First off, this took me over 6 hours to hunt down the fix for this. It takes less than ten minutes to fix and is quite simple, although it looks complex. The solution is toward the bottom, but I want to give a little background as to what happen.
I use Microsoft Essentials as my virus protection and it found one connected to ipsec.sys which was in my system32\drivers folder. Essentials took care of the virus but deleted the driver and that shut down my internet connection.
I use Firefox, however when I tried Internet Explorer it diagnosed that I had a winsock issue. So that is how my search started.
I tried:
1. Doing the diagnostic and resetting the winsock and restarting computer, NOPE
2. Start, run, then typed netsh winsock rest – NOPE
3. Copied the Fix It from Microsoft and ran it from a thumb drive – NOPE
4. Most ipconfig /flushdns and similar command did nothing – NOPE
5. LSPFIX.exe didn’t even show up on my screen when running – NOPE
6. System Restore, I have several dates, but not a single one would restore – NOPE
7. Restarting the DHCP, wouldn’t start – NOPE
8. Renaming the AFD file – NOPE
9. Copying a good copy of ipsec.sys and placing it in my system32\drivers folder – NOPE
I kept seeing something that just seemed too complicated and kind of scary and so I would dismiss it, but in-the-end, it is what I ended up doing and it was surprisingly simple. Not only did the solution below fix the problem, but I also was having problems with after a while my internet would stop working. Usually around 3am or so, anyway, I just had to restart and everything would work but it was pain. It was like links no longer worked and even google wouldn’t load. However the solution below even fixed that. So, if you found this webpage looking for that fix, this will probably do it.
Solution:
DO NOT DISMISS THIS AS COMPLICATED BECAUSE IT IS VERY EASY, JUST LOOKS HARD.
I will try and add some easier explanations as you go.
This solution is found throughout the web and came from microsoft.
==============================
Step #1
Full uninstall of TCP/IP … no bullbleep.
———————————————————————-
These steps are copied from http://support.microsoft.com/kb/325356
11. Locate the Nettcpip.inf file in %winroot%\inf, and then open the file in Notepad.
(%winroot% – just means your windows directory, so just right click your start button and bring up your Explore)
(You are looking for the folder named inf in the widows directory)
12. Locate the [MS_TCPIP.PrimaryInstall] section.
13. Edit the Characteristics = 0xa0 entry and replace 0xa0 with 0×80.
(0xa0 = Zero, the letter X, the letter A, and Zero 0×80 = Zero, X, Eight, Zero)
14. Save the file, and then exit Notepad.
15. In Control Panel, double-click Network Connections, right-click Local Area Connection, and then select Properties.
16. On the General tab, click Install, select Protocol, and then click Add.
17. In the Select Network Protocols window, click Have Disk.
18. In the Copy manufacturer’s files from: text box, type c:\windows\inf and then click OK.
19. Select Internet Protocol (TCP/IP), and then click OK.
Note This step will return you to the Local Area Connection Properties screen, but now the Uninstall button is available.
20. Select Internet Protocol (TCP/IP), click Uninstall, and then click Yes.
RESTART
(This is just info and there is nothing to do)
succesfull uninstallation of TCP/IP will remove numerous keys from the registry including
HKLM/system/CurrentControlSet/services/tcpip
HKLM/system/CurrentControlSet/services/dhcp
HKLM/system/CurrentControlSet/services/dnscache
HKLM/system/CurrentControlSet/services/ipsec
HKLM/system/CurrentControlSet/services/policyagent
HKLM/system/CurrentControlSet/services/atmarpc
HKLM/system/CurrentControlSet/services/nla
These represent various interconnected and interdependant services.
(I did not do this part)
For good measure you should delete the following keys before reinstalling TCP/IP in step #2
HKLM/system/CurrentControlSet/services/winsock
HKLM/system/CurrentControlSet/services/winsock2
(Okay, now after restart you need to reinstall TCP/IP, very simple)
Step #2
Reinstall of TCP/IP
———————————————————————-
Following the above substep #13, replace the 0×80 back to 0xa0, this will eliminate the related “unsigned driver” error that was encountered during the uninstallation phase.
Return to “local area connection”> properties > general tab > install > Protocol > TCP/IP
(I didn’t receive the error so I didn’t have to do the following, I was done with the reinstall at this point)
You may receive an “Extended Error” failure upon trying to reinstall the TCP/IP, this is related to the installer sub-system conflicting with the security database status.
to check the integrity of the security database
esentutl /g c:\windows\security\Database\secedit.sdb
There may be a message saying database is out of date
first try the recovery option
esentutl /r c:\windows\security\Database\secedit.sdb
this did not work for me, I needed the repair option
esentutl /p c:\windows\security\Database\secedit.sdb
rerun the /g option to ensure that integrity is good and database is up to date.
Now return to the “local area network setup”
choose install > protocol > tcp/ip and try again
reboot.
==============================
It has been days since I did this and everything works perfect now. So if you have been searching for hours like I did, this is a very easy solution.
Have a wonderful day,
John David
Yup, this worked for me too, thanks!!!!
Thanks John for this post. It worked like a charm
Thanks John. This worked great!
This is great!!! Only thing I would say is that you should put in a new ipsec.sys file before doing this. I had a lot of trouble even rebooting without it.
Make sure
Start -> run -> regedit
HKLM -> SYSTEM -> Current Control Set -> Services -> IPSEC -> ImagePath
This shows us : system32\DRIVERS\ipsec.sys
is setup appropritely
Something had deleted this registry entry and the File probably an Anti Virus software?
I copied the missing file from the service pack
and put in this registry entry & rebooted
Thx John ! Very useful post /
Hey this was very helpful, but I copied the ipsec.sys from de dllchache in the system32 directory, rebooted the machine, and tathaaa it works….this topic saved my lots of hours!!
Thanks a lot guys !!
Working on a client computer and found (among other things) the problem with internet access gone in regular mode. After a few hours of research (and still correcting other problems) found the ipsec.sys was corrupt issue. Performed the steps above after finally finding this thread and access is back. Not sure if it still doesn’t need reinstall eventually, but no viruses still present after three separate scans.
Excellent thread JD and others here.
I’ve been trying to fix my bro’s pc and had this issue, finally have it fixed. Thnx for this one..
Thanks you that was very helpful….
I just HAD to comment on this. It really helped me a lot, I honestly didn’t know else to do, when I found this page. Thank you very much!
Hello JD and all,
Thanks for very detailed and clear explanations.
I have done all the steps that you mentioned, but unfortunately still no internet connection after all that.
I did not get any error message when I re-installed TCP/IP
I did not reset value from 0×80 to 0xa0 but I think that it does not make any difference.
Now I am totally blocked again.
This did the trick! Thank you so much
Your trick is awesome! It helped a lot! Thank you!
this solution is easy and very well described
i solved my problem
many compliments
thanks a lot
Awesome!!!! This DID work for me as well. Now i´ve also don´t suffer from loooong boot-time. THANK YOU JD!!! =)
Also had to chime in here. Been befuddled with this problem since installing Avast and doing a rootkit scan — it identified ipsec.sys as a virus and stuck it in the chest. Even when I copied it back in the system wasn’t picking it up. Been scouring annoying combofix logs for the last 2 days and getting nowhere with the threads.
Needless to say, found this page and 10 minutes later my PC is back online. Can’t thank you enough, JD.
Thank you a lot for this tutorial, I’ve been searching for days !
the provider guys wanted to change my sister’s NIC, and with your help I proved them they were wrong
thanks a lot!