Trying to Rule out Malware

I started a thread in "networking", but i think i should rule out any malware as a possible problem. Here is the thread i started.

http://forums.majorgeeks.com/showthread.php?t=257780

Basically i went to bed with an internet connection and woke up without one. i've tried everything imaginable to solve the issue as specified in the thread, but want to rule out any malware as a possible dilemma.

Since i'm not able to connect to the web via the infected computer (using a 2nd pc now), how will i be able to run the proposed scans that need to download updates? I want to make sure there isn't an issue in the scans before i actually attempt them.

Thanks in advanced.

 

Hi,

Here is how you can manually update:

• http://majorgeeks.com/Malwarebytes_Anti-Malware_Database_d6025.html
• http://majorgeeks.com/SUPERAntiSpyware_Database_Definitions_d6303.html

I will notify Chaslang to add these to the guides.

 

okay thank you, i'm going to finish running the scans and upload the logs asap.

 

i've completed all the scans except for MBAM. MBAM installed, but no icon became present and i couldn't find any link under "all programs".

All the other scans including an Avast scan are attached below.

 

MGtools attached

 

These logs are clean.

Few suggestions from me and then you can continue your thread in Networking.

Completely uninstall Avast. Reboot.

Click Start, and then click Run.
In the Open box, type regedit, and then click OK.
In Registry Editor, locate the following keys, right-click each key, and then click Delete:

• HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock
• HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2

When you are prompted to confirm the deletion, click Yes.
Close the Registry Editor.

Locate the Nettcpip.inf file in C:\WINDOWS\inf and then open the file in Notepad.
Locate the [MS_TCPIP.PrimaryInstall] section. Change the Characteristics = 0xA0 entry by replacing 0xA0 with 0x80. Save the file. Exit Notepad.
In Control Panel, double-click Network Connections, right-click Local Area Connection, and then select Properties.
On the General tab, click Install, select Protocol, and then click Add.
In the Select Network Protocols window, click Have Disk.
In the Copy manufacturer's files from text box, type C:\WINDOWS\inf, and then click OK.
Select Internet Protocol (TCP/IP), and then click OK. It will report as unsigned, this is the one we want! Do not choose Microsoft TCP/IP v6!

Note This step returns you to the Local Area Connection Properties screen. However, the Uninstall button is now available.
Select Internet Protocol (TCP/IP), click Uninstall, and then click Yes.
You will be asked to reboot your PC for the changes to take affect, go ahead and do this now.

Once you have rebooted...
In Control Panel, double-click Network Connections, right-click Local Area Connection, and then select Properties.
On the General tab, click Install, select Protocol, and then click Add.
In the Select Network Protocols window, click Have Disk.
In the Copy Manufacturer's files from text box, type C:\WINDOWS\inf, and then click OK.
Select Internet Protocol (TCP/IP), and then click OK.
Restart your computer.
Test your Internet connectivity.

 

1. i completely removed Avast and rebooted.

2. I deleted the winsock and winsock2 registries as you said.

3. when trying to find the C:\WINDOWS\inf file i received this error message.

"C:\WINDOWS refers to a location that is unavailable. it could be on a hard drive on this computer, or on a network. check to make sure that the disk is properly inserted, or you're connected to the internet or your network, then try again. if it still cannot be located, the information might have been moved to a different location."

i received that error message by specifically searching C:\WINDOWS\inf in Start>My Computer>Search.

4. however i did find nettcpip.inf in C:\WINNT\servicepackfiles\i386 in a windows search. is this the same file you're looking for before i proceed?

 

are those files the same? and will i be able to perform

"In the Copy manufacturer's files from text box, type C:\WINDOWS\inf, and then click OK."

or does the location need to be changed?

 

I don't want you to modify this one. Try these steps:


Go to Start ==> Run (or Windows key+R)
Type the following in the run box and click OK: notepad c:\windows\inf\nettcpip.inf

 

i received the error "the system cannot find the path specified". What now?

 

i did a start > run > searched C:\WINDOWS and it appears that i don't have said folder. I'm assuming that would be causing the problem as to why i can't find the inf file you wanted me to search for.

 

You're right; you don't.

Try this instead:

Go to Start ==> Run (or Windows key+R)
Type the following in the run box and click OK: notepad c:\winnt\inf\nettcpip.inf

That one should work.

 

bingo, that worked, should i proceed with the instructions from post 6?

if so, do i need to change "In the Copy manufacturer's files from text box, type C:\WINDOWS\inf, and then click OK" to C:\WINNT\inf?

 

Yes.

Yes

 

it's late here, so i'll try it in the morning and get back to you asap.

 

Ok

 

i followed the directions and still didn't work. i bypassed the router all together and plugged directly into the modem, still nothing. What's next?

 

Continue your thread in Networking

 

thanks bud i appreciate your help. Couple questions before i go.

1. Would reformatting solve the problem?

2. Could there be a hardware problem such as the motherboard?

 

Most likely yes.

Unlikely in my opinion.

 

i appreciate all your help, i hope this site helps me solve the problem, you've been a blessing. thanks again.

 

You're very welcome, thedon01