Ethernet problem after removing Malware

I removed (or did the best I could to remove) a Malware problem but now I'm unable to install an Ethernet driver so I can use my cable modem. Since the Ethernet card is built into the motherboard (Asus) I figured the Ethernet part of the motherboard was blown so I purchased a Ethernet card. Same problem. Maybe the Malware problem still exists? Suggestions to resolve this please. Before purchasing the Ethernet card I tried reinstalling the driver that comes with the ASUS motherboard and that didn't work.

Network adapters has got lots of yellow circles with exclamation points in them.

Example:

Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller

"Windows cannot load the device driver for this hardware. The driver may be corrupted or missing."

I've uninstalled this driver many times and reinstalled the driver many times and I still get this message and lots of other warning type messages listed under Network adapters.

I used Google and found something about using Winsockfix. I downloaded Winsockfix and tried it. Still have the same problem.

 

Hi and welcome to MG's,
If you believe that you are now malware/virus free uninstall the ethernet driver from programs or add/remove programs depending on OS.

download the driver from here......

http://drivers.softpedia.com/get/NE...-PCI-E-Ethernet-Controller-Driver-10042.shtml

if you have to download to another machine save it to a flash drive.

start the machine in safemode (f8 on boot) and install the driver off the flash drive. re-start into windows and see if you now have an ethernet connection.

iain.t :major

 

When I go to download the driver in the link you provided it's labeled for Vista. I'm using XP.

 

Hello,
Here are Atheros Drivers.

Fourth from the top. Version 1.0.1.41

http://www.station-drivers.com/page/atheros.htm

Edit: Sorry the link I posted is dead. Try this site:

http://www.atheros.cz/atheros-network-drivers.php

Note: This is an inf driver not exe.

1. Open Windows Device Manager.
2. In the Device Manager locate the device you wish to update the drivers for.
3. Right-click the device and click Properties.
4. In the Properties window click the Driver tab.
5. Click the Update Driver button.
6. In the Hardware Update Wizard point Windows to the location of the updated drivers on your hard disk drive

 

Do you mean this Atheros driver: Version 1.0.1.47

Why is this any different than the Atheros drivers I have on CD that came with my motherboard which is an ASUS P5KPL-CM? I've tried uninstalling and reinstalling the driver from Windows XP using this CD and it fails to install.

 

The driver on the site I referenced is 1.0.0.41. The latest driver is 1.0.0.49. Did you try to install the inf driver I linked to? Not sure why your install would fail. Do you have an exclamation mark on your network adapter in device manager?

I would also post in the Malware Forum to see if you may still be infected.

 

I don't understand why it fails either.

I have many exclamation marks on the network adapter in the device manager.

I have only tried the original driver on my motherboard CD.

I can't get your link to work so I can download the driver you suggested

 

Can you post a screen shot of Device Manager showing the exclamation marks?

Edit: I attached the 1.0.0.41 driver. Point to the l1e51x86.inf file when installing.

 

Here you is the screenshot you asked for:

 

I tried to install the driver you posted.

I get the same message I always get:

Cannot start this Hardware. Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)

 

I downloaded and installed Super Anti Virus Free Addition. It found a ton of stuff and I removed it.

I downloaded and installed MG Tools and ran it. Not sure what to do with the ton of stuff it found. I left it.

I downloaded and installed ComboFix.exe. It tells me that: "This machine does not have the 'Microsoft Windows recovery console' installed. Alternately, an existing installation of the recover console may be present but requires updating. Without it, ComboFix shall not attempt the fixing of some serious infections.

Click 'Yes" to have ComboFix download/install it.


Ummm... I'm not able to do that so I said "No."

It's now scanning for infected files.

 

I am signing off until tomorrow. I have one more question.

In C:\WINDOWS\system32\drivers do you have the file ndis.sys. If you do, what size is it?

