Router Problems & Startup

[Sessional]

I have a 2.2Ghz athlon by emachines about 1-2 years old with ZoneAlarm basic firewall installed to run on startup. The ZoneAlarm firewall has been trying to initialize for the past 10 minutes. Every once and awhile it will hide the "Please stand by..." dialog and then it will pop back up within the minute. I'm pretty sure I have the latest patch, but if that is the top suggestion I will go check to see if I do.

Now, onto my router problem, there is around 15-20 sites that I can connect to all the time, but sites like www.runescape.com and www.cnn.com can't load, except for in odd instances where they load for around 20 minutes then die. This has been going on/off for the past few days. At first I thought it was just my ISP, but pinging blackhole.com returns an average ping of 53ms.

Battle.net connections will NOT let me download any maps I do not currently have. At first I thought it would be the wc3 ports I forwarded for hosting, but I removed those and am still having the issue.

Look at that, ZoneAlarm is still going and I didn't start typing this until the first 10 minutes.

Thanks in advance,

~Sessional​

 

[enouwee]

First, the basic questions:

• could you please confirm that your router is indeed acting as router and not modem? If so, is your router set to establish a connection on demand or is it always on?
• did you check that your PC isn't infected by some kind of malware, that altered your hosts file or modified other funny stuff?
• did you find any error messages or other suspicious things in the firewall logs?

As for possible causes:

1st guess: it's the firewall
Don't do this if you router is actually a modem: Try accessing the sites without ZoneAlarm running. Only forwarded packets should reach your PC, so you're not really at risk.

2nd guess: it's the maximum packet size
Try sending some ICMP packets to another server (www.google.com or whatever you like).

ping -n 2 -l [I]<SIZE>[/I] -f <your favorite victim>

where SIZE is one of: 1000, 1400, 1410, 1460, 1500, 1520

Starting at which value does it say: "Packet needs to be fragmented but DF set"?

3rd guess...
Might need a packet capture while you're trying to send a request to one of the sites not working correctly.

 

[Sessional]

>>could you please confirm that your router is indeed acting as router and not modem? If so, is your router set to establish a connection on demand or is it always on?
>It is always on, because my dad has all 3 of our computers networked together. I thought it was a router.. But who knows! Actiontec: Wireless-Ready DSL Gateway, you determine for yourself.
>>did you check that your PC isn't infected by some kind of malware, that altered your hosts file or modified other funny stuff?
>I just got a message from norton that I have a trojan that couldn't be fixed... If you'd like to help me with that problem too, that would be great. Forgot to get the info from the norton message.. =/

>>did you find any error messages or other suspicious things in the firewall logs?
>How Do I check those?


As for possible causes:

>>1st guess: it's the firewall
Don't do this if you router is actually a modem: Try accessing the sites without ZoneAlarm running. Only forwarded packets should reach your PC, so you're not really at risk.
>Okay, that fixed CNN.com, but now I can't get onto clanieb.2fear.com, a redirection link. The real one doesn't work either.

>>2nd guess: it's the maximum packet size
Try sending some ICMP packets to another server (www.google.com or whatever you like).

ping -n 2 -l [I]<SIZE>[/I] -f <your favorite victim>

where SIZE is one of: 1000, 1400, 1410, 1460, 1500, 1520
>Do these work in Cygwin? and is the favorite victim www.google.com or something?
At google.com I get the error message thing at 1500.

 

[enouwee]

>It is always on, because my dad has all 3 of our computers networked together. I thought it was a router.. But who knows! Actiontec: Wireless-Ready DSL Gateway, you determine for yourself.

Yes, that's a router. All PCs are connected to it or use wireless, right?

>>did you check that your PC isn't infected by some kind of malware, that altered your hosts file or modified other funny stuff?
>I just got a message from norton that I have a trojan that couldn't be fixed... If you'd like to help me with that problem too, that would be great. Forgot to get the info from the norton message.. =/

Yay. I'm not really into Windows malware business anymore. Find more information on it and, if possible, a specialized removal tool. At least one AV vendor should have one. You may delete it yourself, after making sure that the whole system remains usable (the AV description will tell you this).

>>did you find any error messages or other suspicious things in the firewall logs?
>How Do I check those?

I don't know. I have two hardware firewalls protecting me Isn't there an obvious "Show Firewall Logs" somewhere?

>Okay, that fixed CNN.com, but now I can't get onto clanieb.2fear.com, a redirection link. The real one doesn't work either.

I have some connection problems myself, but I can't get the other site to work either.

At google.com I get the error message thing at 1500.

Great. It's not an MTU problem then. Might be solved after removing your trojan.

 

[Sessional]

Okay, trojan data:
Source: C:\WINDOWS\system32\tdrxvdeo.dll
Click for more information about this threat : Trojan Horse
I guess I'll just use there way of removing it? Well, I checked the logs, and for the last week that was the only virus/trojan data showing up.

All computers are connected to my router all the time.

 

[enouwee]

Okay, trojan data:
Source: C:\WINDOWS\system32\tdrxvdeo.dll
Click for more information about this threat : Trojan Horse
I guess I'll just use there way of removing it? Well, I checked the logs, and for the last week that was the only virus/trojan data showing up.

Make a backup of your registry before tweaking it!

The Symantec site provides generic instructions, which apply to all malware. Try some real antivirus, rather than that Symantec thing (if you paid for it, get at least one other scanner):

• Avast: http://www.avast.at/download.htm (Home edition is free for use personal use, they require the sacrifice of an email address to their registration god thou)
• Kaspersky trial: http://www.kaspersky.com/trials?chapter=186685140
• insert your favorite here (AVG, Panda, ...)

These might tell you exactly which malware you've got installed and provide a removal tool or better instructions.

 

[Prometheus]

http://www.ccleaner.com/
Try that to remove the trojan.

 

[Sessional]

Alright, thanks for the help guys, that fixed my problems.