WindowsMaven - Virus and Spyware Advisor

WindowsMaven Logo

 

Home page

Contents

Security search

Site search

 

Basics

Brief history

Checklist

Router

Firewall

Antivirus

Antispyware

Critical updates

 

Scanning

Procedure A

Procedure B

Procedure C

Warning!

 

General

Windows firewall

Reset IE options

Disk cleanup

Safe mode netwkng

Safe mode boot

Clean boot

Download msconfig

Service pack level

Install service pack

Repair net stack

Registry Editor

Startup programs

 

Coming Soon

WinMaven

 

 © 2006 David R. Snow. All rights reserved.

▬▬▬▬▬▬▬▬▬

 

How to Repair the Networking Stack

An important component of networking in Windows is the networking stack, a layered (or better stated, chained) series of drivers, each of which provides necessary services for networking, for every level from the lowest hardware level up to the upper level called by applications. If one of these drivers becomes corrupted, or if a connection from one level to the next is broken, the computers ability to communicate over the network is lost. This can happen when an antivirus or antispyware program removes an item of malware that has placed an entry in this stack. This is not a frequent problem, but it does happen, and here we will describe how to fix a broken stack.

  1. First determine if the stack is in fact corrupted. A means that gives good results is as follows.
  2. Go to Start, click Run, type "cmd" (without the quotes) and hit the Enter key or click OK.
  3. At the command prompt type "ipconfig /renew" (without the quotes) and hit Enter or click OK.
  4. If you see a message that contains "...an operation was attempted on something that is not a socket...." then your stack is probably corrupt, and you can use the procedure below to fix the issue.

For an exhaustive treatment of the diagnosis of this problem in Windows XP, see How to determine and recover from Winsock2 corruption, but note that the technique above is accurate enough for most cases.

If you are using Windows 2000 you may wish to see You receive an "Operation was attempted on something that is not a socket" error message when you try to obtain an IP address.

Note that some programs that use or monitor networking may be adversely by the procedures below. If the procedure you use restores networking, but leaves some programs functioning incorrectly, uninstall and reinstall the affected programs(s).

Windows XP

If you are repairing a stack on Windows XP, you must know what the service pack level of the system is, as the method used to repair the stack depends on the service pack level. See how to determine your service pack level to determine this.

Windows XP Service Pack 2

  1. Go to Start, click Run, type "cmd" (without the quotes) and hit Enter or click OK. A command window will open.
  2. At the command prompt type "netsh winsock reset" and hit Enter.
  3. Reboot your computer, then check to see if you can now browse the internet. This works about 75% of the time. If it didn't work, continue with the procedure under Windows XP Service 1, or no service pack below.

Windows XP Service Pack 1, or no service pack

Note that if you do not have at least Service Pack 2 installed, your system is unsupported by Microsoft. Upgrade promptly. See Installing service packs to learn the preferred method installing a service pack.

You will be modifying the registry with regedit, so you should first make a restore point using System Restore.

  1. Go to Start > All Programs > Accessories > System Solls > System Restore.

    If you receive a message stating, "System Restore has been turned of. Do you want to turn on System Restore now?" click Yes, and in the subsequent System Properties dialog click OK. Then reopen System Restore as above.

    Note that it is normally not a good idea to turn off System Restore. If registry corruption should leave your computer non-bootable (which does happen!) you will have no means of repairing the corruption, and a reinstall of the Windows XP operating system will be necessary.

  2. On the right pane of the System Restore wizard select Create a restore point and then click Next >.
  3. In the Restore point description: editor box type in a description, such as "Backup before repairing winsocks." This freely chosen text is to help you recognize the restore point, should you need to do a restore. (Note that if you should use this restore point, it will restore you to your broken stack.) Click Create, then Close.

Next we delete the Winsocks and Winsocks2 registry keys.

Warning! If you modify the registry incorrectly using regedit, serious problems can occur. You may leave you computer non bootable and have to reinstall, or experience other problems. Use the registry editor at your own risk!

If you are not familiar with regedit, there is a description at How to back up, edit, and restore the registry in Windows XP and Windows Server 2003.

Now we will delete the suspect registry keys.

  1. Go to Start, Run, type "regedit" (without the quotes) and hit the Enter key or click OK.
  2. In the Registry Editor navigate to the following two keys, and delete them.

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2

    Keys are shown in the left pane of the Registry Editor, data contained in them is shown in the right pane. To delete the above keys only the left pane is required. To open (or expand) a key, either click on the "+" or double-click the name of the key. To get to the first key above, find HKEY_LOCAL_MACHINE and open it. In HKEY_LOCAL_MACHINE find System (the keys are alphabetized) and open it, and continue until you have found the Winsock key. Left-click on it to highlight it, and when you are certain the correct key is highlighted hit the DEL key on your keyboard, or go to Edit and Delete in the menu at the top of the Registry Editor to delete it. When prompted to confirm the deletion, click yes. Repeat this for the Winsock2 key.

  3. Close the Registry Editor. (File > Exit or the close X in upper right corner.)
  4. Restart your computer. During the restart, Windows will detect the absence of the two keys you just deleted, end create blank entries for them. These blank entries are necessary for the next step to work correctly.

The next step is to reinstall TCP/IP.

