Malware messing with Avast net connection

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by robert707, Sep 20, 2010.

  1. robert707

    robert707 Corporal

    Windows XP SP3
     Pentium Dual-Core CPU E5200 @ 2.50GHz
     2 GB ram
     Realtek RTL8139/810x Ehternet NIC
     Avast
     D-link wired router
     DSL connection


     I think I have something that's messing with my net connection and/or Avast. A few things happened around the time I started having problems.
    I got an update for Adobe Flash, and right away video and web sites started going slower until I had no net connection. Tried this thing where you use about:config to disable the 'plugin-container.exe' , nothing changed. Cycling my modem would give access for a few pages before it stopped. I was advised on another thread to do fresh installs of Adobe, Java , Shockwave.


    Avast was also acting wierd, it would say it was not protecting upon start up then sort of turn itself on..going from unprotected to protected....if I remember right it would always be protecting and not have a vulnerable moment on start up before. Trying to disable Avast in the task menu it would say that access to Avast was denied (weird?). So I just uninstalled Avast through the control panel.


    After I uninstalled Avast and did the fresh installs noted above I rebooted and had access for a few minutes before it came to a halt again. Because I got rid of Avast and the fresh installs at the same time I don't know which was effective or not but either way it only got my performance back for a few minutes. Other wise system performance has been fine.


     What I've done, none of which has fixed the problem:


     Every step of the RUN&READ ME first Malware guide before you do the scans.


     Super-Anti spyware: no threats found, tried the 'fix net connection'
    MalwareBytes: scanned and found 'Hijack.ControlPanelStyle' ,
    ComboFix: This scan did not work, clicking Combo fix icon on desktop: first got an agreement of terms box, then a C;/ window opens up and I get this message:

     "Date error
     2010-08-18
     check your settings
     OK."


     and no scan happens and that's it for combo-fix


     ROOT PEAL: found one file, 'hiberfil.sys' ----> 'locked to the winows API!'
     MGTOOLS: got this message over and over during scans, kept pressing cancel but it kept scanning through out anyway...

     "Windows- No Disk
     X- Exeption Processing message c0000013 Paramateres
     75b6bf7c 4 75b6bf7c 75b6bf7c"




     And that's it for the scans, because only four of them produced logs there is only this one message.

     I think I might have malware because:


     A: reinstalling Adobe, Java and Showave and uninstalling Avast made no difference.
     B: 2 of the scans found something
     C: Combo-fix didn't work.

     Any feedback on the logs would be great.

    Robert.
     

    Attached Files:

    Last edited by a moderator: Sep 20, 2010
    robert707, Sep 20, 2010
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    This is pointing out part of your problems. The current date is not August 18, 2010. It is now September 20, 2010 ( 2010-09-20 ). You need to fix the date and time on your PC so that ComboFix can run. The logs from MGtools also show you have the wrong date, so a new log from MGtools should be obtained too.

    Normal.
    Not normal and not sure why this is happening yet.
     
    chaslang, Sep 20, 2010
    #2
  3. robert707

    robert707 Corporal

    Changed the date, double clicked on Combo-Fix and got this message:


     "Current date 2010-09-20
     combo-Fix has expired. Click YES to run on REDUCED FUNCTIONALITY." (their caps)


     Then I clicked on yes and the C: / window that was open closed and the ComboFix icon is no longer on the desktop! So I guess I have no more Combo Fix.


     I ran MG tools again....hey, it says Chaslang in the window, am I getting help from the programer?

    So I only have a new MG log.

     So is combo-fix the best for scanning? Was Anything showing in the other logs?
    Thanks for help or any ideas on what's going on.
     

    Attached Files:

    Last edited by a moderator: Sep 20, 2010
    robert707, Sep 20, 2010
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Correct. You need to redownload the current version to run a scan now that you fixed your date.

    No there was nothing in the other logs. What malware problems do you believe you are currently having? You no longer have Avast installed and any update problems with it may have been due to your date being set incorrectly.
     
    chaslang, Sep 20, 2010
    #4
  5. robert707

    robert707 Corporal

    Here's the Combo-Fix log just in case it shows anything.


    As for why I think it's Malware:

    Like I said, my system can't connect to the net, or it does briefly after I cycle the modem and then it stops. It just feels like a virus, the way It's connected at first and then something kicks in and it stops...like something is actively stopping it. Because if there was something wrong with the connection wouldn't it just always be completely stopped?


    All the stuff I said in first post about Avast going from unprotected to protected on it's own like that.

    At first I thought it was the Adobe update because that's around the time it started but reinstalling Adobe, Java and Shockwave made no difference. It's also hard to understand how those things could affect the connection.

    I had the same problem with my last PC which started with net problems and slowly started to kill off the rest of the system which I had to replace with my current new one. So these initial symptoms remind me of a malware attack I had earlier in the year.


    If these scans don't see it does that mean it not malware? 'Like these scans pretty much get everything? ...any other malware advice or do I need to take this to the Networking forum?


    Thanks Robert.
     

    Attached Files:

    robert707, Sep 21, 2010
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Also clean.

