So you think you're an expert eh...PLEASE HELP ME

[SRGONE]

Very long....sorry.

First thanks for opening this post...it's a good start. I am almost ready to commit a homicide with this problem that I have been working on for the last two days. I built a PC for my girlfriend about a year and a half ago, so I am her designated technical support. I have been in the IT world for about 6 years and am currenlty in network security. I have also been at a help desk and done level two support, so I am not exactly a beginner.

Onto the problem, my girl's mom and boyfriend had a Comcast cable modem installed about a month ago (we were broken up at the time, so I didn't do it). Anyway, he installed it and at first had some NIC problems that a technician fixed with a new one. Had been working fine until Saturday nite. Supposedly nothing changed since it worked and stopped. On Friday I found out that they had been running with no firewall, so like the security aware guy that I am, I installed ZoneAlarm Pro. Worked fine Friday nite into Saturday. Then they call me on Sunday and tell me they are having problems getting out to the internet. I walked the boyfriend through testing the connection a bunch of ways and sure enough he wasn't able to get out.

I ended up going there and removing ZA, still nothing. I reinstalled ZA and then upgraded it to see if it didn't get completly removed. The uninstall worked fine but still can't get out. Here is what I do know. She is getting a valid IP, according to Comcast, I released and renewed it a bunch of times and keep getting the same address. I removed the NIC and reinstalled the drivers, I tried a new NIC, I installed the modem directly to the PC via USB with the correct drivers. I have deleted TCP/IP and reinstalled it. I am able to ping her from my house, comcast swears there are no outages in her area. I am not able to get to the internet even using IP addresses. I TO tracerouting a bunch of sites, but do get a reply every so many hops but eventually just timeout. I have re-installed Win98 on top of itself (didn't have anything else with me). I even had her delete two files that are supposedly ZA's DB without any results. I really don't want to have to format it and start over, but may end up just doing that to ensure a clean start. It is just driving me nuts that I have been able to figure out every other problem that I have encountered except this one.

The one thing that still puzzles me and why I keep going back to ZoneAlarm is that even though I uninstalled it and went through the registry and deleted everything I found with Zone in it whenever I re-install it, it still knows the serial no and doesn't ever ask me to allow apps through. I have gone in and added them manually as well.

Thanks a million for any suggestions and a gold star for anyone that has the fix.

Sergio

[reboot]

Just a guess, but without a firewall in place for so long, have you tried an updated virus/trojan scan? I know there's a few that can totally mess up the TCP/IP stack.
When you say "Internet", do you mean just the browser, or are you including email, FTP, Telnet, etc...
Just exactly what works, and what doesn't?
If sites are timing out on a tracert, maybe it's Comcast's connection to the backbone that is in trouble, and it could be temporary. Like tracert will go 3 or 4 hops no trouble, but then start timing out.
Any speed tweaks installed, like stuff from DSL reports, or whatever? Anyone messed with RWIN and TTL?

[SRGONE]

Thanks for the quick reply. I haven't run any scans and her dat files are quite out of date. I'll try a cleaner for trojans and run a full scan.
I have tried a bunch of other means out to the world including, mail, AIM, Kazaa and I even tried to set up an MSN account using the dial up modem that was still installed. I attempted to connect, but after the handshake the connection drops. Nothings seems to work.

My initial thought was a Comcast routing problem or something, because I had a similar problem that just went away after a couple of days. They swear it is not their problem since she is getting an address. When I had the problem I was not getting an address. I did tell them to get a technician to the house tomorrow to prove that it is not their problem, but I don't want to look like an idiot when they come.

I did all of the installs on the PC and no tweaks were installed. The tracert goes to an internal 10. something address then TO, TO, TO, TO and then maybe another address that no one at Comcast knows what is and the more TOs. Keep the suggestions coming. Thanks

[pzs22]

Hey, just to make sure why dont you go into the services on that computer and make sure that it uninstalled zone alarms services. If it didnt, stop them and see if you can get out. Strange problem, you can pull an IP but no internet? Can you ping www.yahoo.com? If not, try pinging 64.58.76.225 (one of yahoos ip's). If you can ping the IP than u have a dhcp problem (which I would think would be due to zone alarm). I don't like to install personal firewalls on people machines that arent to computer literate. They only lead to problems. Get them a cheep router for the security they need.

