Alcan.a and no internet connectivity

infection with alcan.a has apparently killed my home laptop's internet connectivity, so I'm posting this from my work laptop.

the home laptop seems to be running OK, but I'm guessing there are a few lingering things. the inability to connect to the net is troubling. error message is that the network cannot assign an IP address to the computer. I wonder if alcan.a ruined some system files and I need to reinstall XP?

my HJT log (safe mode) is attached and thanks in advance for all replies... I could really use some help.

- Mike

 

What notified you of Alcan.a?

 

I think ad-aware said it picked up a bunch of alcan.a infected files after I ran a scan. I thought at first I had something named alcra.b or close to that... can't recall. does my HJT log suggest something else?

I have tried to clean the latop as best I can, but the lack of internet connectivity is really giving me a headache... no clue what happened or if the virus is still mucking things up.

 

Your HJT log looks good, this particular infection is a P2P WORM. It adds .com files inside multiple zip files. Let's start with SS and then dig a little..

Please see the below thread on how to install and run Spy Sweeper.

• Running Spy Sweeper...

 

spy sweeper found the following adware, then stalled at file 191,909:

searchbarhtml
apropos

the file it got stuck on is:

c:\windows\system32\search.html

sounds fishy. any thoughts?

 

seems to be fixed now except for no internet connection

I re-ran everything as you suggested and had a malware expert look at my logs (his "day job" is bouncing at a strip club, LOL).

he said my HJT log is clean and he also had me use killbox to kill some processes and then he fixed something in regedit.

in any case, we think a new install of XP will be necessary. sucks... but at least the machine is clean.

thanks for everyone's input.

 

my apologies for not posting an updated log, will do so tonight.

RE: alcan.a BFU: I ran that yesterday before posting that I thought I had a clean log. happy to run it again and see what turns up.

RE: internet connectivity: at my wit's end on this, have tried many things:

1. ipconfig refresh / renew

2. editing stuff in regedit

3. lspfix.exe

4. winsockxpfix.exe (I think that was the name...)

5. microsoft's fix where you go in and manually edit the registry under things like LOCALKEY, CURRENTUSER, whatever. checked all the library paths and binary stuff for modifications and made sure the number of entries matched up with the catalog entries or something like that

6. checked the firewall setting, sygate and XP.

7. manually set connections to DHCP enabled or whatever, and auto detect IP, etc.

my connection: cable modem, broadband, ethernet. no router.

hope this is useful and thanks for your time and effort. will report back on logs tonight.

 

not sure what site it came from. my colleague brought it with him with a bunch of other tools he had on one of those little pen drives. he said it was - and I quote - "the alcan worm brute force uninstaller". we ran that first thing after he got to my place.

perhaps he had the wrong tool or one with a misleading name?

again, will report back later tonight.

 

problem is now resolved. there was a corrupt file of some kind in windows so a reinstall was apparently necessary, or at least easier than trying to pinpoint the problematic file.

thanks for everyone's help on this. feel free to close the thread out.