Deleted afd.sys during a nasty battle with a virus

Son ran TDSSkiller for a google redirect virus and deleted the afd.sys file. No connection to the internet now since we can not acquire a network address. Tried a system restore back to the date prior to the deletion but fails. PC did not come with a Windows XP disc and trying to avoid losing all our data on the pc to use the recovery disc provided by Gateway.

PC runs Window XP Home SP3

Any thoughts of how to get network access again?

 

Hi,

See if you have a afd.sys file in the following folder:

C:\Windows\system32\dllcache

If you do, copy the afd.sys file from this dllcache folder into the below folder:

C:\Windows\system32\drivers

Reboot and test internet

 

Unfortunately there is no dllcache folder in there.

 

Double check, it has to be there

Make sure you are able to view hidden system files and folders ( How to view hidden, system files & folders! )

 

Thanks. Was able to find and copy it over into the systems32/drivers folder and then reboot. Still not able to obtain a network address.

 

Afd.sys alone wasn't the problem. Scan with the below:

Please download Farbar Service Scanner and run it on the computer with the issue.

Check "Include All Files" option.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please attach FSS.txt to your next message. (How to attach)

 

OK. See the attached.

 

Ah, you're missing the entire afd service too
Try the below:

========WARNING========
The below is specifically for Newbomb Turk's computer
Do NOT run the below if you are not Newbomb Turk
Doing so may damage your PC!
========WARNING========

Attached is afd.zip

Inside is:

• afd.reg
• fixme+restart.bat

Extract both files to the infected computer's desktop.

First double-click afd.reg and allow it to merge into the registry. You should receive a successful message.

Now reboot your PC.

Once you have rebooted...

Test your internet, If it still is not working, run the fixme+restart.bat file by double-clicking it.
Your PC will reboot again. Once you are back in Windows, test your internet again.

If it still does not work, attach the fixme_results.txt file the .bat file created.

 

We are now connected once again!! Many Thanks and Merry Christmas. I got my gift early!

 

Merry Christmas

 

I too am having the exact same problem, I'd like to know if I could follow the same steps.

 

Jmckinley712, welcome to MajorGeeks. No you can't run it. That's why thisisu had the warning
========WARNING========
The below is specifically for Newbomb Turk's computer
Do NOT run the below if you are not Newbomb Turk

Go here: http://forums.majorgeeks.com/forumdisplay.php?f=21
click the New Thread button near the top left. State your problem and also include the version of windows you are running and anything you might have tried to fix the problem.
Someone will be along to help.

 

Goored.txt jmckinley712

 

Hello Jmckinley712,

As previously mentioned, it is not recommended that you implement fixes that were created for other users.

I would advise that you read this thread for further assistance: READ & RUN ME FIRST Malware Removal Guide.

If you still have problems after completing the above thread, do what the guide recommends which is create your own thread in the Malware Removal forum with the logs from the scans you were able to complete.

 

I foloowed this to help me get connection to internet. Please see - I am uploading the FSS.txt file as instructed.

 

andykr, you can't use the directions for Jmckinley712. That's why warning are posted in red!
Start your own thread, mention the problem and wait for help.
You also need to mention what version of windows you are running.
Your thread : http://forums.majorgeeks.com/forumdisplay.php?f=21
click the NEW Thread button near the top left then state your problem. Don't attach or run anything until someone gives you instructions.

 

Thank you ! Thank you ! Thank you !

Had Norton, which was ready to expire. Was getting emails to renew. 5 days prior to expiration received " last notification " email. Opened it and got a virus, Google redirect virus.

But, when google for kaspersky or any other software, it will redirect me to Norton.

Was able to remove the virus, but no internet connection.

Found, in devmgmt avd not running. Was not able to restart it. Tried everything. No luck.

This post did the trick.

Great respect for a real geek - THISISU !!!