I have a problem with something or someone trying to mess with one of the three computers here in the house that are connected to the internet via a D-Link DI-614+ router.

Every time I plug in the Ethernet cable the mouse will freeze and the keyboard will not function. I have reformatted the drive and reinstalled XP-Pro and all is fine until I plug in the line to the router then the same thing happens, mouse is froze, no keyboard. If the system is left on for a long time then a StickyKey message comes up.

I quizzed my son about his surfing habits and he admitted that he had been to some questionable sites, and I suspect that this is where he “got the problem”. I am at wits ends to figure out how to fix his computer as it cannot be used for Collage work as is without internet accessibility. I looked at the user accounts in the control panel and was horrified to find an account that was password protected that we did not install after a clean install of XP and after the machine had been connected to the internet long enough to do a download of XP updates and AVG definition updates. I deleted it without thinking to copy the info but remember it had .net in the title.

For some time previously I had the computer in the “De-militarized Zone” to allow Counterstrike Source to operate. I have since reset the router to the factory default settings and upgraded the firmware.

Can someone please explain what is happening and how I can prevent it? Any help will be appreciated, both help with the computer and kicking my son's tail. :(

Anything in Event Viewer, sounds like a possible hardware problem, possibly the NIC

Mike

The .net account is normal, that's installed by the Microsoft .NET Framework.

Try doing a full zero fill on the hard drive, then start again from scratch.

The .net account is normal, that's installed by the Microsoft .NET Framework.

Try doing a full zero fill on the hard drive, then start again from scratch.


I did GLC, but it came back as soon as I plugged in the cat 5 cable. I even tried unplugging the modem so just the router was operating and the same thing happened. We were able to get it to operate long enough to get most of the XP upgrade/security patched done.

This morning I reviewed the router settings and changed my ISP password, installed Zonealarm and crossed my fingers.....so far so good.

Are you using WPA or WPK (I think, don't quote me on that) encryption on your router? If not, I strongly advise you do so or else anyone can connect to your network.

Also as another step you could use mac address filtering and then enter the mac addresses of all the PC's you have in your house that connect to the router, and then no one else can access it.

You zero filled the hard drive, reinstalled XP, and it froze immediately upon Ethernet connection to a router NOT connected to the Internet? That's a hardware problem - bad NIC or driver most likely.

Note I said zero filled, not just reformatted.

Jimmy, yes I'm using encryption but until I need it I also have the wireless disabled.

GLC, I used a program from the Ultimate Boot Disk to fill the hard drive. It ran all yesterday with the side cover off and no problems (Antec Sonnata case) so today I'll put the cover back on and see what happens.

I went in to the device manager portion of control panel and installed a driver specific to the ATI X800GTO video card he has. Another device that had a yellow "?" was for a "mass storage controller" that I let it "search the web this time only" for a new driver that it installed, and all conflicts were then resolved in the device manager.

If nothing else this has been an eyeopening experience security wise as I always felt secure behind the router and XP firewall......I'm not so sure now. I keep wondering at all the alarm that ZoneAlarm (free firewall) throws up like (192.168.0.102:1199,209.86.66.95:445,TCP (flags:S) blocked) as I thought that 192.168.0.102 was one of my three computers on the router. I set the range in the router from 192.168.0.1.100 to 192.168.0.1.103 this is space for 4 the last for my oldest Son's laptop when he comes to visit ( just have to enable the wireless in the router then).

Thanks so much for all the help you have all given....it is appreciated.

Have a very Merry CHRISTmas ;) and a Happy new Year too!!!

Anything in Event Viewer, sounds like a possible hardware problem, possibly the NIC

Mike

Looks like Mike diagnosed it first and GLC later confirmed it here

"You zero filled the hard drive, reinstalled XP, and it froze immediately upon Ethernet connection to a router NOT connected to the Internet? That's a hardware problem - bad NIC or driver most likely."

I went and purchased a new D-Link Ethernet card, and after wrestling with the computer during the install for a while, before getting out the motherboard manual. There I realized I could disable the on board LAN in the BIOS, I was looking in the manual for a jumper :o LOL.

I sure hope this is the end of it all. Now to get things back to operating normally.

Once again thank you everyone for your help.

If nothing else this has been an eyeopening experience security wise as I always felt secure behind the router and XP firewall......I'm not so sure now. I keep wondering at all the alarm that ZoneAlarm (free firewall) throws up like (192.168.0.102:1199,209.86.66.95:445,TCP (flags:S) blocked) as I thought that 192.168.0.102 was one of my three computers on the router. I set the range in the router from 192.168.0.1.100 to 192.168.0.1.103 this is space for 4 the last for my oldest Son's laptop when he comes to visit ( just have to enable the wireless in the router then).


So I got a bit curious and decided to investigate 209.86.66.95, looks like that belongs to barefruit.com. Are you using Earthlink as an ISP? See this thread to learn more if you're curious:

http://www.dslreports.com/forum/remark,16763566

Yup, he is (mods can look at IP's).

I'd read part of that when I googled some of the earlier ZA alarms Floppyman. And to answer your question yes my ISP is Earthlink. I guess I still don't quite know what to make of it. On the one hand it does seen to stop Phishing.

Thanks for posting that - I just switched to the alternate DNS. I hate that page.

RATS!!! The problem is back. Now it happens even without the Ethernet cable plugged in. I am wondering if there is not a motherboard problem, perhaps with the keyboard controller.

The dang thing would not let me even get into the BIOS setup. I finally remover the battery and jumpered the CLRTC to clear everything then started back from ground zero. I was able to get into the BIOS (had to reset the system time, disable the onboard LAN etc) While the system was off I blew out dust and crud as best I could....I am not real fond of the Antec Sonota II case as I can not get to the back of the motherboard to blow out any crud from there.

On reboot all went well. I took the time to reinstall ZoneAlarm and check that the XP firewall was off. Scanned the machine with the free Symantec scan which came back clean, and did a scan with AVG that was clean also. Two spyware threats were found and cleaned by SuperSpyware, and some neglegable threats found by Lavasoft's SE Ad-Aware and removed.

Im using my son's machine as I post this just to try and see if I can get it to duplicate the problem. I HATE intermittent failures that make it hard to diagnose what is really happening.

glc wrote "Thanks for posting that - I just switched to the alternate DNS. I hate that page."

Was that directed to me glc? or Floppyman? I'm considering blocking that range of IP addresses in my router if it's a big deal. I'm not sure it is though.

It's not a big deal - it just explains why ZA is telling you the computer wants to connect to that IP.

I switched my homepage to Google about two months back because of this re-direct.

I only seems to happen (to me) when using MSN search engine.



-Kev