[reboot]

Wait...what do you mean, "tracert goes to an internal 10. something...If you're not on a LAN, the first hop should be the server, not anything local.
If you're getting internal hops, then something is opening ports and running around in circles within the system, before going out the back of the computer.
You may be in for a rough ride sorting this out, and could be better off with a format/reinstall, then set them up with a cheap router, and AVG from www.grisoft.com to automatically update the virus definitions, and scan once every 24 hours.
This sounds more and more like a backdoor trojan of some sort.

[SRGONE]

As a matter of fact, I did try and ping Yahoo, both by name and IP. By name I get an unknown host and by by IP it just times out. I will double check the services to be sure. I really never had many probs with ZA since for the most part it is nothing but Yes No answers. I usually just configure it with good security but not to the extreme to interfere with their browsing. I will now reconsider my approach once I finally get this one resolved. Thanks for the reply.

[SRGONE]

reboot....when I tried a couple tracerts the first hop was to an address of 10.x.x.x. One of my coworkers told me that is normally an internal address. Forgot the exact address. The PC is not set up on any LAN and has a direct connection to the internet. I am going to try and scan for trojans and viruses when I revisit te PC (maybe tonight or tomorrow). It does sound odd. Thanks again for the input.

[kittyfire]

Zone Alarm does not uninstall nicely. I've had customers go through this hundreds of times. There's a nice big long document at the zone alarm site to uninstall it correctly. It sets itself up to hide in the registry in the event a virus tries to disable it. If you uninstall, those registry settings are still active. Those ports are still locked. You have to lower all the security settings completely before uninstalling then there's some clean up work you have to do behind it.

[catfishjoe_1]

My guess would also be a trojan. Try getting "Can't hide" from www.code-it.com . This is a scanner that tells you all active applications on your pc. I found a keylogger with it on mine. If you have a burner you might be able to get AVG onto their system with it. Some of the nasties that are out now . . . once they are on formatting is the only way to get 'em gone unless you want to jump through all kinds of hoops. You could (maybe) use a "clean" laptop and do a usb network type of connection and use the laptop to scan their pc.
cat

[kittyfire]

If you're getting a valid IP address and can't do anything on the net it's firewall related. If you need proof, go to www.visualroute.com, run the demo and trace her route. If it's a firewall causing the trouble, you'll get lost at the last hop.

I see the exact same symptoms you are describing every day. I will honestly be shocked if it's not just the firewall. I also hear, "but I uninstalled it," every day. You will connect. You will get a valid IP. You just won't go anywhere with it if it's not configured correctly or uninstalled correctly. It's got you locked in to the local host.

[glc]

Make sure there are no proxies enabled. Check the HOSTS file.

[Rick Hall]

I had problems with zonealarm when I first started using it.
You have to go to the ZoneAlarm site and uninstall Zonealarm exactly the way they tell you to. Then you have to remove any directories pertaining to ZoneAlarm. Then you MUST empty your recycle bin. Then you can reinstall ZA.

[SRGONE]

Thanks for all the help guys, tonight is the night I head over there and put on the rubber gloves. I am hoping to figure out the problem fairly quickly with all the help I've got. Thanks again.

[Dan]

this may not solve your problem but I thought it was well worth mentioning. Dump Kazaa, it's loaded with spyware. If you can't live without it, download the "lite" version, it has none...just don't let it "upgrade" (it will ask every time you open it).
I thik Rick Hall is on to somethig...uninstalling Zone Alarm is a tricky thing and like Rick says, MUST be done the way they tell you to or it won't be completely removed. This in itself can cause loads of problems.
good luck!

[SRGONE]

Well I finally got her back up and running. I went to her house last nite with a full arsenal.....AVG, The Cleaner, Can't Hide, AATools, VisualRoute, a boot disk and a copy of Win XP Professional. Guess what finally fixed it? The boot disk, format c: and the install of XP. I swear, what a pain in the ass....I had a printed copy of the uninstall of ZA and went through it step by step, I scanned the **** out of it and still nothing. I was starting to blame Comcast again, but decided that whether it was going to work or not it would be best to start over anyway. After I got her back up and running I did leave it with ZA Pro (functional this time), AVG updated, the Cleaner and only AIM (she can';t live without it.

Glad that headache is over with...still bother's me that I couldn't figure it out, but I'll live. Thanks for all the help, I did learn some good lessons and technique. It also reminded me how I learned so much and ended up in this business....great isn't it.

Thanks again people