 

I'll check as soon as ComboFix finishes. ComboFix rebooted my machine and is now presenting me with a message that tells me: "Preparing Log Report. Do not run any programs until ComboFix has finished."

 

Have you tried manually repairing Winsock and TCP/IP??? I've found it to be more effective than using app to fix these items. Here's some details:
To reset Winsock, Winsock2, and TCP/IP manually in WinXP:

1. click Start > Run, type regedit and press Enter or click "OK".
2. Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
3. Scroll down to Winsock and right click it, select "Delete".
4. Do the same for Winsock2 - right click and "Delete".
5. Close the registry editor and restart the PC.
6. Once you've restarted, click Start > Control Panel > Network Connections
7. Right click your network adapter and select "Properties".
8. Select "Internet Protocol (TCP/IP)" and click the "Install" button.
9. Select "Protocol" and click the Add button.
10. Click the "Have Disk" button and type c:\windows\system32\inf
in the file location box and press Enter or click "OK".
11. On the list of available protocols, click Internet Protocol (TCP/IP), and then click "OK".
12. Click "OK" a bunch of times until all windows are closed, then restart the PC.
13. Wait a little while for everything to load up and 'stabilize', then try going online.....
More details on this process can be found here:
http://support.microsoft.com/kb/811259

If you have access to any other ethernet device (USB, PCI, wifi, whatever), try installing it with its drivers, then reboot the PC before using the device. This can sometimes cause all the faulty components to "kick in" and your correctly. Also, Kestrel13! has a great suggestion; see posts #2 and #9 above.

 

There is no file called ndis.sys file.

There are files ndistapi.sys ndisuio.sys ndiswan.sys

 

Did everything up till step 7.

7. Right click your network adapter and select "Properties".

It's a blank dialog window. There is no "network adapter to select "Properties" for.

 

You need that ndis.sys file. Is there another computer with XP that you can copy it from? What SP of XP are you running? Note: if you find ndis.sys in the c:\windows or c:\windows\system32 folders it is probably a virus.

 

The system that has the problem is running Windows XP Pro Service Pack 3 and so is the system that I'm using now which has the ndis.sys file in the right place.

On the system with the problem ndis.sys resides in the following places:

C:\MGtoolstemp\NTSPU
C:\MGtools\temp\SPF
C:\Windows\ServicePackFiles\i386

I installed and ran MG Tools because this site recommend I do it.

Before I copy and place ndis.sys should I do anything else with the other ndis.sys files listed above?

 

No,
Leave those there. Just make sure the ndis.sys is in C:\WINDOWS\system32\drivers and from the same SP. Copy it over and then reboot. Then go into the device manager and see if the yellow exclamation marks are still there.

 

That seemed to really help! All yellow exclamation marks are gone and I was able to install the driver. Under Network Connections I now have "Local Area Connection 6" instead of a blank window

I am now able to get to step 10 in dlb's list:

10. Click the "Have Disk" button and type c:\windows\system32\inf
in the file location box and press Enter or click "OK".

When I press Enter I get the following message:

"The specified location does not contain information about your hardware"

 

Are you able to access the internet now? If so, you do not need to reset Winsock.

 

I am not able to access the internet yet but it seems like I'm getting close.

 

Try to reset Winsock using this command.

At a command prompt in a admin account;
type

netsh winsock reset <enter>

Reboot

If you cannot connect to the internet reset TCP/IP

At a command prompt in a admin account;
type

netsh int ip reset c:\resetlog.txt <enter>

Reboot

 

What directory do I have to be in to reset Winsock?

 

Just go to start Run and in the run box type:

cmd <enter>

Then type in the command in my post.

 

I did as you requested. This is the message I get after typing in netsh winsock reset <enter>

Unable to reset the Winsock Catalog. The system cannot find the file specified.

 

Does it still do it if you use this command.

netsh winsock reset catalog <enter>

In C:\WINDOWS\system32\drivers do you have the file tcpip.sys?

