Tip & How-To about Computers & Internet

Check for DOS, Check to see if you are infected...

When you first turn on your computer (BEFORE DIALING INTO YOUR ISP), open a MS-DOS Prompt windows (start/programs MS-DOS Prompt).
Then type netstat -arn and press the Enter key.
Your screen should display the following (without the dotted lines which I added for clarification).
-----------------------------------------------------------------------------
Active Routes:

Network Address Netmask Gateway Address Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 0.0.0.0 1

Route Table

Active Connections

Proto Local Address Foreign Address State

--------------------------------------------------------------------------------

If you see anything else, there might be a problem (more on that later). Now dial into your ISP, once you are connected; go back to the MS-DOS Prompt and run the same command as before netstat -arn, this time it will look similar to the following (without dotted lines).

Active Routes:

Network Address Netmask Gateway Address Interface Metric
0.0.0.0 0.0.0.0 216.1.104.70 216.1.104.70 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
216.1.104.0 255.255.255.0 216.1.104.70 216.1.104.70 1
216.1.104.70 255.255.255.255 127.0.0.1 127.0.0.1 1
216.1.104.255 255.255.255.255 216.1.104.70 216.1.104.70 1
224.0.0.0 224.0.0.0 216.1.104.70 216.1.104.70 1
255.255.255.255 255.255.255.255 216.1.104.70 216.1.104.70 1

Route Table

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:0 0.0.0.0:0 LISTENING
TCP 216.1.104.70:137 0.0.0.0:0 LISTENING
TCP 216.1.104.70:138 0.0.0.0:0 LISTENING
TCP 216.1.104.70:139 0.0.0.0:0 LISTENING
UDP 216.1.104.70:137 *:*

--------------------------------------------------------------------------------

What you are seeing in the first section (Active Routes) under the heading of Network Address are some additional lines. The only ones that should be there are ones belonging to your ISP (more on that later). In the second section (Route Table) under Local Address you are seeing the IP address that your ISP assigned you (in this example 216.1.104.70).

The numbers are divided into four dot notations, the first three should be the same for both sets, while in this case the .70 is the unique number assigned for THIS session. Next time you dial in that number will more than likely be different.

To make sure that the first three notation are as they should be, we will run one more command from the MS-DOS windows.
From the MS-DOS Prompt type tracert/www.yourispwebsite.com or .net or whatever it ends in. Following is an example of the output you should see.

---------------------------------------------------------------------------------------

Tracing route to /www.motion.net [207.239.117.112]over a maximum of 30 hops:
1 128 ms 2084 ms 102 ms chat-port.motion.net [216.1.104.4]
2 115 ms 188 ms 117 ms chat-core.motion.net [216.1.104.1]
3 108 ms 116 ms 119 ms www.motion.net [207.239.117.112]
Trace complete.

------------------------------------------------------------------------------------------

You will see that on lines with the 1 and 2 the first three notations of the address match with that we saw above, which is a good thing. If it does not, then some further investigation is needed.

If everything matches like above, you can almost breath easier. Another thing which you should check is programs launched during startup. To find these, Click start/programs/startup look at what shows up. You should be ableto recognize everything there, if not, once again more investigation is needed.

------------------------------------------------------------------------------------------

Now just because everything reported out like we expected (and demonstrated above) we still are not out of the woods. How is this so, you ask? Do you Netmeeting? Do you get on IRC (Internet Relay Chat)? Or any other program that makes use of the Internet. Have you every received an email with an attachment that ended in .exe? The list goes on and on, basically anything that you run could have become infected with a trojan. What this means, is the program appears to do what you expect, but also does just a little more. This little more could be blasting ebay.com or one of the other sites that CNNline was talking about.

What can you do? Well some anti-virus software will detect some trojans. Another (tedious) this is to start each of these "extra" Internet programs one at a time and go through the last two steps above, looking at the routes and connection the program uses. However, the tricky part willbe figuring out where to tracert to in order to find out if the addresses you see in step 2 are "safe" or not. I should forewarn you, that running tracert after tracert, after tracert might be considered "improper" by your ISP. The steps outlined above may not work exactly as I have stated depending upon your ISP, but wuth a true ISP it should work. Finally, this advise comes with NO warrante and by following my "hints" you implicitly release me from ANY and ALL liability which you may incur.

Other options

Display protocol statistics and current TCP/IP network connections.
Netstat [-a] [-e] [-n] [-s] [-p proto] [-r] [intervals]

-a.. Display all connections and listening ports.
-e.. Display Ethernet statistics. This may be combined with the -s option.
-n.. Diplays address and port numbers in the numerical form.
-p proto..Shows connections for the protocol specified by proto; proto may be
TCP or UDP. If used with the -s option to display per-protocol statistics,
proto may be TCP, UDP, of IP.
-r.. Display the routing table.
-s.. Display per-protocol statistics. By default, statistics are shown for TCP
UDP and IP; the -p option may be used to specify a subset of the default
interval..Redisplay selected statistics, pausing intervals seconds between each
display. If omitted. netstat will print the current configuration information
once

Good luck!


