Help needed for internet connection problem before I start chucking stuff

[[1ponders] (Paul)]

Yes it is and after running it nothing was found, though it did recognise the ntoskrnl.exe file in the root directory. And I ran a full Spybot and Adaware but nothing there.

I've blocked ntoskrnl with the firewall, and I played around with a few other things. Unfortunately now the whole damn thing has crashed somehow. I'm going to leave it for the weekend and try again Monday as I won't need internet connection with it until then. Plus the frustration has reached eyeball level (ie I've had it up to....here)

Thanks for you help Eric. If it's ok with you I'll give yo a holler on Monday maybe.

[acropolite (Phil)]

Ponders, this link may be of help. It seems that there are some trojans/viruses that modify the ntoskrnl.exe. If that's not your problem I would do some google searches as there are a lot of problems that effect the ntoskrnl.exe file. Another option is to load Ethereal (downloadable) which will analyse your IP traffic and may give a clue as to where your web browser is trying to access.

[[1ponders] (Paul)]

Thanks Phil. I'm going to leave everything until Monday now as I'll be a Ron's all weekend. Plus I'll be able to look at the problem with fresh eyes

[EzyStyles (Eric)]

Try other anti-virus if you can . AVG definition might not have it.

[wasyoungonce (Brendan)]

yep, ntoskrnl.exe is a boot process and should not be asking for access to the net if it is it is a virus:

http://www.liutilities.com/products/...rary/ntoskrnl/

w32.bolzano or variant virus.

http://service1.symantec.com/sarc/sarc.nsf/html/W32.Bolzano.html

this tool at symantec might help:
http://www.symantec.com/security_res...146-99&tabid=3

edit again. 1ponders i also have aanet and am using the netgear modem, 834G although i'm not using the wireless link.

[netwolf]

Paul, I would bet that its your Sygate firewall. As such i am not sure why you have this if you have a router modem it alredy should provide you with a firewall . I know some people reccomend a firewall on the PC also but its not realy necessary. I would further say that perhaps Sygate has recived an update that is causing the problem. Otherwise you have perhaps unknowingly answered a popup question by Sygate that is causing the issue.

If no issue exists when Sygate is disabled then that would be the most likely source of the problem. In my humble opinion.

Regards

[Dennis]

Quote:

Originally Posted by netwolf

Paul, I would bet that its your Sygate firewall. As such i am not sure why you have this if you have a router modem it alredy should provide you with a firewall .
Regards

Hi Netwolf

I use both the Router firewall (HW) and Norton Internet Security firewall (SW) simply because I can configure the SW to allow or prevent applications accessing the internet, something that I think is not possible with the HW firewall?

Cheers

Dennis

[netwolf]

Dennis,

You are 100% right one of the benifits of the local PC firewall is to filter outgoing traffic. And I did not mean to advocate disuse of it. Most home modem/Router based firewalls only protect you from incomming traffic. This outgoing filtering helps in protecting one from malicious code that you unwitingly allow to run on your system that feeds back information from your system to an outside IP. Steve Gibb's the security guru very aptly demonstrated this using a simple program he asks you to download and run that makes a ftp connection and notifys you of a leak. The point he is making is that the software made an outgoing connection without your permission. Normally you do want to use FtP but you want to specify when wher and to whom.

Usualy such malicious software is aptly named Trojan horse, as per the greek myth it is let in unwtingly by the user. However such software can also be disabled by most modern malicious malware that is created to detect such software and disable it calling into question its usefullness. In Paul's case i do not mean to advocate the disuse of Sygate, but rather to point out that it is the casue of the problem.

I belive that Paul's problem lies in the Sygate software rather than his network setup for the following reasons:
1. He can use internet with it disabled.
2. He can talk to other computers on his local network while it is on or disabled..

The above two would indcate his network settings are not the problem.

One issue most common with home modem routers can be DNS forwarding. Usualy the DHCP server on such Home modem routers is set to make itself the DNS server for PC's behind it. Basicaly the PC's send DNS request to it and then it pases to the DNS Server provided by the ISP to the modem/router.
I have found that its usually better to make your DHCP Server set DNS on internal systems to the ISP provided dns servers. AS this forwarder can often get overloaded and stops working in many of these home modem routers.

But if this was the problem or if there was another network config issue, then his Internet connection would not work when his local Sygate firewall was disabled.

Regards

[[1ponders] (Paul)]

Well I ended up chucking something - Sygate. After uninstalling it and reinstalling it and still having problems, I decided to pitch it and give ZoneAlarm a go.

So far all systems look good Fingers crossed I've finally got it sussed.

I still have to check out that possible virus issue though

[[1ponders] (Paul)]

I don't know if this is an update on an existing problem or it's a whole new one. Someone here might be able to tell me if the two are connected.

This morning I got a phone call from the helpful people at Westpac credit card security. It appears someone tried to spend $500 US on my credit card at 04:00 this morning There is no drama now as the payment has been cancelled and an investigation is under way. I've checked the usual likely scenarios of having the CC info compromised and it all seems clear atm (my investigation is ongoing).

However I am wondering if my info could have been sent from my computer if my firewall was not functioning. I stopped using Sygate for a while, and I hadn't as yet installed ZoneAlarm to monitor outgoing traffic and I'm wondering if during this time this bolzano virus (if I have it - still looking) or some other malware may have sent my info out.

Is this possible or am I totally barking?

[RB (Andrew)]

Paul a month or so ago I had the same thing happen to me.
It was on my cc which I also use for PayPal.
I've cancelled both now.

[[1ponders] (Paul)]

It's not the sort of morning wake up call that I would normally ask for, but all things considered I'm glad they called

I'll certainly be looking at how I conduct my online purchases more closely now.

[Dennis]

I had a similar occurrence. The CBA ‘phoned me saying that some “Family Tree” organisation in the USA has tried to debit our CC for $40.00 so the card was immediately cancelled. It seems that in this crime scenario, they go fishing for small amounts and if they get away with it, they’ll start hitting you for larger and larger amounts.

I would imagine that your number was obtained from poor data handling practices at an overseas supplier, a dishonest employee, bank stuff ups (a US bank once lost storage media containing 3,500,00 CC transaction details) rather than someone breaking into your computer? Just guessing here.

Cheers

Dennis

[[1ponders] (Paul)]

You could well be right Dennis. I'm generally very careful about how I carry out Online transactions, but this has certainly been a wakeup call. I'm in the process atm of going over my various computers and checking that all security/adware/spyware detection is uptodate and funtioning.

[SMR (Steve)]

Quote:

Originally Posted by EzyStyles

go into your adsl modem interface screen and enable DHCP. Assign each computer with an IP address eg comp 1: 10.0.0.2 comp 2: 10.0.0.3 .

Sorry, Eric, but this doesn't make sense. If you enable DHCP, each computer will be assigned an IP address by the router. If you manually assign IP addresses to each computer, you don't need (and aren't using) DHCP. It's one or the other, mate.

Steve.

[netwolf]

SMR,
I think Eric, is talking about DHCP assignment using MAC addresses. I use this to ensure only the MAC addresses i have on my network can get IP's. DHCP allows for IP assignment be MAC address. It usefull if you want to have your PC's get the same IP everytime, this makes port forwarding easier.

Regards

[SMR (Steve)]

Quote:

Originally Posted by netwolf

I think Eric is talking about DHCP assignment using MAC addresses. I use this to ensure only the MAC addresses i have on my network can get IP's. DHCP allows for IP assignment be MAC address. It usefull if you want to have your PC's get the same IP everytime, this makes port forwarding easier.

Sounds logical. Thanks!

Steve.