My mother is running XP media edition SP2, AT&T yahoo high speed DSL.
She had me come over because she was having connection problems, and I’ve figured out that her connection is really good, except for upoading, she can’t upload. Can’t even attach a .jpg file in an email.
I went to www.speedtest.net and her DL is right where it’s supposed to be, around 650 kb/s, ping is good around 60 ms, but her upload is way way off from where it should be, her ISP told me it should be around 175 kb/s, but it’s at like 6 kb/s. Way way off.
When I went over there (I installed Comodo and Avira previously because her McAfee internet security license was up) I booted up her computer and a Comodo pop up appeared saying it has detected a new network and asked if computers on that network should be allowed to share files. I don’t have too much experience with DSL or her ISP so I thought it might be malicious somehow, I guess it was her network though?
So it offered me the option to close the window, or to allow the file sharing, I just closed the window.
I believe this is the cause of the upload problem, thoughts?
How can I get that box to pop up again? How can I change the setting to allow file sharing?
I’m on my computer right now, but I’ll be posting from hers sometime within the next few days.
Thanks in advance.
I should mention, I THINK this is the cause of her problem, but I’m not sure. Feel free to offer any suggestions if you think it’s not the cause.
Two questions: What kind of modem/router is installed, make and model? And, of the blinky lights it has, do the lights blink, or solid locked on? A solid indicator light would imply a lot of packets, where a blinking light would imply somewhat less traffic.
It probably wouldn’t hurt to do a HiJackThis scan, just in case.
forgot to mention in my PM that her HJT log was clean as well.
Ok ok ok, I’ll do better this time.
Her subscription was up on her McAfee security center, I uninstalled it and installed Comodo FP3, Avira personal, and Windows Defender.
She was fine for like a week, then starting having her problem, not being able to upload.
During the change out from McAfee to Comodo and Avira, I found out she had an infection on a non admin account, it was the rogue XP antivirus 2008. I cleaned it in safe mode by running full scans with MBAM SAS and Avira. Her HJT log is clean.
I’ve scheduled her Avira to full scan daily, last time I was over there it had scanned that day.
She is connected by DSL modem. Whichever modem comes free with AT&T yahoo.
I think the “internet” light on her modem blinked.
As far as her firewall configuration, I think it’s blocking her windows update. I’ll post screenshots next time I’m over there.
I don’t even have my firewall configured very well, it’s a bit hard to configure.
I’ll post from her computer within the next few days.
It seems like some part of windows OS is being blocked in her firewall events maybe.
Her modem is a Siemens Speedstream 4100B Ethernet ADSL Modem
Part number 060R-D146-A10
Power light is on solid
Ethernet light is on solid
DSL light is on solid
Activity light is blinking, seems to blink when I load a webpage or something.
I’m going to go ahead and run scans again for malware.
Couple questions
Any chance installing SP3 will fix the problem? She’s still on SP2.
Any chance uninstalling and reinstalling her AT&T Yahoo software will fix it?
I’m going to try the McAfee removal tool, then scan for malware. I’ll be back.
I have similar modem, so I know the light status is good. You can also try creating a new XP user profile and try the internet with that it. This will eliminate the possibility of a corrupt profile.
Resetting the winsock might also help: Start > Run > netsh winsock reset > reboot
It’d probably be best to stay on SP2 for now. SP3 changes could confuse things too much.
I’m not familiar with that particular model modem, but other DSL modems I’ve encountered have a statistics page/log that show error rates and such. Some also have a DSL line test facility.
Other thing that comes to mind is the classic MTU ping test (ping -f -l 1400 and vary the number up or down to find the threshold (that’s a -L lower case))
ICMP definitely needs to be allowed outbound. This is probably your culprit, as ICMP handles the coordination of speed and packet sizes and other such things.
Yes, that’s correct. You can leave off the ‘and log’ unless you want to fill up the log very quickly. For testing, it would be good to see what is going on, but expect a lot of packets.