Network, Virus, Norton or XP Problem?

[wackyjackie]

Hello all, I havent posted on here, but this has been one of my regular sites for obtaining information for several years now.

I'm sure somone on here must know how to fix this:
here goes: Windows XP Home (Server herein referred to as "purple") had a Plutospy trojan,before that a backdoor trojan, Windows 2K computer (hereinafter referred to as "Kitchen" had some backdoor trojan and another WinXP system (hereinrefered to as Kids' computer) also had a trojan. There is another computer on the network (I'll call Ruth's) temporarily connected to the network with WinXP which I swapped the network card from a networked computer, I'll call OFFICE 2(this is currently disconnected) All are connected with Linksys cards and Purple is the Server on the cable modem.

Here's what I did:
1) removed Pluto spy according to microtrend.com's site from PURPLE (minus a few files I did not find that they suggested I remove)
2) Win2K computer -After attempting to install Norton Internet security 2003 over 2002, system wouldn't boot in normal mode nor uninstall, so I manually uninstalled Norton Internet security 2002 and Norton system works according to symantec's web instructions. I installed Norton Internet security 2003 and SYstem works 2002 on Kitchen (win2Kpro).
system was running but only connected for Liveupdate.
3) Installed Norton internet security on PURPLE. Changed all the settings to allow each IP address access, etc.,
disabled XP firewall. (5 minutes after installing it blocked a "deep throat" trojan)

The network stopped working so I

4) uninstalled Norton internet security 2003 from Purple and still no other computers can connect.

The computers on the network, KIDS, Kitchen, & RUTH cannot access the internet but they can access the network.
I tried setting up new internet connection on RUTH but it cant find a connection. Purple is allowing internet sharing. I tried setting up a new network on Purple but got an error. I have not changed any of my network settings as it was a nightmare getting them running to begin with!

Could I have a Network Virus?

(I've run checks from Norton program and trendmicro.com's web site directly but nothing turned up. I cannot run on-line checks on the others as they are not connecting to the internet, but I ran Norton 2003 on Kitchen (2K) after installed KIds has Norton internet security 2002 with Norton System works 2002. All my computers have current windows updates.
Other software that is on most systems is Spector Pro (spyware) running in stealth mode (have 3 teenagers!)

The reason I started investigating to begin with is that my networks stopped working and had to be reset every couple of hours and Purple started bugging out, really slow

ipconfig on purple only shows the purple and the internet connection, nothing else.

Also noticed after all this that my 60gg Slave drive is not being read by xp and it asks to format it. This drive is 99% full.

Norton Internet security 2003 does not support windows 2k(Kitchen) but advise you to start it manually as a workaround. Could this be what messed things up?

Some "good" advice would be appreciated before I spend hours investigating....

and yes, I checked all the plugs, connections, etc, all the basic stuff....

Jackie

[glc]

What a mess.

1. Get a router to share your cable modem.

2. Uninstall Norton Internet Security on *everything* and use the tools available from Symantec to get rid of all remnants.

3. Rebuild all your network connections.

4. Search all 2K/XP machines for hosts files - that's hosts with NO extension and make sure they have no active entries except 127.0.0.1, localhost.

5. At a command prompt on the XP machines, type ipconfig /flushdns

6. Run all tools you can find to scan for viruses, trojans, and spyware.

[AlwaysUp]

As GLC says, get a router. And with that I have one frequently recommended here and other places that you may be interested in. A linksys 4port ethernet router BEFSR41 for $20 plus shipping. All documentation setup disk and original box included. The only reason I took this out of service is that I went with a wireless base station. Satisfaction guaranteed or money back. PM me if interested. Listen to GLC. He da man, where it comes to this topic and a host of others. Good luck.

[wackyjackie]

GL - yes what a Mess is right!

1. As for Router? I have a network Hub, not sure of the terminology but its a Linksys 5 port workgroup hub which is run from my computer (linksyscard) to other computers and to another Hub. My cable modem is only on the Main computer (this was to have full control over when anyone in the house can go on the internet, I just disable the network and boing, they are off line! (teenagers, ugg!)

---->If this setup is wrong, let me know, perhaps thats the source of some of my problems but prior to this the network internet connection has been running fine for more than a year.

2. I uninstalled Norton via symantec's instructions which was to tediousy remove each registry item, one by one. Perhaps I missed something here, I try to stay away from the registry.

3. I have run several on-line virus, spyware and adware programs and cleaned up a lot of garbage on KIDS computer (of course) I ran checks at PCPITSTOP on all systems and downloaded and ran Tune up Utilities 2003 several times.
As of this writing I am virus and security free!

I even tried zonealarm on Kitchen-W2K system but it crashed it so I uninstalled.

All network and internet connections are working again without messing with the network settings at all.

You suggest rebuilding network connections, please explain?

I will try your items No. 5 and 6 immediately.

I seem to think something is left on the Norton as I have reinstalled and uninstalled again, gonna do the manual removal next too.

---->currently reading blackviper.com site for registry suggestions.

Jackie

[glc]

Its easy to disconnect them with a router too - just unplug their cat5. The router will *replace* your hub. The cable modem will plug directly into the router, not your PC, and will handle all the sharing. You are currently using Internet Connection Sharing, which is not a very good way to do it.

[wackyjackie]

OK, If I set it up that way, does my network still work? I also use the other computers as a back up for my 160 & 60 HD on main and I have a network printer connected.

