I had a friend IM me (PalTalk, apparently the only port open) this morning telling me that BOClean caught a trojan yesterday and since then all other Inet access has been ‘blocked’. She said she received an error that says HTTP, HTTPS and FTP are all blocked. I had her go through the steps here (https://forums.comodo.com/empty-t14612.0.html), thinking that BOClean may have locked itself up, and that didn’t help. She has rebooted numerous times.
They are using Avast! and only the Windows Firewall. Disabling the WinFW didn’t do anything, nor did shutting down Avast. I also had her completely remove BOClean. That didn’t do any good either.
I think the problem from your friend has to do with the “Automatic cleanup of winsock connectivity”. I suggest she reads this first :
The sixth checkbox is marked "Automatic cleanup of winsock connectivity." This item is turned on by default as well. However, this checkbox controls a number of additional cleanups which reflect the latest tendencies to corrupt the winsock "Layered Service Provider" (or "LSP") stack as well as the winsock itself. When certain malware inserts itself into the winsock stack and is subsequently removed, you lose all internet connectivity as a result of the "missing piece." Leaving this checkbox checked will cause BOClean to examine the "winsock stack" and repair the sequence to prevent loss of connectivity. We strongly advise leaving this box checked.
If unchecked, then any trojan which affects any of these items would require manual repair. We explain this in detail because any “network connectivity” issues have been a major portion of support requirement for us as a result of some nasties out there, and a major focus of BOClean 4.12 and later was a means of automating this most difficult cleanup since it seems no two internet providers setup the winsock the same way twice. As a result, when network connectivity was lost due to a trojan, we had to refer the victim to their ISP to help them remove and then reinstall “networking.” In addition, any DNS-tampering trojans will have any changes to “NameServer” and other connectivity issues automatically resoved when this item is checked.
It has come to our attention that a small number of people have configured their home machines to a hard-configured “DNS setting IP address.” From a security standapoint, this is not a good idea as those manual DNS settings are used extensively in malware to redirect victims to places other than where they had intended to surf. It’s ALWAYS best to leave your networking configured for DHCP or “get address automatically.” Despite this being a really bad idea to manually enter this data, some people insist upon doing so. If YOU are in this situation, we strongly advise going to automatic network configuration using DHCP. If you still choose not to, it is IMPORTANT that the “Automatic cleanup of winsock connectivity” box NOT be checked or BOClean will remove those settings when a trojan is found.
The winsock fix shouldn’t be required unless the stack itself was already corrupted …
Give THIS a try:
For Windows Vista or XP only, use Windows native procedures. This will vary according to Service Pack level and Version.
* To fix a corrupted LSP / Winsock in Windows XP pre-SP2:
1. Backup and delete the following registry keys:
[HKEY_LOCAL_MACHINE\ System\ CurrentControlSet\ Services\ Winsock]
[HKEY_LOCAL_MACHINE\ System\ CurrentControlSet\ Services\ Winsock2]
2. Reboot.
3. Open the network connections folder, right click your network connection, and click Properties.
4. Click Install | Protocol | Add.
5. Click "Have Disk...", type "\windows\inf" in the box, and click OK.
6. Click "Internet Protocol (TCP/IP)", then click OK.
7. Reboot.
* To fix a corrupted LSP / Winsock in XP SP2:
1. Open a Command Window.
2. Type "netsh winsock reset catalog" into the command window.
3. Reboot.
* To fix a corrupted LSP / Winsock in Vista:
1. Open a Vista Command Window.
2. Type "netsh winsock reset" into the window, and press Enter.
3. Reboot.
Hopefully, it wasn’t the registry which was corrupted …
