I’m having a really, really weird issue with one of the Windows 7 laptops in our office.
When it connected to our office network (either by WiFi or cabled connection), everything except browsing the web works fine. It can receive emails via Exchange, initiate VPNs, copy files, connect to network resources, it can
ping websites (like google, etc),
nslookupis fine. But if you open up a web browser, forget about it. Everything just times out.
If I connect the laptop to our guest network (which sits on an isolated vlan, but uses the same gateway as the office network), everything is fine (except obviously you can’t access office network resources).
Sometimes the problem goes away after a restart, sometimes it doesn’t. Sometimes it goes away on its own after 24 hours, sometimes it doesn’t.
A wireshark trace looks like this:
A firewall trace looks like this:
The interesting thing here is that I’m attempting to connect to
http://www.google.com.au directly (which is the home page of the browser). Its IP addresses are:
Name: google.com.au Addresses: 126.96.36.199 188.8.131.52 184.108.40.206
These are not the IP addresses showing up in the firewall. The IP addresses in the firewall line up with
Name: google.com Addresses: 220.127.116.11 18.104.22.168 22.214.171.124 126.96.36.199 188.8.131.52 184.108.40.206 220.127.116.11 18.104.22.168 22.214.171.124 126.96.36.199 188.8.131.52
wget looks like this:
C:\Users\mark.henderson>wget google.com.au --2012-05-18 08:49:39-- http://google.com.au/ Resolving google.com.au... 184.108.40.206, 220.127.116.11, 18.104.22.168 Connecting to google.com.au|22.214.171.124|:80... failed: Connection timed out. Connecting to google.com.au|126.96.36.199|:80... failed: Connection timed out. Connecting to google.com.au|188.8.131.52|:80... failed: Connection timed out. Retrying.
This is just really, really weird. It’s isolated (at the moment) to just this machine, regardless of which network port or IP address it has. Any ideas?
If the problem is malware related, the simplest way to solve it is to run ComboFix, which is basically just a bunch of malware removal programs bundled into one. It’s pretty much the antimalware equivalent of carpet bombing everything.
Note: While I personally have no bad experiences with it, ComboFix is extremely aggressive and can end up making things worse. Generally I only use it when other software fails me.
No related posts.