On Thu, Sep 24, 2009 at 4:38 PM, Len Hammond <lenhammo...@gmail.com> wrote:
> My conclusion is that something is wrong with the IP installation.
Obviously. :)
> But I am curious as to where to go to just refresh the IP
> stack, never having done just that.
I am of the belief that once Windows gets screwed up like this there
is no way to fix it. The registry is huge and complicated, there are
hundreds upon hundreds of files in system32, and documentation on how
it all ties together varies from incomplete to non-existent. There's
no authoritative way to say the system is intact. So there really
isn't a way to fix things once they're broken. You have to blow
everything away and reinstall it all. This is probabbly my number one
complaint about Windows: You can't fix it when it breaks.
That said:
NETSH INTERFACE IP RESET c:\ipreset.log
NETSH WINSOCK RESET
will reset stuff in the IP stack. (What stuff? Nobody knows,
exactly. Mysterious, Microsoft voodoo stuff. But it often works (for
sufficiently loose definitions of "works").)
> In my XP pro sp3 desk machine here, the option to uninstall IP
> from within the Network applet in Control Panel is greyed out.
With Win XP and later, Microsoft decided one shouldn't be able to
uninstall the IP stack. Too bad, so sad.
> Any thoughts would be appreciated, before I nuke the client machine to start
> over.
That's the recommended action for good reason.
> Although that is probably my best option considering the unknown virus
> condition ...
Indeed. For *any* OS, once you suspect the system is compromised,
the *only* safe course of action is to wipe and reload from trusted
media. (Unless you have detailed IDS signatures from before the
compromise, but if you had that you wouldn't be asking these
questions. :) )
-- Ben
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
