This week we ran into something I’d seen once before where a computer post-cloning started exhibiting the classic symptoms of a failing network card or switch, showed a 169.x.x.x address in ipconfig even though a hardcoded address was present, pings would intermittently time out as though a switch or network card was busted.

I’ve also seen it a few times after malware was forcibly removed.

This happened to us days after we used a software to live clone the Windows 10 OS drive. It’s happened to me before with different cloning software and a Windows 7 machine.

Symptoms (cloning)

  • IPCONFIG will show an address of 169.xx.xx.xx (xx=something) on your primary network card.
  • DHCP assigned addresses will probably work, hardcoded not so much
  • PING will randomly timeout on local addresses, may not be able to reach some. Timeouts may appear in 15 second blocks for no evident reason.
  • You edit the network connection in the GUI and it refuses to show in ipconfig
  • Gateway may mysteriously disappear in GUI

Symptoms (malware)

  • Any of the above
  • Everything may look like it’s set up but network card will no longer talk to internet

Cause

Winsock’s internal database is corrupted. It won’t fix it for some reason, or potentially networking has been reconfigured by malware.

Resolution

  • open a command prompt as an administrator (start, type “cmd” right click on what pops up and choose run as administrator)
  • at the command prompt type “netsh winsock reset”
  • reboot computer
  • set up your network card again

netsh winsock

Programs/Tools mentioned

ipconfig – a command prompt level tool that shows you your network card settings. Safe things if you want to see what it does are: ipconfig by itself, ipconfig /all to show all adapters, ipconfig /all | more to show all adapter but show information a page at a time.

cmd – the command prompt. You get into it by typing cmd in the start menu, and you can exit it by either closing the window or typing “exit”

netsh – allows you to edit, show, and do a lot of network related junk. You can type netsh by itself to get into it, type winsock to get into the winsock menu, and from there there are a variety of options on any level that you can execute that might bite you in the booty. The only one I mention here is the reset function. If you want to explore type a question mark.

Shortcut

You can do this in one move by typing “netsh winsock reset” in the start menu, right clicking it when it shows up at the top of the menu, and choosing run as administrator.