Cisco VPN AnyConnect issue after removing malware

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by utlonghorn213@gmail.com, Dec 21, 2011.

  1. Everything was working fine until I ran malware scans. Now I get the following error message:

    The VPN client was unable to setup IP filtering. A VPN connection will not be established.

    I have also gotten this message:

    The VPN client agent was unable to send a failure response to an IPC peer requesting the creation of a VPN connection.

    Attached are my scans.
     

    Attached Files:

  2. thisisu

    thisisu Malware Consultant

    Hello and welcome to Major Geeks, utlonghorn :)

    As you have already noticed, this user is having the same issue as you: http://forums.majorgeeks.com/showthread.php?t=249656

    I am not sure what causes this but even after removing malware traces, the problem was not resolved with the VPN cisco client on Win7 x64.

    We can try removing the malware traces from your PC as well but you may be better suited to seek advice in the Networking forum.
    ____________________________________________________

    Code:
    vpnva             FALSE    OK 
    You also have this service turned off. Not sure if it was due to malware or not as there are very light traces of malware in your logs.
    However, your Mglogs.zip is incomplete so let's run a couple of different scans to gather some more information:

    [​IMG] I want you to read and follow these instructions: TDSSKiller - How to run

    [​IMG] Please download OTL by OldTimer.

    • Save it to your desktop.
    • Double click on the OTL icon on your desktop. (Vista/7 right-click and select Run as Administrator)
    • Check the "Scan All Users" checkbox.
    • Check the "Standard Output".
    • Change the setting of "Drivers" and "Services" to "All"
    • Copy the text in the code box below and paste it into the [​IMG] text-field.
      Code:
      netsvcs
      /md5start
      afd.sys
      atapi.sys
      csrss.exe
      dhcpcsvc.dll
      explorer.exe
      lsass.exe
      nsiproxy.sys
      regedit.exe
      services.exe
      svchost.exe
      tcpip.sys
      tdx.sys
      userinit.exe
      winlogon.exe
      /md5stop
      %systemdrive%\*.*
      %systemdrive%\MGtools\*.*
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.sys /90
      %systemroot%\system32\*.exe /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %windir%\assembly\GAC\*.ini
      %windir%\assembly\GAC_MSIL\*.ini
      %windir%\assembly\gac_32\*.ini
      %windir%\assembly\gac_64\*.ini
      %windir%\assembly\temp\*.ini
      %windir%\assembly\tmp\u /s
      %allusersprofile%\application data\*.exe
      hklm\system\currentcontrolset\services\dhcp
      hklm\system\currentcontrolset\services\afd
      hklm\system\currentcontrolset\services\tdx
      hklm\system\currentcontrolset\services\tcpip
      hklm\system\currentcontrolset\services\nsiproxy
      hklm\software\microsoft\windows\currentversion\run
      hklm\software\microsoft\windows\currentversion\runonce
      
    • Now click the [​IMG] button.
    • Two reports will be created:
      • OTL.txt <-- Will be opened
      • Extra.txt <-- Will be minimized
    • Attach both OTL.txt and Extras.txt to your next message. (How to attach)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds