August 30th, 2012, 23:37 PM
Can't PING Vista PC, but it can see other PCs on network
Got hit with a virus for 1st time in a long, long time - that's what I get for seeing what it's like surfing without an AV!
Anyway, after cleaning up the mess (which was largely confined to the Trojan deleting a bunch of services and screwing with various security settings), I'm left with one nagging problem: I can see other PCs on my home network, and they can see me, but whenever they try to access my PC they get the good old "access denied". Further, when PING my PC from any of the other PCs, the PING just times out.
I've gone through all the usual stuff like resetting the firewall, running Combofix & SmitFraud (as well as Spybot & MalwareBytes), I've tried with firewall off and on, I've tried with MSE AV switched on & off, I've tried sharing the root of C: for "everyone" with full access - nada.
Let me be clear here: format / reload is out of the question. It's a 2-day process for me and I simply don't have the time or inclination to do it right now. The next format / reload will be to W7, and that only when I have a totally free weekend. So, there must be a fix for this sharing problem. I'm running Vista Business with SP2. All services appear to be running normally. All Windows updates done & checked. I did reinstall the .NET framework to try to fix this error:
The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
But although the reinstall (after using the .NET cleanup tool) was good, the error persists. Checking back through the logs, the error only showed up after the infection, so possibly there is a correlation with it all.
Additionally, I just found that while I can sync the computer with various servers using the manual w32 command-line, I can't sync the time via the control panel. I do have a full backup of the Registry from Sunday, but have not done a Registry restore on this scale before.
Last edited by Island_Boy_77; August 31st, 2012 at 01:19 AM.
September 2nd, 2012, 10:41 AM
Is your network 'Private' or 'Public'?
If it's Public try changing to Private.
Also go into the registry and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa. Look for a key called "restrictanonymous" and if the value is 1 change it to 0.
September 2nd, 2012, 21:51 PM
Hi Rev, thanks for the reply. No, the network is set to private. I can see / connect to both Vista & XP machines on the network, but they can't PING me (although they can see me). There's no key at all under LSA as you suggested. Should I create one? I did wonder if there is a tool that is capable of scanning the Registry / Windows folder in order to repair all things network-related? I've done an Rkill scan & sfc / scannow, both of which completed & fixed things. Funny that the sfc said there were things that it couldn't fix but I saw no "fail" message inside the cbs log. The Rkill scan did show that wpcsvc was missing - and indeed all the various bits relating to the Parental Controls were missing. Does Vista Business have these controls built-in? I tried copying what appeared to be all the relevant files off my wife's Vista Home Premium PC to the corresponding folders on my PC, but when I try to register the wpcsvc I get an error. So either those files I copied won't work on Business or I missed some. A shame there's no way to get Vista to self-fix.
The reason that a format / reload is out of the question (for now) is 2-fold: 1) It's a huge job that I have neither the time nor desire to do right now. 2) I use Freehand extensively, and I remember it was a mission and a half to get it activated 5 year's ago (when I migrated from XP to Vista) - I imagine it won't be any easier and possibly harder, esp since Macromedia has been dead for so long and Adobe aren't known for their speed in dealing with old software. Not using Freehand is absolutely out of the question. I do have 3 logs (scesrv, Rkill & CBS) that might be useful relevant, but I don't think posting screeds of that here is of much use (is there a way to "attach" such things?).
September 4th, 2012, 19:18 PM
You could create a new dword:
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa.
Right click Lsa and select New > DWORD Value. Name it RestrictAnonymous and set the value to either 0, 1 or 2 (see the list below). Save and reboot.
0 - Allow anonymous users
1 - Restrict anonymous users
2 - Allow users with explicit anonymous permissions
You could also try running CCleaner, it will tidy up the registry although it won't replace missing entries.
September 4th, 2012, 20:55 PM
Thanks for your reply. Now this is weird - this morning, the LSA key DOES have a pile of entries and sub-keys - incl the RestrictAnonymous (set to 0). Bizarre. I was able to connect to a friend's W7 PC across the network yesterday FROM my PC (and do a test transfer of a big folder - all ok), but he couldn't even see mine. Any other suggestions?
September 4th, 2012, 22:01 PM
What name is your Workgroup? Have you checked all the PC's are the same. If not, rename all to the same and reboot all.
Vista and Windows 7 default is 'WORKGROUP' but from memory I think XP was 'MSHOME'.
September 4th, 2012, 22:10 PM
Thanks. I just double-checked to make sure - all PCs are on WORKGROUP. I make sure that any PCs / laptops that connect to my network use both manual TCP/IP addresses & the WORKGROUP workgroup. Funny that I can see / PING / access other computers on the network (Vista, 7, XP), but they either can't see me at all, or can but can't connect. I note also that the printers I have shared that my wife uses aren't accessible to her either.
September 5th, 2012, 21:08 PM
Have you checked the firewalls on the client PC's they may be blocking the outgoing port to send the signal and closing it for the incoming return.
Have you set your firewall to specifically receive the client IP's.
How about a router reset and restart.
September 5th, 2012, 21:29 PM
No to all those. But when I turn the firewalls off at either end I still get the same result, so there's clearly something just not right about the file sharing setup on my PC now. The 3 services that refuse to start are of interest to me, but I don't know enough about them to know if their failure to start is significant in this case: NetMsmqActivator, NetPipeActivator & NetTcpActivator. I realise they are all connected to the .NET Framework, yet their dependencies are working, and a reinstall of the whole .NET Framework didn't fix the problem. When I do try to start any of the 3 I get Error 1075: The dependency service does not exist or has been marked for deletion. But the dependency is NetTcpPortSharing, and that's working (or it looks like it is). Of note is something I found yesterday: IE9 is installed, but Vista's Programs & Features list only showed IE8. To cut a long story short, I had 2 do a tricky manual uninstall of IE8, then reinstall IE8, then reinstall IE9 (as when I tried to over-install IE9 is said there was already a newer version installed). I thought that since IE has a lot to do with Windows security that fixing it might help, but it didn't.
Another thought: what about the account logon settings for various services? A few key ones I had to change from Network Service to Local Service to even get them to run. My knowledge in this area is very low, so I don't know what ramifications / flow-ons there are to fiddling with these logons. I'm wondering if by changing the 3 or 4 "key" ones I needed to in order to get my internet connection running at all if I've inadvertently screwed up outside access to my PC. Is there a way to reset ALL services back to their default logons? I do have fairly ready access to my wife's Vista PC - so although it would be laborious, I would be able to manually check every service (that is common to both computers) one at a time and reset as necessary. Thoughts?