pc has no network connection after malware removal

Welcome to Major Geeks!

It would be more helpful if you attached all the logs we asked for.

It would be after ComboFix. MGtools does not fix anything that would cause this. It is 99.5% just an information collector. The 0.5% of items fixed/changed are just to restore a few registry keys that malware may have changed. Nothing related to networking is changed by MGtools.

Try shutting off your PC for a few minutes. The turn it back on. If that does not help, attach your logs using your other PC. Also check to make sure your network settings are configured properly.

Not what we asked you to do. This should only be done when normal boot mode cannot be used.

 

You're welcome.

If you find out you still have a problem, attach the logs from the previous cleaning procedure steps you ran. The should all still be there.

 

Make sure that you are in Normal Boot Mode now for all steps unless we ask you to boot in safe mode.

You forgot to attach the requested log from SUPERAntiSpyware. Please attach the below file:

Code:

"C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\"
Aug 30 2011  6554  "SUPERAntiSpyware Scan Log - 08-30-2011 - 20-37-03.log"

Also you are extremely out of date with your copy of Malwarebytes. You need to keep programs updated and should have updated as requested in the READ & RUN ME FIRST. So just to be safe, let's update and rescan.

Now run Malwarebytes and click the Update tab. Then click the Check for Updates button so you update to the current version of the program and database. Then run a new scan with it too. Make sure you fix the problems found before saving a log. Attach the new log.

You also used an out of date copy of ComboFix. You should have updated to use the version given in the procedure. You must not use or even keep old copies of ComboFix. You must delete your old copy now and download and save the below one to your Desktop. Do not run it. We will run it later.

combofix.exe


Do you know what the below servce is for?

O23 - Service: KMService - Unknown owner - C:\WINDOWS\system32\srvany.exe


Uninstall the below old versions of software:
Java(TM) 6 Update 22
Viewpoint Media Player (Remove Only) <-- should have been uninstalled in step 5 of the READ ME

Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

If after running Combofix you discover none of your programs will open up because you recieve the following error: Illegal operation attempted on a registry key that has been marked for deletion then you will need to reboot your computer which will normally fix this problem.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

You're welcome.


Goto the below link and follow the instructions for running TDSSKiller from Kaspersky

• TDSSkiller - How to run

• Be sure to attach your log from TDSSKiller if it found any malware especially if still having any problems. (See: HOW TO: Attach Items To Your Post )

Now please also download MBRCheck to your desktop.

See the download links under this icon http://forums.majorgeeks.com/chaslang/images/MGDownloadLoc.gif

• Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
• It will show a Black screen with some information that will contain either the below line if no problem is found:
  • Done! Press ENTER to exit...
• Or you will see more information like below if a problem is found:
  • Found non-standard or infected MBR.
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
• Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
• MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
• Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )

 

This may not be necessary. Both MBRcheck and TDSSkiller show that you most likely have an infected Master Boot Record ( MBR ) which needs to be fixed. First a couple questions.

1. Do you have all important data backed up? While most of the time, repairing the MBR works without any problems, there is still the risk that there could be a problem due to how malware has hooked into the operating system of your PC. So it is prudent to be backed up first.
2. Do you have your Windows XP boot CD so that we can use it to boot to the Recovery Console to repair your MBR?

 

What are the tiles on the disks? Not sure how your PC vendor is labelling them but something like System CD or Operating System CD or similar may be the correct one. As long as it is not a factory recovery CD. You need a the Windows Operating System boot CD which will be a bootable CD that you can bootup your PC from and then get into the Recovery Console as instructed in the below. See the section titled

Option 2: Starting the Windows Recovery Console from the Windows XP CD-ROM

I don't want you to install the Recovery Console on your hard disk like requested in the ComboFix instructions nor do we want you to boot from this installed version. You must boot from the CD.

 

No! This are likely just factory recovery CDs and you have a factory recovery partition on your hard disk already. Factory Recovery is used to put your PC back to the state it was in when you took it out of the box. Not something most people really want to do since you loose everything you have added/changed since that time.


See what was posted in message # 12 of the below thread and see if you can get this CD to run.

whistler/black internet@mbr again!

 

Yes if you ran the fix for the MBR then rerun MBRcheck and attach a new log.

Also tell me how your PC is working.

 

There is no change in the MBR

1. Are you sure that you booted from this CD? You have to BOOT from this CD. You cannot allow your PC to boot from the hard disk.
2. Are you sure that you actually performed the fix of the MBR?

 

Were you able to follow all the instructions for fixing the MBR? Did it give you any confirmation? If running a repair from the type of boot disk does not work, you may be at a point where you will need an original Windows installation disk to delete partitions, recreate partitions, format and reinstall.

Are you actually having any remaining malware problems? Are you still having the problem that your network connection does not work?


There is another possible option that may or may not work. And that is the Factory Recovery partition that appears to be on your hard disk as drive D. You may be able to use this but it will put the PC back to "out of box" condition and you will lose all info you have on the drive which means you must back up everything you need before trying this.

 

Are you making a bootable CD or are you just copying the iso file to a CD which would not be correct? I need to know if you made a bootable CD and that you actually BOOTED your PC up from powerup direct from this CD and not from your hard disk. You cannot boot into Windows and then run the Hiren utilities.

If it is really an infected MBR, it can be dangerous to your security. It could result in stolen information.

 

It does not say you are infected. It says the format of your MBR is unknown ( that is, it is not recognized to be one of the forms that MBRcheck knows ). It may or may not be a problem. I don't like the fact that it is not being rewritten/fixed using the special boot CD from Hiren, but that still does not mean it is bad. We have seen this occur more and more in recent times and do not have an explanation as to why.

Since you say you are not having any problems, it may be okay, but again we cannot guarantee that.