Packet Flooding, Router, Virus

Silver1126 · Joined: Apr 05, 2006 Posts: 1

I'm hoping that someone may be able to shed some light on a situation that we are having in our house. :hmm:

Here is the setup.

Rogers Cable Internet is our ISP. So the cable goes into the Terayon modem (provided by Rogers) into my D-Link Talk Broadband box (model DVG-1120), then into the D-Link Wireless Router (DI-624) (We originally had the 714P+ but that got fried (not sure if it was a result of whatever problem we are having or age although it was about 2 yrs old!)). From the router it connects to 2 wireless computers (running Windows 2000 Professional) and 1 wired computer (running XP Home Edition).

So here is the problem.... 2 wireless computers hook up to internet NO PROBLEM until the wired computer is connected to the Router, once that computer is plugged in, we all go down. No internet. Through CMD screen can sometimes ping websites, most often not. Once wired computer is disconnected and we reboot... everything is ok again. Wired computer does not affect 2 wireless computers IF it is run in safe mode. Norton has been run, and found some spyware, and some other virus & spyware things were run... TrendMicro's thing found I think 3 things that others did not.

Now... when the wired computer is plugged directly into the modem, everything works on the computer for a while... eventually it goes down again. Norton was uninstalled and then once reinstalled internet worked for a while... eventually it goes down again.

:ph34r: Is this a problem with the router? or is this some virus like the Welchia or possibly something hidden in the registry files on the wired computer causing this to happen? or could it be something flooding the router, and then it automatically shuts off.

Any help would be appreciated Smile

Debora · Joined: Mar 28, 2004 Posts: 1769 Location: Iowa

sounds more to me like a trojan that's dialing home so to speak and probably being used for a DDOS attack by whomever planted the trojan. I 've had it happen and the final result was to just reinstall the OS and clean the hard drive in the process. That's usually faster for me than trying to find the specific trojan/viri problem. It also tends to fix a mirad of other problems in the process of cleaning up the drive to a fresh start.

goretsky · Posted: Thu Apr 06, 2006 5:45 am Post subject:

Hello,

Is the wired computer running Microsoft's Internet Connection Service or any DHCP-serving software? If so, try disabling or uninstalling it before connecting the computer back to the router.

Regards,

Aryeh Goretsky

cat5e · Joined: Apr 26, 2003 Posts: 589

The DVG-1120 – Is a 2-Port VoIP Gateway/Router with 1 LAN Port

My guess is that whole Network is mis-configured, double Routing is used and the VOIP helps to chock the whole thing.

So some one need to understand the nature of the hardware, connects, and configure it according to the actual needs (that were not mentioned in the OP).

Cool

prschmi · Joined: Mar 30, 2009 Posts: 1

Yesterday I had a similar thing happen with three W2K wired computers on the same home network. (I haven't turned them on today) I noticed when checking the Network Setup Icon - Properties, that packets were being SENT nearly continuously and no packets were being received. (This is the place where numbers are given for packets sent / packets received. When I disable, of course, it stopped. When I double-clicked again (a few minutes later) to enable it was OK for about 5 minutes then started doing it again. One W2K box had not been in W2K boot for several weeks - it did the same. So if this is a virus it has laid low or done a quick transfer. (BTY this is posted via Linux box - not affected).
The end result is that the router is besieged with packets from a single computer so others can't get in packet slices. The leds on the router confirm the flood of activity from the offending computer(s) This ties up any connection and the net appears to be DOWN.

Not sure what to look for and to reinstall is a major deal with all the stuff I have plus updates, downloads, etc.
Paul

atenor · Joined: Jan 30, 2004 Posts: 24

You can download the network analyzing tool Ethereal from:
http://www.ethereal.com/download.html
It will at least let you know what type of packets are being sent and where.
If you think you have a Trojan on the computer, scan with Malwarebytes and Spybot Search and Destroy.
All three programs are free to download and use. Both of the Trojan cleaners can be found at downloads.com.

AG

hamhox · Joined: Oct 21, 2006 Posts: 58

For some time now, these forums have been promulgating the use of imaging S/W
for creating & restoring system backups. It is far and away THE superior approach to
maintaining system continuity against all manner of badguys: trojans, viruses, spyware, the whole lot. When something serious comes up to adversely affect your
computer, you simply restore from your stored image of the disk or partition. Done proper, you are even protected against catastrophic failure of your hard drive,
especially when you have your image, along with the restore S/W saved on optical media. The image gets recreated whenever system changes such as adding or removing hardware or software occur. It aint hard, and the rewards are enormous.

HH