Windows xp will only connect to the internet in safe mode w/ networking
 

I've checked the router and modem, tried disabling norton 360, did a rootkit scan and system scan, got zeroaccess out of there, but still no dice.

WTF? any help from the gurus would be appreciated.

so...

Are you trying to get it to connect to the internet in normal mode? Are there other things it's not doing properly? Presuming this *is* the case, what is it doing when you start normally? What kinds of errors are being reported?

Did you try the following?
 

Open up a Command Prompt (start -> all programs -> accessories -> command prompt) and enter in the following:

netsh winsock reset

hit enter after that.

That resets the network stack.

That reset the network stack, but still no connection.
I get
"Windows could not finish repairing the problem because the following action cannot be completed: Renewing your IP address"

Checked network adapters
did a few safemode system restores to a week ago, and ran NPE,

I'm not seeing tcp/ipv4. I'm only seeing tcp/ipv6 and tcp/ip. not sure if that is relevant.

can you run ipconfig /all from safe mode?
 

Can you run ipconfig /all from a command prompt in safe mode and tell me the IP?

IP address 0.0.0.0
subnet mask 0.0.0.0
IP Address fe::213:72ff:fec4:99c2%4

I ran ipconfig last night as administrator and got this variant

fe::213:72ff:fec4:99c2%5



I managed to remove zeroaccess!inf2 and zeroaccess!kmem, and reinstalled all my drivers. I first tried to drag the file (netbt.sys) into the trash, but it would re-appear seconds later. I tried over writing it and the same thing would happen. I tried delete on boot and it would be back. finally, I managed to remove it and as far as I could tell all its friends while in safe mode. I ran norton scan again and it showed up as all clean, I used search everything to check the drives and none of the files remained. it seems all clear now as far as zeroaccess is concerned.

Still having connectivity issues though.

Also still getting the can't connect to RPC, I went an made sure autoconnect was checked.

What happens when you try this in Safe Mode:
From the command prompt type:
ipconfig /renew then hit enter
ipconfig /flushdns then hit enter


Also, are using a dynamic (supplied by your ISP and changes every time you restart your machine) or a static (always the same, all the time) configuration for your IP?

nothing except >
Windows IP Configuration.

lately when I have been using cmd prompt nothing at all has been happening...

I'm about to try a system repair.

Do not change anything until important facts are obtained. Fixing without identifying the problem can exponentially complicate the problem.

ISO defines three relevant layers of communication. Start by defining what is happening at the lowest level (especially since IPCONFIG reported that as a potential defect).

An ethernet cable terminates at the computer and at the router. On the computer receptacle should be some lights. As the cord is disconnected, what happens to those lights. Repeat the same test on the router end. These lights will be on the front panel. Report those lights (and router model).

NIC's computer must talk with the router's computer. Those lights are reporting a conversation that you otherwise never see or know about. Are NIC and router computers talking? Do they talk both in Safe modem and when booted normally?

Next, go to Device Manager (obtained via Computer Management or Control Panel or Help). What is reported for the Network Adapters?

Do not try to change drivers by deleting software. First delete the device in Device Manager. And reboot. Or use Device Manager to Update Driver. But do not do that yet. First collect facts.

Helpful would be the manufacturer and model of that computer. Some manufacturers provide comprehensive hardware diagnostics to immediately solve such problems without all this sweat and confusion. Since Windows only tries to work around problems. But diagnostics seek to identify hardware problems even before you know the problem exists.

A diagnostic may also be available from the NIC manufacturer.

All this is about defining the first layer as good or bad. If the NIC appears good, then go back to Device Manager to update what should have been a perfectly good driver. Reboot. And report back what IPCONFIG /ALL reports.

I went out on a limb and just did a system repair and now everything is fine and the machine is running as fast as lighting.

Thanks for everyone's input and help.

fuck zeroaccess

Who / what is zeroaccess?

a Trojan of some note. Wiki has a good primer on it.

Good grief.

more

Good grief is right. Any word on whether Macs are affected?

And so it was found by the malware software? Or what?

Christ, fuck me running.

