A customer was complaining about their Windows XP PC freezing up when the system started the screensaver or tried hibernating. At first I thought it had to do with some file corruption with the screensaver or Power Options, but after a couple hours of repairing everything dealing with Power Management, screen savers, and such I was still no closer to solving the issue. I started Internet Explorer and was browsing for a better solution, when I encountered a redirect when I clicked on a search result. Although the system didn't behave like an infected machine, I decided to download and run Malwarebytes Anti-Malware on the system and see what it found. Nothing found. So, I downloaded TDSSKiller to check for any rootkit issues like google redirects.

There, at last, was the problem. A rootkit called Rootkit.Win32.ZAccess.J had infected the machine and caused the issues. Easy enough, I removed the infection and restarted the PC. After the system restarted, I tried to open a web page and I had lost all connectivity. I checked the error logs and found that the IPSEC service was failing to start because the file was not found. The path to the file was C:\WINDOWS\system32\lsass.exe. After replacing this file from back up and even running SFC /SCANNOW to check for any missing Windows files, the system was still no better than I had found it. The system still could not access the Internet.



I tried the command "Netsh int ip reset resetlog.txt" with no success and WinsockXPFix couldn't solve the problem either. Time for a complete reinstall of TCP/IP to fix the issue. Follow the steps to manually remove and reinstall the TCP/IP components in Windows XP.


1. Find the Nettcpip.inf file in windows\inf folder, and open the file in Notepad.
2. Locate the [MS_TCPIP.PrimaryInstall] section.
3. Change the Characteristics = 0xa0 entry and replace 0xa0 with 0×80.
4. Save the file, and then exit Notepad.
5. In Control Panel, double-click Network Connections, right-click Local Area Connection, and then select Properties.
6. On the General tab, click Install, select Protocol, and then click Add.
7. In the Select Network Protocols window, click Have Disk.
8. In the Copy manufacturer’s files from: text box, type c:\windows\inf, and then click OK.
9. Select Internet Protocol (TCP/IP), and then click OK.
 Note This step will return you to the Local Area Connection Properties screen, but now the Uninstall button is available.
10. Select Internet Protocol (TCP/IP), click Uninstall, and then click Yes.
11. Don't restart the computer yet, instead click on Start, RUN, and type REGEDIT and press Enter
12. In the Registry Editor, delete the following keys
 
  • HKLM/system/CurrentControlSet/services/winsock
  •  HKLM/system/CurrentControlSet/services/winsock2
13. Close the Registry Editor
14. Restart Windows
 
Now follow these instructions to Reinstall TCP/IP

1. Find the Nettcpip.inf file in windows\inf folder, and open the file in Notepad.
2. Locate the [MS_TCPIP.PrimaryInstall] section.
3. Change the Characteristics = 0x80 entry back to 0xa0
4. Save the file, and then exit Notepad.
5. In Control Panel, double-click Network Connections, right-click Local Area Connection, and then select Properties.
6. On the General tab, click Install, select Protocol, and then click Add.
7. Select TCP/IP and choose to install it
8. When its done installing TCP/IP, restart your computer again just to be safe.

Now check your internet connectivity. You should be connected to the Internet once again and able to surf.

For more information regarding a few errors that can crop up during this procedure, please visit Smokey's Security Blog.

Recommended Software for PC Hell Visitors