Will I lose my control over their internet use? My kids are bad, my sceensaver has to be set for 1 minute with p/w or if I walk out of the room, they sneak on and change my settings. (perhaps I've taught them too much!

What are the advantages and disadvantages of my swapping the setup?

(Perhaps this post needs to be put into Networking?)

Jackie

[AlwaysUp]

Router will make all your PC's able to browse internet at available bandwidth, will provide a NAT hardware firewall which will reduce your exposure to malicious attack and you can administer your connected pc's priviledges with a combination of OS and router settings. Good antivirus software is a must. Adhearing to common sense email recommendations such as disabling preview pane in Outlook, discarding emails with unknown origin or attachments. You know em! Just insist that if kiddies want internet....you all gotta share in the protection of your HomeNet.

[wackyjackie]

Yes, but can I still have my file and printer sharing? If I do set it up with a router, and they get a bad virus, can it reach the main?
--->ever try to gets 3 teen girls to be responsible? Ever try to keep a man off a porn site? They don't care! I need to control access from my computer which is not only p/w protected, the door is locked and the only key is around my neck! I don't want to be running from room to room giving and denying access. Its tough enough keeping up with the parental settings on AOL, I can deny access on aol but they can still access the internet, so I just disable the network while leaving myself still connected.

I have a husband (masters +30) who still clicks on his email, and says, "look - they haven't seen me for a long time", And its not like he just got his first comuter last week, he's been online as long as I have! (I give him kid access on aol too)! He actually believes that every spam is real, even my kids tell him not to click, so in actuality I have 4 kids I need to control!

Yes, I have security and do lots of regular scans with various programs. As for outlook, that's why I've kept AOL over 12 years, even paying for 2 accounts, because in those days AOL was always more secure and aol mail was never auto downloaded.

Convenience is a major factor for control, I am not dealing with adults (husband included)!

What would be the point of the router, anyway, if all is working well? (except for this Mess I'm in now and almost out of).

So you see, I have special needs, if this were a business setup, it would be different. I'd be interested in any setup which would require less work on my part, I was thinking of just setting up a server? Most of my cat6 wires are run throughout the house.

[wackyjackie]

Just unplug that cable? Not with my kids, won't work. They would figure that out in about 3 seconds. They are 13 and 14 and very swift on the computer, they could probably build one, I teach them well (lol)! With my setup, even when they break into my office, they can't get past my p/w which I change regularly.

My 14yr old can pick a lock in about 5 minutes, (switching to dead bolts soon)! When they were 3-4, I had to actually drill thru my refrigerator and put on a hasp and a key lock, nothing else kept them out! To make matters worse, they are very sneaky!

Can the router be disabled through software, just certain connections? Again, no one has answered if I will still have my Printer and file sharing, which is a must?

[lil Jimmie]

1 Get a router
2 Password the admin
3 block thier ports with the router settings.

YES, you still can have printer and file sharing with a router which is far better than a hub.

nite

[AlwaysUp]

Well said Jimmie!

[wackyjackie]

sounds good, can I block each system separately? That could work out even better!

All my wiring will work the same? I have cat 6e 550mhz and some cat 5e 350 mhz.

If I can block each system separately, I can cut them off based on behavior!

also, can I set up the router, lets say one connection for upstairs, then use network hub and just cut off all of upstairs. (I dont really care how fast they are connected upstairs) At least I would have peace of mind, as it is they sneak on (and outside) after I go to sleep!

[AlwaysUp]

Do it wackyjacky! Get a router and we ALL assure you that with a little patience and familiarization you will be able to do all that you have listed and better. Your present wiring will work just fine. The only step you need take is to research which router you want, how much you want to invest and do it. Good brands include Linksys,Netgear and quite a few others. Google "Fast Ethernet routers" and enjoy.

[glc]

I'd recommend a Linksys router - if you have 4 or less machines total, get a BEFSR41, if you have 5 or more, get a BEFSR81. This will be a *hardware* firewall, just plug each machine's CAT5 into the router. For security the way you want, you would disable DHCP in the router for the LAN side and assign each machine a static IP address. In the router admin (which is Web-based and is password protected), you can selectively turn each IP address on and off, blocking Internet access, but your LAN will still totally work. Download the manual for the BEFSR81 and read it, see what you think.

[wackyjackie]

OK, you talked me into it, I'll get a router. I definitely have more than 4. I have about 4 now and most wiring done for 4 more, so I'll check out my options.

Is there a major price difference for more than 4?

Would my network printer plug directly into the router, thus using another port?


If the router is a hard firewill, do I need to run a software firewall too? can I then disable it?
--------------
My current status is
All systems are up and running, ran just about every check you can find and found some garbage.

Norton Internet security 2003 is not compatablie with Windows 2000 and Networking - that was a large part of my problem. On that computer, I dont allow Norton to start on startup, there is a conflict with the network startup and Norton startup. Symantec gives you information, but does not support Norton 2003 with W2k and Networking.

--So as long as all is up and running, I will research the router.

Thanks for all your help

Jackie

PS: I'll let you know when and what I get, I'm sure I'll have a few kinks.

[glc]

The Linksys BEFSR81 8 port has QOS (i.e., it has more management functions), it's worth the extra $30. As I said above, you can selectively shut Internet access off on a machine-by-machine basis. If your network printer has an Ethernet print server, it can plug directly into the router just like it would plug directly into a switch/hub.

[wackyjackie]

GLC, I have blindly taken your advice and I got the Linksys BEFSR81! Normally I would have researched which one for a few weeks first! I'll Let you know how it goes.

Jackie