That sounds difficult, although not impossible, considering the participants .... (not to mention painful)

And (not to be insensitive, but ...) I still want to know whether this thing attacks Macs??

I think it is a windows thing, macs have their own viruses.

The link to the blog links to a very good removal tool. It actually found one, tiny little shred left behind and it also fixed all the messed up registry thingies.

I still have to re-install a few programs...

This computer I got smarter, and set it up so I never log on as administrator unless I'm changing something. The rest of the time, as a peasant, it's been helpful for the PC to demand a password before it will make changes. It's saved me grief several times when things were going on in the background I wasn't aware of. Sometimes it's not good to be the king. :o

But how did you know it existed or what it was?

I ran a deep scan with Norton 360 when things suddenly went strange.

Norton identified the trojans, and got rid of them but it did not find some of the malicious code and registry changes that the guy's software from Bruce's link found and removed.

All is hunky dory and I am taking a cue from Bruce this time, and I am also going to install all my programs on a separate drive or partition from my OS, making future possible system re-installs simpler.

Bruce gave some excellent advice. I myself do the same thing for security reasons. When I am fixing or updating things, I either use another account or switch to superuser mode. Whichever applies.

Now, if only I could get linux onto this laptop. SIGH
It is really frustrating to burn the .iso onto a CDROM and then put it into the drive and it refuses to recognise it. No data CD works, for that matter. But music and DVDs still work. So I don't get it. I'm going for a thumb drive from now on. :D

I do this on our desktop PC. Works well so far. No problems since I started doing it like 5 years ago.

On our laptop, I don't do anything special, but I don't care about any of the contents of the laptop. If I have to erase the hard drive and start over for any reason, nothing important will be lost. It's just a web surfing machine. It's the one I use if there's a link to a suspicious site and I think there may be a virus there.

My dad just gave me a 2nd laptop that he rescued from an electronics recycling drive up at the college. It had a pretty bad virus problem, but he wiped the hard drive and cloned a drive from one of his old computers onto it and gave it to me. I'm seriously thinking about putting Ubuntu onto that laptop. He was running Ubuntu on one of his machines and I played with it a little bit over the weekend, and it seems really easy to use. That might be fun. The kids could use that one.

Yeah, we only let the kids run in Linux. It's that, or refuse to let my stepdaughter touch the computer at all. She simply cannot stop downloading anime-themed music, wallpapers, screen savers, icons that she doesn't even know how to turn on, etc...

The best defense against these types of viruses that I have found is either Linux or Windows 7. Both of them are significantly more resilient than Windows XP, which admittedly is years behind on security technologies and had to be retrofitted to fix entire classes of issues in 2004 (quite badly, I may add).

The reason I say this is because of two factors:

1. Virtualization is now free. You can run VirtualBox for free and run XP in a Virtual Machine if you need to on Win7, Win8, or Linux. You can take "snapshots" so that if a VM screws up, you can roll back to a previous version in minutes. You can run XP, DOS, and all sorts of other OSes in a VM without screwing up your primary OS.

2. DOSBOX and WINE are now at a point where they will run your legacy software that would not run on Windows better than Windows XP or 7 will. You're SOL if you have older legacy hardware that requires you to hit the PCI or ISA buses, but it's easier to load up DOSBOX or WINE to run older DOS and Windows apps. DOSBOX runs on MacOS and Windows 7 too.

I used to use Windows XP on all my machines for years. I have 5 work machines these days. The only one that now primarily runs XP is a Dell Netbook that I use just to prove our encryption software doesn't kill PC performance. I dual-boot my Ubuntu laptop with it too. Windows 7 is just that much better for what I am using it for, and it's got the benefit of 8 additional years of security research built into it.

For what it is worth, Microsoft did get it right with Windows 7 64-bit and IE 9 in terms of overall security. It came at the expense of backward compatibility with 16-bit programs and older web apps, but the addition of newer tech fixes many issues. Linux has similar technologies (and I really think Ubuntu got it right there which is why I run it). Mac OS X only caught up to Windows 7 with Mountain Lion when they implemented ASLR technologies in their OS.