blackhawk

Once upon a time, deep, deep in the forest......

Called by a client. His cable Internet is down. Called the cable company and they sent a tech(ha ha). The tech disconnected the router, bypassed the Ethernet card and went USB to the cable modem. Replaced the modem and ran new wires to the modem. Worked for two weeks then NO GO. From a distance I was guessing either a bad NIC or malware or a combination of both.

Arrived on the scene and hooked the cable modem to my laptop and it worked like a charm. Rule out the cable modem or the Internet connection. Attach the Ethernet cable (that worked) from the PC's Ethernet card to the router. NO Link light and no error message. Unable to get IP address, the request is not supported. Contact your network administrator. blah, blah, blah.

Replaced the NIC and still no go. Installed Hijackthis and was unable to run the program.. Got a message there was no spyware and the system was clean, sure and I still believe in Santa Claus and the Easter Bunny. Booted into safe mode and ran HJT and found we have Worm_Sober.AC . According to Trend Micro:

heatwave

Most likely winsock needs reset do this if they have XP SP2 (new command)

netsh winsock reset

blackhawk

I thought about that, but I did not have any of the symptoms when I looked at the Microsoft site. Since I can't get even get an IP address from the DHCP server, fixing the winsock is the least of my concerns right now.

vega55

I would try installing a packet sniffer like ethereal and disabling reabling the NIC and watch the traffic. You could see where the problem may be. i.e. if you see the DHCP requests going out but ignored or they come back as normal but nothing happens on the computer side or the DHCP requests never go out.

I wish I had more time but we just got in a new IDS and I have to RTFM. I will check back in a bit.

heatwave

Um not sure what microsoft document you read but the one in the link shows that the corrupt winsock will prevent it from getting an IP address and possible symptoms showing errors. the corrupt winsock will keep it from getting an IP address (says this right in microsoft document), . There are several symptoms of corrupt winsock sometimes you get an APIPA address sometimes you get 0.0.0.0 sometimes you get the errors,sometimes with a static it can send fine, sometimes it can recieve but not send with static. (Im really getting sick of posting this) It takes about two seconds to type the command and see. or you can spend half the day rebuilding the PC without ever trying LOL! (personaly Ive always been salaried consultant so like to fix fast and go hang out) up to you. and if the winsock is corrupt it is unpredictable which is why microsoft has "possible symptoms" and not all symptoms.

blackhawk

Well I have CD full of removal and stack fix tools. Going back on Monday and I will let you know how it goes....

blackhawk

Fixed the IP stack

Fixed the Winsock stack

Re-installed TCp/IP

Still no go.

Re-installed Windows into a seperate directory so I would not have to wipe out his HDD. No IP address obtained. Tried a known working cable and my laptop works on the cable modem so it's the PC.

Any more ideas, I'm fresh out.....

heatwave

My cable modem was set up to authenticate the mac address of my NIC card. It could be hooked to my Linksys router, but I had to use the setting that makes the firewall impersonate my PCs card. In order to eliminate the need of sending techs on location all the time, I would imagine the cable modem has technology to bind itself to different mac addresses. If it has identified the notebook mac address as its valid one, I would expect the symptoms you're seeing.

Consider going the annoying route of powering everything down, bringing up the modem until it's authenticated and the lights stop flashing. Then bring only one connected pc online. Its worked for me in the past. Although I chose to login to the router and clone my mac address, before doing the power cycle. Modem recognized the valid mac address and everything worked like a charm.

vega55

I found this regarding replacing tcpip.sys
It mentions downloading it, so I assume it's available somewhere.
I don't know if this article is particularly relevant, but there may be others around there as well

blackhawk

Fixed the IP stack

Fixed the Winsock stack

Re-installed TCp/IP

Still no go.

Re-installed Windows into a seperate directory so I would not have to wipe out his HDD. No IP address obtained. Tried a known working cable and my laptop works on the cable modem so it's the PC.

Any more ideas, I'm fresh out.....