Posted by on

Computers & Internet Logo

Related Topics:

Related Questions:

1 Answer

how to install windows xp sp2 by using dr-dos


1. Check your BIOS to be sure your computer will boot from a CD. Enter the BIOS setup by pressing the "Delete" or F2 or "F12" key, or as directed at the startup screen, immediately after booting. Set the first boot device to "CDROM" or "DVDROM" instead of "hard drive" if it isn't already.

2. MS-DOS command prompt

Insert the Windows XP installation CD into your CD or DVD drive and restart the computer. When prompted, choose to start from the MS-DOS command prompt with CD support. The MS-DOS command prompt will appear in a moment.

3. Start SMARTDRIVE by typing "SMARTDRV" at the DOS prompt and pressing enter. You don't have to run SMARTDRIVE, but copying the files will be much quicker if you do. The computer will display the DOS prompt again.

4. Enter "CD I386" at the DOS prompt to change to the directory where the setup program starts.

5. Enter "WINNT" at the prompt to start Windows XP setup. The installation program will copy files to your computer and then display a message requesting to reboot.

6. Press the "Enter" key to reboot. The setup program will start again and check that your hard drive format is compatible with Windows XP. If not, it will guide you through partitioning and formatting the drive and then ask you to reboot once more.

7. Press "Enter" to reboot. The computer will restart in Windows XP mode and automatically start the Windows Setup Wizard to detect your hardware and finish the installation.

Feb 21, 2011 | Computers & Internet

1 Answer

error in ms office


Rename and Reinstall the Vbe6.dll File

NOTE: You need your Office CD-ROM to complete this task.
  1. Quit all currently open programs.
  2. Start an MS-DOS prompt in a window by doing one of the following:
    • Microsoft Windows 95 or Windows 98: Click Start, point to Programs, and then click MS-DOS Prompt.
    • Microsoft Windows Millennium Edition (Me): Click Start, point to Programs, point to Accessories, and then click MS-DOS Prompt.
    • Microsoft Windows NT 4.0: Click Start, point to Programs, and then click Command Prompt.
    • Microsoft Windows 2000 or Microsoft Windows XP: Click Start, point to Programs, point to Accessories, and then click Command Prompt.
  3. To change the directory to the location of the Vbe6.dll file, type one of the following (including the quotation marks), and then press ENTER: CD "C:\Program Files\Common Files\Microsoft Shared\Vba\Vba6"-or- CD progra~1\Common~1\Micros~1\Vba\Vba6NOTE: This is the default directory for the Vbe6.dll file. If you installed Microsoft Office into another drive or directory, you must type its path.
  4. To unregister the Vbe6.dll file, type the following.

    In Windows 95, Windows 98, or Windows Me, type: C:\Windows\System\REGSVR32 /U VBE6.DLLIn Windows NT 4.0, Windows 2000, or Windows XP, type: REGSVR32 /U VBE6.DLL-or- C:\Winnt\System32\REGSVR32 /U VBE6.DLLNOTE: This is the default directory for the Windows System directory. If you installed Windows into another directory, you must type its path.
  5. In the MS-DOS prompt window, rename Vbe.dll to Vbe.old by typing the following and then pressing ENTER: rename vbe6.dll vbe6.old
  6. Quit the MS-DOS prompt window. To do this, do one of the following:
    • Type Exit at the command prompt, and then press ENTER. -or-

    • Click Close (the X in the upper-right corner of the window).
  7. Start Microsoft Word.
  8. On the Tools menu, point to Macro, and then click Macros.

    The Windows Installer detects that the Vbe6.dll file is missing on the system, installs the file from the Office CD, and registers it again.

Mar 23, 2010 | Microsoft Office Professional 2007 Full...

2 Answers

Unable to load


How to get to a MS-DOS prompt.
Reason: If Windows or the computer is not operating properly, it may be necessary to get to a MS-DOS prompt to diagnose and to perform additional troubleshooting on the computer.
Solution: MS-DOS users
Windows 3.x users
Windows 95, 98 and ME users
Windows NT, 2000 and XP users
Windows Vista users
Other PC Operating System users

MS-DOS users If you are running MS-DOS with no other operating systems, the computer should be booting into a MS-DOS prompt automatically unless you have a shell or other program loading automatically. If the computer is not getting you to a MS-DOS prompt, reboot the computer and as the computer is booting, press the F5 key when you see the message "Starting MS-DOS" or the MS-DOS version. This will load the default standard MS-DOS. If you successfully get to a MS-DOS prompt and would like to prevent the computer from loading the program that is preventing you from getting to a MS-DOS prompt, or if you would like to fix possible error messages you may be receiving when booting the computer, edit the autoexec.bat and/or the config.sys files.

