBee
Ancient Poster
*

Stars: +0/-0
Offline Offline

Gender: Male
Posts: 5258


WWW
« Reply #9 on: January 30, 2004, 03:03:29 pm »

Update or (better) replace Outlook on these client's computers.
Logged

All the buzzt
CornedBee

"Writing specifications is like writing a novel. Writing code is like writing poetry."
- Anonymous, published by Raymond

"This is how Liberty dies - with thunderous applause."
Senator Padmé Amidala - Revenge of the Sith

supagal
Monster Poster
*

Stars: +0/-0
Offline Offline

Posts: 1285



WWW
« Reply #10 on: January 30, 2004, 03:43:04 pm »

must of them do not have outlook  but they do use outlook express.  Some use thunderbird, netscape, incedimail, eudra and one other that I forgot the name of.
Logged

CornedBee
Ancient Poster
*

Stars: +0/-0
Offline Offline

Gender: Male
Posts: 5258


WWW
« Reply #11 on: January 30, 2004, 10:24:24 pm »

There "dangerous" virii that are said to be activated by just downloading/viewing them all make use of various bugs in Outlook and Outlook Express to automatically start the attachment. None of these work in other mail clients like MozMail, Eudora, ...
And the most recent versions of the MS clients also get rid of then known among these bugs.
So, upgrade or replace.
Being rid of that, you only need to teach them not to simply open every attachment that comes along.
Logged

All the buzzt
CornedBee

"Writing specifications is like writing a novel. Writing code is like writing poetry."
- Anonymous, published by Raymond

"This is how Liberty dies - with thunderous applause."
Senator Padmé Amidala - Revenge of the Sith

granite
Newbie
*

Stars: +0/-0
Offline Offline

Posts: 5


« Reply #12 on: March 18, 2004, 03:26:33 pm »

I have also had this same problem with no real success as of yet.
It seemingly targets windows xp machines on dial-up. They surf/email for around 10 minutes and then *poof*, they can't get email or webpages anymore.

Rebooting helps the problem, as does switching for a different OS, e.g. w98, win95
However for some customers this problem is perpetual, and the problem can repeat itself like clockwork. When a customer has a problem, they can still ping.
-they can't get email
-they can't get webpages
-they can't telnet

customers use a variety of programs; IE, OE, netscape, mozilla, eudora, hotmail, etc, etc.

some solutions we've tried
-turning off xp firewall (seems to work for some customers)
-wiping the hd, and ins XP and all patches all at once (we had to bring their cpu's to the office tho -pain in the butt)
-system restore (very unreliable, mixed results)
-scanning for viruses (none of them had a virus)
-examing dns server (we had some problems, but dnsreports says that we are ok now)
-examining ACL on routers (has ports 3127-3198 blocked, also 4444, 135 and 69)
-opened cases with cisco (they assure us the routers are ok, ACL's are ok)
-monitor the blocked traffic on routers (changed between permit/deny... problem still happens)
-segregating the dial-up traffic into 2 main vlan's (still working on this though, haven't implemented it yet)
-had one computer (xp) dial-up nightly, with zone alarm active, xp firewall disabled and alerts and logging set to maximum (currently doing this, night 1 of 14)

things we'd like to do
-install a newer high-speed switch -cisco catalyst
-packet sniff with a redhat linux box using etherreal (default settings) for ~6 hours


Any Help Please!
 bye1
Logged

Beacon
Monster Poster
*

Stars: +0/-0
Offline Offline

Posts: 1509



WWW
« Reply #13 on: March 22, 2004, 01:37:03 am »

supagirl and granite view granites post:

Logged

the future's for discovering the space in which we travel in

Pages: [1]   Go Up
Print
 
Jump to: