FTP problem

Jim,

I tried it both ways. Using the browser with the proxy, I can't connect to anything. Not using the proxy, I can at least use the web.

Larry

Jim, you confused?!?! That's a first!!!

Don't I wish! I try to conceal it, though! :smileyvery-happy:

Jim

Jim, you confused?!?!  That's a first!!!  :smileyvery-happy:   Maybe someone on the Hijack This forum will stumble on the post and reply.

msgale,

I was hoping you'd spot something that I hadn't! But now we have three FTP clients that don't work! You can see why I got interested in the possibility of malware or a proxy problem. But there are two machines at the site, and only one of them acts like this, so it's not clear how an external proxy could affect one but not the other.

Jim

Message Edited by msgale on 03-19-2005 07:06 PM

Larry,

I realized after I'd added those notes that even if the ISP were readily contacted, the suggestion didn't make sense, because the other system works. I'll see if I can get the HijackThis thread some attention from the folks who know how to analyze those logs. It would be unfortunate indeed to have to restore the machine if the problem turns out to be malware, and can be fixed by removing whatever may be causing this strange problem.

Jim

Jim,

Contacting the ISP would not be productive. I'm in Venezuela and the ISP is the local TV company, and since my spanish isn't that good, I don't think I could even communicate the problem well.

Message Edited by LERudnick on 03-19-2005 08:08 PM

Jim,

That's true - that is (one of) the puzzlement(s), the other machine works fine. Actually the only reason I bought the new one is because the old one is just that, old. Computers in a marine environment don't typically last (although the 8000 is now 4 years old). Its also running WinMe, not my favorite OS.

I suppose the answer lies (if it isn't malware), in some file that got corrupted or missing somehow, or maybe a registry setting that missing or wrong. The problem with that is how to find out which one. I know the sfc /scannow command is supposed to verify each of Window's file, but I doubt if it does a complete job.

Anyway, thanks for your efforts. I need to wait a little longer before the restore in any case so we'll see if anyone else has some ideas.

Larry

Jim & msgale,

I found the problem. I reinstalled the drivers for the Belkin Wireless G network adaptor from the original CD and FTP now works. Before you think I'm crazy or just dumb (which may be the case anyway), remember that HTTP worked perfectly and I hadn't used FTP on the new machine before (it is only 2 weeks old) and I just tried FTP about 4-5 days ago for the first time on the new pc. I had downloaded the 'latest' drivers from Belkin and installed those, noticed no change in HTTP so figured all was good. Only when I tried using FTP some days later did I see a problem but didn't imagine it was caused by new drivers that seemed to be OK. Simple things!! Sorry for causing any confusion.

Thanks to all for their time and efforts.

Larry

Larry,

AMAZING! I never would have imagined that a network adapter driver could cause a problem that was specific to one IP protocol! If you find anything out from Belkin, please post back.

Jim

Message Edited by jimw on 03-20-2005 09:15 AM

Larry,

If you're interested, I'd be interested in learning more about what the two "proxy" settings HijackThis found are for, and how they came to be there. Here they are:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = bredonda.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;

(Note that the Dell HTML checker is determined to mangle the string " " at the end. That's because it assumes anything that's between a "less than" and a "greater than" character is HTML. I overrode it by using the HTML symbolic characters, "& lt ;" and "& gt ;" I used another trick so they can be displayed.)

I've been looking at where those two settings are located in the registry. They're for the currently logged in user (HKCU stands for HKEY_Current_User), and seem to result from manual entries in the "Internet Options/Connections/LAN Settings/Proxy server" section. I suspect "Use a proxy server..." is checked, and in the "Address" box "bredonda.com" appears, and in the "Port" box "80" appears, and the "Bypass proxy server..." checkbox is checked. As far as I can tell, those proxy settings will be used for HTTP, Secure (HTTPS), FTP, Gopher, and "Socks", unless the "Advanced" settings are changed.

So, three questions...

First, is that what you're seeing in your Internet Explorer setup?
Second, were they in fact manually entered?
Third, are they necessary in order for the browser to function at all?

Jim

Hi Jim,

I checked the settings and there is no proxy server checked, on either machine. The bredonda:80 was typed in but greyed out and not being used. The check box "Use Proxy" is not checked. I had typed it in on the new machine when I checked the settings on the old one. I had tried to use it (checked) but had gotten nowhere. I unchecked it so the settings remain although they're not used. This is the same on both machines now. I spoke to a different tech guy here and he said there is no proxy server in use so I suppose I could just delete it.

Also, I heard from Belkin. They simply pointed me to the older drivers on their web site - they said loading the 'wrong' drivers could cause the problem I had. Well, looking on their web site, the 'wrong drivers' appeared like they were simply a newer version. The old driver file was named f5d7050 and the 'wrong' one named f5d7050_v2. Seemed like a natural thing to assume but maybe not.

Larry

PS I just deleted the bredonda.com:80 entry from the proxy settings and ran HJT again. The entry disappeared. Thanks again for all your help on this.

Message Edited by LERudnick on 03-21-2005 01:00 PM

Larry,

Thanks for the additional detective work! Now I need to figure out how to tell the difference between an active proxy entry and an inactive one in a HijackThis log. It makes sense that the proxy name, "bredonda.com" would not work, because that name can't be resolved to an IP address. It was possible that within the marina's network there could be a way of resolving the name, but it looks from your result that there isn't.

I wonder if there are two versions of the Belkin f5d7050 wireless adapter? There are no warnings at the Belkin download site that the "_v2" driver will only work with Version 2 of the f5d7050, if such a device even exists. I downloaded the user manual, and there's no hint there that there are two different versions of the adapter.

Another place to get information about that device is the Belkin Forum at DSL Reports. If you're still interested in "forensics" on this strange problem, you might try posting there and see if anyone knows what's with f5d7050 versus f5d7050_v2.

Jim