Internet connection (winsock) problems

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by TonyMinorGeek, Aug 12, 2010.

  1. TonyMinorGeek

    TonyMinorGeek Private E-2

    Problems started a couple days ago when Firefox started being unable to load web pages. I tried IE and it had the same problem. Diagnose Connection Problems told me

    Windows has detected a problem with the Winsock provider catalog on this computer...

    I let IE do it's fix and rebooted. Firefox and IE worked for about a day. But problems came back.

    Symptoms are: after a reboot, Firefox can load one or two web pages and then it seems Winsock is messed up again. IE always comes up with the same diagnosis (Winsock catalog problem).

    I downloaded WinsockxpFix.exe and ran it. That worked for a few minutes, but not much longer. So I did a complete scan with Norton AV...of course, it found nothing. I also ran MBAM and it found nothing.

    So I came here and started the detailed cleaning procedure. I did the Read & Run Me First. I then ran the five tools/scans. Four logs are attached. This is the RootRepeal log:

    ROOTREPEAL (c) AD, 2007-2009
    ==================================================
    Scan Start Time: 2010/08/12 20:00
    Program Version: Version 1.3.5.0
    Windows Version: Windows XP SP3
    ==================================================

    Hidden/Locked Files
    -------------------



    I also ran the SUPERAntiSpyware Repair broken Network Connection (WinSock LSP Chain)

    Nothing seems to have been able to fix the Firefox/IE connection problems.

    Do the logs indicate virus/malware/etc?
     

    Attached Files:

  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You should not have quite so many users with admin priveleges all on one machine!


    Hmmm, I am not seeing much to do.

    Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:
    Code:
    KILLALL::
    
    DirLook::
    C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
    C:\WINDOWS\system32\drivers\etc\services
    C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    File::
    c:\windows\isRS-000.tmp
    
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe

      [​IMG]

    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Click Start, Run, and enter
    Code:
     ipconfig /flushdns 
    and click OK!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

    What happens when you boot into safe mode with networking? Same troubles or not?
     
  3. TonyMinorGeek

    TonyMinorGeek Private E-2

    Yes, I agree about the admin stuff. But my wife/sons won the previous battle on that one. I removed admin for now except for my account.

    Attached are the logs.

    Unfortunately, the problem is not completely consistent. After applying all fixes last night, the problem persisted for me (on my account), even after reboot. After booting this morning though, my wife was able to use firefox all day successfully (on her account, Mary). And I am using Firefox right now on this computer to post this (my account). So it is essentially working properly at the moment. I will try a couple reboots, plus booting in safe mode and report back.

    I noticed combofix cleaning up PriceGong files. Is this malware I should try to uninstall? There seems to be mixed comments on the net whether or not this is malware.

    Many thanks so far for your help!
     

    Attached Files:

  4. TonyMinorGeek

    TonyMinorGeek Private E-2

    OK, a half-hour of testing, rebooting, etc. and the internet connection seems to be stable for now. Rebooting in safe mode worked also. If I have winsock problems again, I'll try in safe mode and report any differences.

    Do the logs look clean?

    If the problem reappears, what logs should I run when I report?

    Thanks again!
     
  5. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    It is not currently installed, what combofix took out was remnants. Was it something you installed yourself?
    I see it was available at one time as a firefox add on but it not compatible with the latest version. I would say it's more just crap than malware but if you did not install it intentionally yourself then it's for the best it's been dealt with by CF.


    Yes.

    Your best course of action would be to hit up the software forum if the issue arises again.

    Safe surfing! :)

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds