Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

router problems after blaster

Status
Not open for further replies.
rikkkidd

rikkkidd

Instructor
Apr 23, 2002
3
0
0
GB
Hi
I’m managing a small network consisting of one sever running windows 2000 server, and 8 workstation XP/2000/98. They connect to the Internet through a netgear router to an ntl ISDN line.

We had the msblaster virus a couple of weeks ago. I down loaded the blastfix from Symantec, and the Microsoft patch and removed the worm from the system and patched the vulnerable computers. According to the blastfix program the worm was only on the XP machines not 2000 server or workstation or the 98 machines. Since then the internet has slowed down considerably. And disappears completely when all the computers are trying to connect at the same time.

I’ve found that if I ping the router it will respond correctly for a few minutes then ill get a request timed out for 20 second or so then it will com back to life again for a few minutes the go again. At worst the router will time out for 5 minutes or so at which point I switch it off and restart it and then it comes back.

Does this sound like blaster is still in the system? I’ve run the blastfix program again but all the computers appear to be clean. Any advice is much appreciated.
 
Sort by date Sort by votes
It sounds like it could be the Welchia worm which followed it. I believe both of these worms attempt connections to other hosts, which will hog bandwidth, & may give the symptoms you are experiencing.

Which AV program are you using? When did you last perform a virus sweep of the entire network?

James Goodman MCP
 
Upvote 0 Downvote
We have received many similar cases. It seems the blaster already opened the door for other viruses. make sure you have all SPs, correct firewall settings and re-scan the virus (maybe more than one time).

For more tips or information, go to
Robert, MS-MVP/MCSE and CNE
Windows & Network Support, Tips and FAQs on

Robert Lin, MS-MVP, MCSE & CNE
Windows, Network and How to at
 
Upvote 0 Downvote
sounds like u still have those nachi worms spreading all over your network
u can use this step to fix it..

1.block outgoing ping in your router to stop those worms traffic hogging down your router
2.use microsoft rpc scan tool to look for unpatched machines u have, then patched em all
3. use virus scanner to clen your network
4. done (u can remove that ping block if u want)
 
Upvote 0 Downvote
thanks for the help but im still geting the same problem.

I downloaded the welchiafix from Symantec and the paches from microsoft and patched all the pc's and ran the fix program, it found the welchia virus on one of the xp machines and removed it but it said the others were clean. i also ran the blastfix.exe again on all the machinen and ones again the came back clean.
i also used windump on the server to listen to trafic but there was none on port 135/tcp, 4444/tcp, and 69/udp which Symantec said would indicate the worm.

i'v updated norton antivirus today and it curently scanning all the workstation but it hasn't found anything yet. the server has been fully scanned and norton says its clean so i have disconected all the workstation from the network and i still get the same problem with just the sever and router conected to the hub?
 
Upvote 0 Downvote
Hmm, do you have a spare hub or switch you could try to eliminate or prove the problem is with the PC's? If possible, try connecting the server to a workstation either through a x-over cable or through a switch & see if the problem is replicated.

If the problem is not replicated, it suggests a fault with the router. I have seen the power supplies on some routers to be very fussy, & the slightest fluctuation causes them to crash. At least this way you will know your problem is with either the machines or the router.

James Goodman MCP
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
Terminal Server issues doing anything network related after RDPing into
Replies
3
Views
74
DrB0b
DrB0b
axilleas
  • Locked
  • Question
Windows 2012 R2 Active directory problem after applying GPO
Replies
7
Views
82
technome
technome
MoJHK
  • Locked
  • Question
Auto run the media player with the desired song after window reboot
Replies
3
Views
47
gbaughma
gbaughma
goombawaho
  • Locked
  • Question
Running connector after PC was joined to domain manually
Replies
0
Views
35
goombawaho
goombawaho
amanua
  • Locked
  • Question
Event ID 13508 Sysvol replication problems
Replies
0
Views
49
amanua
amanua

Part and Inventory Search

Sponsor

Back
Top