 

How about trying to force an uninstall/reinstall of TCP/IP from Add/Remove programs > Add/Remove Windows components, is that possible here?

 

"Does it still do it if you use this command."

netsh winsock reset catalog <enter>

Yes. I'm entering it from C:

Same message as before.

In C:\WINDOWS\system32\drivers do you have the file tcpip.sys?

Yes and I have tcpip6.sys

 

Might be if I was more intelligent and had a clue what I was doing. Trying to do my best to get one. Seems like I've got a long way to go. :-o

 

Hmm, I'm not sure it is on XP, it was on some earlier versions.

Have you tried this method yet?

 

I do not think tcp/ip can be uinstalled on XP, only reset with the command I posted earlier.

netsh int ip reset c:\resetlog.txt <enter>

Try to reset it. Reboot and see if you can connect. If you cannot connect try and do the following

This will scan your protected files and replace any that are corrupted or missing.

At the cmd prompt in an admin account type:

sfc /scannow <enter>

There is a space between sfc and /.

Reboot after the scan is finished.

You may also need your original Windows installation CD.

Do you have a XP SP3 install CD?

 

I do not have a Windows XP Pro service pack 3 disc. I don't even have the original Windows XP Pro disk as I got the computer used. I do have the original tag on the computer with the product key number. I think the original CD was most likely not one with a service pack because the computer is old. I think it has been updated via the internet to service pak 3

 

Just a thought.
Can you go find what your environment variables are and post it here?

# Right-click My Computer, and then click Properties.
# Click the Advanced tab.
# Click Environment variables.

Edit: I am interested in what the Path statement says.

 

User variables or System variables? The reason I ask is that System variables has many and scrolls so a screen shot won't show them all

 

I am just looking for the system variable called Path.

 

%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\NVIDIA Corporation\PhysX\Common;C:\PROGRAM FILES\AUTODESK\ALIAS2011\BIN;%COSMOSM%;C:\SURFCAM\VELOCITY3\TRANS\PRSDDLL\DLL;C:\PROGRAM FILES\COMMON FILES\DIVX SHARED;C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN;C:\PROGRAM FILES\MICROSOFT SQL SERVER\90\TOOLS\BINN;C:\PROGRAM FILES\QUICKTIME\QTSYSTEM;C:\PROGRAM FILES\SMART PROJECTS\ISOBUSTER

 

The path statement looks okay. I thought maybe the path was wrong because Winsock could not find the file. It is almost looking like you would need to do a repair install but unfortunately you do not have an install CD.

Try and do the TCP/IP reset and see what happens.

If you still cannot connect, then do the sfc /scannow I posted earlier even though you do not have an install CD.

 

Is there an i386 folder anywhere on the drive, contents amounting to something over 400MB?

 

Is the Windows XP Pro with Service Pack 3 CD still available to purchase?

 

Per satrow's question:

Is there an i386 folder anywhere on the drive, contents amounting to something over 400MB?

 

There are many i386 folders. One is 564 megs. It's location is c:\windows\ServicePackFiles

 

Okay,
Go to an admin account and click start/run. In the run box type regedit and go to this key.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup

In the Right pane you should see ServicePackSourcePath

the value should point to the path C:\WINDOWS\ServicePackFiles?

If it does then try running the sfc /scannow command I posted earlier.

 

It does.

If I run the command and don't have the Windows XP Service Pak 3 Disk what is going to happen?

 

You will get a dialog box like this. So if it asks for the disk, just hit cancel.

http://www.updatexp.com/image-files/scannow2.gif

 

I'm in the process of hitting Cancel and Yes. I must have done this 50 times by now. :cry

 

Okay,
That tells me you will need to do a repair install. You can find a XP install disk on Ebay. What brand of computer is this?

 

I'm up to at least 100 times.

The computer with a problem was built for me. The one I'm using now is an HP. The one that was built for me has an ASUS motherboard. P5KPL-CM. Will any Windows XP disc work or do I need a specific one?