Windows 95, 98, and ME users If you are able to get into Windows 95, 98 or ME, you can get to a MS-DOS prompt by following the below steps.
  1. Click Start
  2. Click Run
  3. Type "command" and press enter.
This will open a MS-DOS shell. However, if you are attempting to troubleshoot an issue with the computer and are using Microsoft Windows 95 or Windows 98we suggest you restart the computer into MS-DOS. To do this follow the below steps.
  1. Click Start
  2. Click Shutdown
  3. Choose the option to restart the computer into a MS-DOS prompt.
If you are unable to get into Windows 95 or Windows 98 to get into a MS-DOS prompt, follow the below instructions (Windows ME does not have this option).
  1. Reboot the computer
  2. As the computer is booting, press the F8 key when you hear a beep or when you see "Starting Windows 95" or "Starting Windows 98". Windows 98 users sometimes may find it easier to press and hold the left CTRL key as the computer is booting.
  3. If done properly the user should get to a screen similar to the below screen.
Microsoft Windows 95 Startup Menu
============================= 1. Normal
2. Logged (\BOOTLOG.TXT)
3. Safe mode
4. Step-by-step confirmation
5. Command prompt only
6. Safe mode command prompt only
Enter a choice: 1
F5=Safe Mode Shift+F5=Command prompt Shift+F8= Step-by-step confirmation [N]

4. Select the option for Safe mode command prompt only.
Windows NT, 2000, XP, and Vista users If you're running Windows NT, 2000, or Windows XP and need to get to MS-DOS prompt follow the below steps.
  1. Click Start
  2. Click Run or click in the "Start Search" field if you're running Vista
  3. Type "cmd" or "command" and press enter.
Additional information about the difference between "cmd" and "command" can be found on document CH000395. If you're attempting to get into a MS-DOS prompt to troubleshoot the computer boot the computer into safe mode. Additional information about how to get into safe mode can be found on document CHSAFE. Windows 2000, XP, and Vista users who are unable to boot the computer into Normal Windows mode or Safe mode can also enter the recovery console to manage their computer from a prompt. Additional information about how to do this can be found on document CH000627. Finally, if you are experiencing issues getting into Windows NT, 2000, or XP, it may be necessary to run troubleshooting steps from a MS-DOS prompt. It is recommended that the Network Administrator get into the MS-DOS prompt by using either a standard MS-DOS boot diskette (note: will not be able to access data using a standard MS-DOS bootable diskette) or the ERD diskettes created after the installation of Windows NT, or boot from the Windows XP CD.

dot.gif
Index
question.gif dot.gif
Category:

MS-DOS Q&A

Companies:

Microsoft

Related Pages:
MS-DOS
Safe Mode

Resolved
question.gif
Were you able to locate the answer to your questions?
dot.gif dot.gif

Dec 06, 2007 | Microsoft Windows XP Home Edition

1 Answer

"denial of service": email, firefox, etc. cannot find server..


What told this was a "denial of service"?

Some hackers use DoS (above) it's considered the worst thing you can download, they can go from keylogging your PC, from taking over your pc anytime they like, and using your bandwidth which is called DDOS.

This is a very compllicated thing to get ride of,

One way you can test to see if your a victum of this is to check the port, here is how:

To open the MS Dos screen go to:
Start>Run>type "cmd" and press enter (without quotes)


All of the IRC Zombie/Bots open and maintain static connections to remote IRC chat servers whenever the host PC is connected to the Internet. Although it is possible for an IRC chat server to be configured to run on a port other than "6667", every instance I have seen has used the IRC default port of "6667".

Consequently, an active connection to an IRC server can be detected with the following command:

netstat -an | find ":6667"

Open an MS-DOS Prompt window and type the command line above, then press the "Enter" key. If a line resembling the one shown below is NOT displayed, your computer does not have an open connection to an IRC server running on the standard IRC port. If, however, you see something like this:

TCP 192.168.1.101:1026 70.13.215.89:6667 ESTABLISHED

. . . then the only question remaining is how quickly you can disconnect your PC from the Internet!

A second and equally useful test can also be performed. Since IRC servers generally require the presence of an "Ident" server on the client machine, IRC clients almost always include a local "Ident server" to keep the remote IRC server happy. Every one of the Zombie/Bots I have examined does this. Therefore, the detection of an Ident server running in your machine would be another good cause for alarm. To quickly check for an Ident server, type the following command at an MS-DOS Prompt:

netstat -an | find ":113 "

As before, a blank line indicates that there is no Ident server running on the default Ident port of "113". (Note the "space" after the 113 and before the closing double-quote.) If, however, you see something like this:

TCP 0.0.0.0:113 0.0.0.0:0 LISTENING

. . . then it's probably time to pull the plug on your cable-modem!

Note that a Windows IRC client program running in the PC will generate false-positive reports since these are tests for IRC client programs. So be sure to completely exit from any known IRC client programs BEFORE performing the tests above.

---------------------------------------------------------------------------------------------------------------------------------------------------

Oct 18, 2007 | Dell Inspiron 2200 Notebook

Not finding what you are looking for?

142 people viewed this tip

Ask a Question

Usually answered in minutes!

Top Computers & Internet Experts

Doctor PC
Doctor PC

Level 3 Expert

7733 Answers

kakima

Level 3 Expert

102366 Answers

David Payne
David Payne

Level 3 Expert

14161 Answers

Are you a Computer and Internet Expert? Answer questions, earn points and help others

Answer questions

Loading...