  1. Go to Start and open Control Panel. If you are in category view click Network and Internet Connections, then Network Connections. In classic view open Network Connections.
  2. Right-click on the icon representing your connection (referred to as a connectoid) and on the pop-up menu select Properties.
  3. Click on Install... and in the network component list box highlight Protocol, then click Add....
  4. In the Select Network Protocol dialog click Have Disk....
  5. In the Copy manufacturer's files from: editor box type "c:\windows\inf" (without the quotes) and click OK.
  6. In the Manufacturers column select Microsoft, then in the Protocols list click Internet Protocol (TCP/IP), and then click OK.
  7. Restart your computer.
Windows 2000

You will be modifying the registry with regedit, so you should first back up the registry.

  1. Go to Start, click Run and type "ntbackup" (without the quotes) and then hit the Enter key or click OK.
  2. On the Backup wizard click Emergency Repair Disk.
  3. Click Also backup the registry to the repair directory to check the checkbox, and then click OK.

    It is not necessary to insert a diskette. If you do not, you will receive a message that the operation failed, but the registry has already been backed up by then.

  4. Click OK, and then close the Backup wizard.

The first step is to uninstall TCP/IP.

  1. Right-click on My Network Places on the Desktop, and select Properties in the pop-up menu. This will open Network and Dial-up Connections.
  2. Right-click on the icon representing your connection (referred to as a connectoid) and on the pop-up menu select Properties. If you have several connectoids, be sure to remember which one you used, and use the same one again when reinstalling TCP/IP below.
  3. In the Components checked are used in this connection list highlight Internet Protocol (TCP/IP) and click Properties....
  4. Write down the settings in the General tab. You must restore these settings when you reinstall TCP/IP below.
  5. Click Advanced... Write down the setting under all four tabs in the Advanced TCP/IP Settings dialog. You must restore these settings when you reinstall TCP/IP below.
  6. On the Advanced TCP/IP Settings dialog click OK to close it. Then click OK to close the connection properties dialog.
  7. On the Internet Protocol (TCP/IP) dialog click OK to close it.
  8. On the connection properties dialog, Internet Protocol (TCP/IP) should still be highlighted. Click Uninstall.

Reboot your computer. Note that while TCP/IP is uninstalled you will not have network connectivity.

Next we delete some registry keys, including the Winsocks and Winsocks2 keys.

Warning! If you modify the registry incorrectly using regedit, serious problems can occur. You may leave you computer non bootable and have to reinstall, or experience other problems. Use the registry editor at your own risk!

If you are not familiar with regedit, there is a description at How to back up, edit, and restore the registry in Windows 2000

Now we will delete  registry keys.

  1. Go to Start, Run, type "regedit" (without the quotes) and hit the Enter key or click OK.
  2. Using the Registry Editor navigate to the following two keys, and delete the Bind values, which will be shown in the right pane if the Registry Editor.

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Linkage\Bind

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManWorkstation\Linkage\Bind

    Keys are shown in the left pane of the Registry Editor, data contained in them are shown in the right pane. To delete the above Bind keys, you will use the left pane to navigate to the Linkage keys that contain the Bind values. To open (or expand) a key, either click on the "+" or double-click the name of the key. To get to the first key above, find HKEY_LOCAL_MACHINE and open it. In HKEY_LOCAL_MACHINE find System (the keys are alphabetized) and open it, and continue until you have navigated down to the Linkage key in LanManServer. Then in the right pane you will find the Bind value. Left-click on the value name to highlight it, and when you are certain the correct value key is highlighted hit the DEL key on your keyboard, or go to Edit and Delete in the menu at the top of the Registry Editor to delete it. When prompted to confirm the deletion, click yes. Then close the Linkage key in the left pane, (either by clicking the "+" or double-clicking the key name) and open the LanManWorkstation key, highlight the Linkage key, and once again in the right pane delete the Bind value.

  3. Using the Registry Editor navigate to the following three keys, and delete them. Here you will delete the key, which is shown in the left pane of the Registry Editor.

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2

    Keys are shown in the left pane of the Registry Editor, data contained in them are shown in the right pane. To delete the above keys only the left pane is required. To open (or expand) a key, either click on the "+" or double-click the name of the key. To get to the first key above, find HKEY_LOCAL_MACHINE and open it. In HKEY_LOCAL_MACHINE find System (the keys are alphabetized) and open it, and continue until you have found the Winsock key. Left-click on it to highlight it, and when you are certain the correct key is highlighted hit the DEL key on your keyboard, or go to Edit and Delete in the menu at the top of the Registry Editor to delete it. When prompted to confirm the deletion, click yes. Repeat this for the Winsock2 key.

  4. Close the Registry Editor. (click File, then Exit or the close X in upper right corner.)
  5. Restart your computer. During the restart, Windows will detect the absence of the two keys you just deleted, end create blank entries for them. These blank entries are necessary for the next step to work correctly.

It is very important that you perform the reboot above. If you do not, the procedure will fail!

The next step is to reinstall TCP/IP.

  1. Right-click on My Network Places on the Desktop, and select Properties in the pop-up menu. This will open Network and Dial-up Connections.
  2. Right-click on the icon representing your connection (referred to as a connectoid) and on the pop-up menu select Properties. If you have several connectoids, ne sure to use the same one you used in uninstalling TCP/IP above.
  3. Click on Install... and in the network component list box highlight Protocol, then click Add....
  4. In the Manufacturers list select Microsoft. In the list of protocols, click Internet Protocol (TCP/IP), and then click OK.
  5. Restart your computer.

In most cases where the networking stack was corrupted, your networking will now be restored. Voila!