Columbo Files: Limited or No Connectivity

I had an interesting problem recently. A user called and was not able to get on the network. After arriving at the user’s desktop, I noted the PC had an APIPA address and the NIC noted that it had “Limited or No Connectivity”. After disabling/re-enabling the NIC, removing/readding it and rebooting the PC, I ended up with the same result. Thinking it was a network problem, I proceeded to switch ports on the network switch and trying another network jack. Same thing. I then tried another NIC in the PC: same thing. I then bought over a laptop and plugged it in: it got an IP address right away. I left the laptop with the user and bought the computer back to my desk for inspection.

When I tried pinging any host on the network, I would get a “y” symbol with two little dots above it. Ah, here it is: ӱ. Charmap lists this as a “Cyrillic Small Letter U with Diaeresis”. Well, thanks for clearing that up! I ran Winsock XP Fix and the PC connected to the network just fine! Weird.

About a day later, the mystery was starting to unravel. The same user called again starting that Internet Explorer wouldn’t start due to the fact that it was looking for a file called msvcrl.dll. This file looks innocent enough, so I went searching for it on another Windows XP workstation, but alas I could not find the file anywhere. Using my old trusty friend Google, I discovered that the file was “a Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data.” That’s great, on a computer that some one runs our finanicals on too!

The major threat was already gone, but how was I to repair Internet Explorer? A search of the registry did not produce any results for msvcrl.dll. Perhaps it was tucked away in some binary value in the registry? I tried to reinstall IE, but it told me that a newer version was already installed. Using the “IsInstalled” registry trick from Microsoft would not fool the computer into reinstalling IE. Bummer. After digging around on Google some more, I found IEFIX. This utility repairs Internet Explorer back to its clean state by re-registering the original files from your Windows XP CD. I ran on this on the PC in question and it was fixed (finally!).

– Soli Deo Gloria

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.