After removing ssq*.dll, I now have no internet access (everything else works fine)

Hello,


I'm an IT guy with a background in Network administration, and this one has me scratching my head.

I'm also a DJ, and was installing an application a friend gave to me (freeware) for joining/splicing MP3 files

Here goes:

I double click on the install, a dos box opens and it's decompressing. Then the Windows installer comes up, everything looks normal, so I continue installing the program. (it installs successfully) Meanwhile, in the background, I get a pop-up from Symantec Corporate Anti-Virus telling me a virus has been found (Trojan) in my Internet Explorer Cache directory (setup.exe). It was very generic looking, so I paid it no mind, figuring it had stopped the spyware-installing program from executing, right? WRONG!

I open up my taskman (CTRL-ALT-DEL), not being a dummy, and find processes running I do not recognize..(gee, I wonder why!) I have to terminate them a couple of times to get them to stay gone (Also used "Terminate Process Tree" on one, then they all disappeared) ie.exe was one of them. I ran housecall, it attempted to delete the Webhance infection, and could not. It also found something that was a supposed unknown variant of "VUNDO", and matched characteristics with it. It could not delete that.

So, (having done this many times before on the computers at the office) I go into the Program Files Directory, and find two directories I do not know:

"bat"

"Webhance"

I was able to go into msconfig, and removing the strange processes from starting. After rebooting into safe mode, I was able to delete every directory, except for the ssq*****.dll (Can't remember the entire file name, I didn't anticipate this happening either, so I didn't write it down) file in the \windows\system32 directory. So, I booted from my handy BartPE disc, and deleted it after booting into the environment on the CD. Then I reboot my computer, and now my wireless adapter is unable to pull an IP from the router, and when I connect to the internet using my Sprint Mobile Broadband card, I'm unable to access any websites. Consequently, I also cannot access any network resources.

I've tried everything I know. I have had occurences like this before, but they always stopped when I deleted the offending file, they didn't start. All my other applications/system functions work normally.:confused

I am officially stumped, and am very curious as to what this is. This is disturbing. I'd hate to imagine the chaos something like this could cause on our corporate network. It'd be a nightmare.

I have contacted my friend, and as it turns out, he downloaded the application out of a torrent, sent it to me, and deleted it. I, of course, deleted the install file after it was done installing. I checked the application's files and directories, and nothing suspect is there. It was a hidden secondary install. He was unaware of it. I have uninstalled the application, just in case.

Please help. This is my personal laptop, and I have a ton of data on there that I now have no way of offloading, short of plugging in an external HD (I could not be assured that whatever this problem is doesn't get copied with my backup).:cry

 

Re: After removing ssq*.dll, I now have no internet access (everything else works fin

Also, when I'm doing something mundane (such as loading music or a document), I'll get the pop-up that tells me windows cannot find a connection, and gives me the two buttons (Work Offline, Try again). Now I know there's still a problem.

I'm really ticked off that I can't figure this out. I'm assuming that there are still pieces of something on my HD. The only hope I have is to connect to the internet through Ethernet on BartPE, and run virus removal/spyware scans from that. But I don't think that's going to fix my problem with no internet/network access. I'm guessing that file was somehow tied into a modified registry entry, but I have no idea where to begin.

(sorry for forgetting to post this in the first entry.)

 

Re: After removing ssq*.dll, I now have no internet access (everything else works fin

Here are 3 of the 4 logs

 

Re: After removing ssq*.dll, I now have no internet access (everything else works fin

Here is the Combofix log file