    Not necessarily. You may have some kind of hardware issue. There is absolutely no sign of any malware being at play. The only issue I see ( and it is not malware ) is that your ping times are delayed or not being answered and that your network settings do not look correct. I'm referring to the below information which is seen in the nwktst.txt log inside of MGlogs.zip

    Code:
    ================================================================ 
 
Pinging 66.249.80.104 with 32 bytes of data:
 
Request timed out.
Reply from 66.249.80.104: bytes=32 time=52ms TTL=55
 
Ping statistics for 66.249.80.104:
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 52ms, Maximum = 52ms, Average = 52ms
 
================================================================= 
 
Pinging [URL="http://www.l.google.com"]www.l.google.com[/URL] [173.194.32.104] with 32 bytes of data:
 
Request timed out.
Request timed out.
 
Ping statistics for 173.194.32.104:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
 
================================================================= 
Doing nslookup google.com 
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  216.58.97.21
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
    And also the below which shows a node type of unknown and then you have IP Routing Enabled which I would expect not to be the case. And also shows that your DHCP lease should have already expired ( you should release and renew)
    Code:
    Checking ipconfig 
 
Windows IP Configuration
 
        Host Name . . . . . . . . . . . . : anonymous
        Primary Dns Suffix  . . . . . . . : 
[COLOR=darkred][B]      Node Type . . . . . . . . . . . . : Unknown[/B][/COLOR]
[COLOR=darkred][B]      IP Routing Enabled. . . . . . . . : Yes[/B][/COLOR]
        WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Local Area Connection:
 
        Connection-specific DNS Suffix  . : 
        Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.0.134
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.0.1
        DHCP Server . . . . . . . . . . . : 192.168.0.1
        DNS Servers . . . . . . . . . . . : 216.58.97.21
                                            216.58.97.20
        Lease Obtained. . . . . . . . . . : Samschdeg 21 August 2010 13:13:19
        Lease Expires . . . . . . . . . . : Samschdeg 28 August 2010 13:13:19

     Based on your symptoms and the content of your logs it is extremely unlikely (but not impossible) that your problems are malware. So yes I suggest posting in the Networking Forum and refer them to this thread too. I would have ever use ipconfig to release and renew your connection, and I would try to figure out why your node type is unknown. Are you really supposed to be using IP Routing? Did your ISP configure this?
     
    chaslang, Sep 21, 2010
    #6
  7. robert707

    robert707 Corporal

    "then you have IP Routing Enabled which I would expect not to be the case. And also shows that your DHCP lease should have already expired ( you should release and renew)"

    Do you know how to access the IP routing settings in my OS? My ISP never set anything up on my PC. XP just sort of auto connected everything when I got my new PC. I'd like to change it to see if it makes any difference but can't find the setting for it. The scan section says 'Windows IP'. I'm on windows XP.

    Also how exactly do I use 'ipconfig' to "release and renew your connection"?
    'Cause under the control panel. Under 'Network Connection' ---> repair this connection ...it says it 'could not renew your IP address'. So if there some other way of doing I could try?
     
    robert707, Sep 26, 2010
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You really need to continue this discussion in the Networking Forum but I will give you a couple things to try. For additional help, please goto the Networking Forum.


    First let's make sure that you have set your PC to obtain an IP address automatically ( NOTE: I'm assuming that you do not use a static IP address ) This is also commonly called setting your PC for DHCP. Thus DHCP means you should be set to Obtain an IP address automatically.
    • From the Start menu select Settings and then Control Panel. (Or just Start, Control Panel if it already shows)
    • Double-click Network Connections
      • For a wired network connection, right-click Local Area Connection, and then select Properties
      • For a wireless network connection, right-click Wireless Network Connection, and then select Properties
    • From the General tab, scroll to locate and click Internet Protocol (TCP/IP) , make sure it is checked, and then click the Properties button.
    • Click Obtain an IP Address Automatically
    • Also make sure that down below you have Obtain DNS server address automatically selected
    • Then click OK.
    Now copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it definitely did not work.

    Now reboot your PC. After reboot, do the below.

    Click Start, Run, and enter cmd and click OK to open a command prompt window. At the command prompt enter the below command and then hit the enter key. Note there is a space after the iconfig and after the all

    ipconfig /all > C:\ipinfo.txt


    Now attach the C:\ipinfo.txt log to your next message.
     
    chaslang, Sep 26, 2010
    #8
  9. robert707

    robert707 Corporal

    Merged the fix,
    Got the success message. Have attached info.txt
    After cycling modem managed to 'repair connection' under Network connections.
    Also went into the router and re-ran the connection wizard.

    Connection is still either insanely slow or non-existent

    Because I'm on a DSL I chose ' PPPOE' (in the router Wizard) 'cause the wizard said that's for most DSL users, but should I try 'Dynamic IP address' even if it says that's for Cable users?

    You said you had a couple things for me to try?

    Will continue in Networking but really appreciate any extra tips.

    "You really need to continue this discussion in the Networking Forum but I will give you a couple things to try. For additional help, please go to the Networking Forum."
     

    Attached Files:

    robert707, Sep 27, 2010
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes this is typcial and perhaps even may explain why your network interface is showing up as enabling routing.

    Sorry but you need to continue in the Networking Forum or work this out with your ISP.
     
    chaslang, Sep 29, 2010
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds