Paul Wylie
2004-04-07 16:25:32 UTC
My boss was on vacation last week, and when he got back into the office on
Monday, he noticed after a while that his Client Access sessions to our
AS/400 were dropping on him every so often.
I noticed I could no longer ping his laptop, nor could I remotely manage
his computer, as I normally could.
We took a look around and I couldn't find anything obviously wrong. He
uninstalled some spyware-removal programs on the off chance that they
were somehow to blame (they weren't), as well as a Linksys PC-Card
802.11B NIC and its drivers (likewise not responsible). As of yesterday,
the problem remained and seems to be getting worse.
I ran a continuous ping against his IP address as he booted the machine.
The plan was to bring his laptop up in "Safe mode with networking," but he
missed his cue to hit F8. I noticed that at some point during the boot
process, his laptop had begun to respond to pings, but then stopped. Of
course, by the time I noticed this, he had shut the laptop back down, so I
don't know exactly at which moment the ping responses ceased.
Clearly, something is loading after the TCP/IP stack and suppressing ping
responses, as well as causing other problems. I'm not convinced he
doesn't have some exotic new virus, so that's going to be a source of
research tomorrow.
Unfortunately, he had to leave for the day (and take his laptop with him)
before I could really tear into it. We're working it again today to see
if we can't figure out what's happened, but so far, I'm having no success
locating the culprit process.
In the meantime, I'm wondering if anybody here knows of any registry
settings that can suppress ping response, although I suspect I'm looking
for a service or application.
--Paul
** Note "removemunged" in email address and remove to reply. **
Monday, he noticed after a while that his Client Access sessions to our
AS/400 were dropping on him every so often.
I noticed I could no longer ping his laptop, nor could I remotely manage
his computer, as I normally could.
We took a look around and I couldn't find anything obviously wrong. He
uninstalled some spyware-removal programs on the off chance that they
were somehow to blame (they weren't), as well as a Linksys PC-Card
802.11B NIC and its drivers (likewise not responsible). As of yesterday,
the problem remained and seems to be getting worse.
I ran a continuous ping against his IP address as he booted the machine.
The plan was to bring his laptop up in "Safe mode with networking," but he
missed his cue to hit F8. I noticed that at some point during the boot
process, his laptop had begun to respond to pings, but then stopped. Of
course, by the time I noticed this, he had shut the laptop back down, so I
don't know exactly at which moment the ping responses ceased.
Clearly, something is loading after the TCP/IP stack and suppressing ping
responses, as well as causing other problems. I'm not convinced he
doesn't have some exotic new virus, so that's going to be a source of
research tomorrow.
Unfortunately, he had to leave for the day (and take his laptop with him)
before I could really tear into it. We're working it again today to see
if we can't figure out what's happened, but so far, I'm having no success
locating the culprit process.
In the meantime, I'm wondering if anybody here knows of any registry
settings that can suppress ping response, although I suspect I'm looking
for a service or application.
--Paul
** Note "removemunged" in email address and remove to reply. **