Antivirus Pro-internet down, no executables

Discussion in 'Malware Help (A Specialist Will Reply)' started by Rajtow, Dec 11, 2009.

  1. Rajtow

    Rajtow Private E-2

    Hi - need help with this malicious prog.

    I have a desktop with XP. Yesterday, the Antivirus pro thing got on it and it stopped me from getting online and stopped the executables. I also have a laptop that I am using to post this and a USB to transfer data.

    I read the thread here about a similar problem and followed the instructions - However I am still unable to get to the internet...

    1) was able to transfer rkill and run it to stop the malware
    2) Ran avpfind.bat
    3) Ran exehelper
    4) Ran SuperAntiSpyware (updated manually)
    5) Followed instructions to repair internet access but was still unable to connect (repairs-repair winsockchain) - apparently unable to get ip address
    6) Ran MBtools- it found some more stuff which it removed and the computer rebooted.

    I am attaching the relevant logs below...

    I would be most grateful for any help...
    Thanks.
     

    Attached Files:

    Rajtow, Dec 11, 2009
    #1
  2. Rajtow

    Rajtow Private E-2

    I would really be thankful for any help...

    I also performed another 2 recommended scans...

    ComboFix
    RootRepeal

    I am attaching the logs here...

    The internet is still down... wondering what I could do - any help would be absolutely awesome...

    Thank you so much for your help...
     

    Attached Files:

    Rajtow, Dec 11, 2009
    #2
  3. Rajtow

    Rajtow Private E-2

    Hi - Checked the Winsock Diagnostic internet connectivity log file - maybe this will give more info to anyone who can help.

    Thank you for any help - really appreciate it.

    Regards.
    Raj.
     

    Attached Files:

    Rajtow, Dec 11, 2009
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    I assume you meant MGtools. You need to attach the MGlogs.zip file from running MGtools.


    • Also please save Win32kDiag file to your desktop.
    • Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please attach this log
    "%userprofile%\desktop\win32kdiag.exe" -f -r


    Do you use a Proxy Server to connect to the internet? If not, then you need to make sure your browser settings are not set to use a proxy. If you do use a Proxy, then you need to make sure the proper values are entered.


    Also if you were using a wireless connection, try a wired connection. Also check to make sure the parameters for your network interface are still setup properly to use DHCP (assuming you don't use a static IP address). DHCP means you should be set to Obtain an IP address automatically. If you don't know how to do this see this link: http://uits.iu.edu/page/aiyy
     
    chaslang, Dec 13, 2009
    #4
  5. Rajtow

    Rajtow Private E-2

    Hi chaslang,

    Thank you so much for replying...

    I am using a cable modem to connect to the net. I checked the settings for the connection and made sure that the "Automatically obtain IP address" was being used. I suppose that I am not using a proxy server.

    Problem seems to be that it can't obtain the IP address as it says in the winsock diagnostic text I attached above due to some missing file or something. Just to be sure, I ran the repair from SAS and also the windows repair a couple of times and rebooted the computer - but, alas, no go.

    Yes I did mean MGTools:-o and am attaching the relevant zip folder. Also I ran the win32kdiag file and am attaching that as well.

    Thank you so much...
     

    Attached Files:

    Rajtow, Dec 14, 2009
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    My point is that you need to check! If you have told your browser to use a proxy and you don't have one, you will not be able to connect. Similar if you have not told your brower to use a proxy and you need the proxy, you also will not connect.

    Does Device Manager show any errors for your Network Interface?



    Click Start > Run and type in cmd
    • Click OK.
    • This will open a command prompt.
    • Type or copy and paste the following line in the command window:
      ipconfig /all > c:\network.txt
    • Hit Enter
    • Exit the command window
    Attach the c:\network.txt file to your next message.

    In our cleaning procedure the first instructions stated that you must not have more than one antivirus installed. You are using both Avira and Microsoft Windows OneCare Live\Antivirus. Uninstall Windows OneCare Live immediately and reboot.
     
    chaslang, Dec 17, 2009
    #6
  7. Rajtow

    Rajtow Private E-2

    Hi Chaslang,

    Thank you for replying...:)

    1) I checked the settings and am definitely not using a proxy server. Also, the settings are for not using the proxy.
    2) I am attaching the ipconfig file
    3) I have removed Windows One care and rebooted the system
    4) I checked the Device manager and it does not show any errors on the network interface

    When I click on the network icon it says that the network was unable to assign an ip address - why this is so is presumably the question, alas...:(

    Thank You so much...
     

    Attached Files:

    Rajtow, Dec 18, 2009
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Well you are not getting a valid IP Address.
    • Why do you have IP Routing enabled? Is it also enabled on your laptop that is working?
    • Is your laptop wireless or wired? Does it work with a wired connection too?
    • Do you have a router in between your cable modem and PCs? What kind of router? And how many ports does it have? Have you tried another port?
    • What happens if you run ipconfig /release and the ipconfig /renew from the command prompt?
    • Run the ipconfig /all > c:\network.txt command on your laptop and give me that file.
    • Have you tried reinstalling the drivers for your network card?
    You may have to take this to the Networking Forum since it does not appear to be malware.
     
    chaslang, Dec 21, 2009
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds