IE7 and Firefox Internet Access

I have recently had a fairly nasty malware/spyware attack on my PC. I think I have cleared most of it up using methods and programs recommended on this website (superantispyware, spybot, malwarebytes antimalware remover etc). I have also scanned using AVG but it turned up nothing.

Since doing this at some point Internet Explorer 7 and Firefox have both completely lost internet access. But updates for AVG and the other programs above have still downloaded fine and utorrent is also still functioning.

THe microsoft diagnostic tool thinks that this is a firewall issue but I only use the firewall on my netgear DG834G router and the other computers connected to it have no problems with internet access.

Im not really sure what other info you may need but I think I have logs for the aforementioned programs. I am completely at a loss of what to do next and very frustrated.

Please help!!!

Jonor85

 

Just had a spyware attack on your computer and your back to utorrent? I would be extra careful and only download legit torrents.

I would try a WinSock fix. What this does is reset all of the network functions back to their defaults.

XP (download and run) - http://www.snapfiles.com/get/winsockxpfix.html
Vista (command line) - http://www.mydigitallife.info/2007/...ndows-vista-tcpip-winsock-catalog-corruption/

 

first 3 logs....

 

Ok thats all the logs I think. Just as an update, now I can't even download updates on it. I have gone through the whole malware clean up process you suggested and it has made not noticeable difference to firefox or IE7.

I just opened utorrent to check the limits of my connectivity.

As for the firewall issue, windows firewall is disabled and my computer is self built so no firewall program has even been installed.

I've just realised you told me to post my logs in the malware forum.... whoops. Will do so now.

 

Cannot access internet, recent malware attack

I have recently had a fairly nasty malware/spyware attack on my PC and now I can't access the internet.

Windows claims to be connected. The connection loss was gradual; first both explorers went and updates for programs such as AVG and superantimalware functioned for a while but have now lost the connection.

Other computers on the same network can still access the internet and my computer still claims it is connected.

Completed the malware removal guide. Logs attached on a different thread, apologies I didn't realise I had been asked to post on this forum rather than the other.

http://forums.majorgeeks.com/showthread.php?t=173490&goto=newpost

Please help!!!

Jonor85

 

Ok here is a new Mgtools log. I hope it is ok, I am sure it has run to completion and I ensured that none of my protection was blocking it as far as I know. Teatimer disabled, AVG is currently uninstalled. Other programs include malwarebytes antimalware and super antispyware but I don't think they even have protection on the free versions. My firewall is on the router.

Hope this is better, thanks for your help on this, much appreciated.

Jonor85

 

Here are the logs you requested. I still can't access the internet but my computer still insists I am connected.

Thanks

 

The mglog is attached. Nothing has changed; still cannot access internet, computer still claims to be connected to the network.

Thanks

Jonor85

 

Logs attached. Since the last set of instructions my wireless adapter driver encounters errors on start up. Also the network connections button on the right of the taskbar has disappeared. When getting to network connections via the control panel, neither my wireless or ethernet (usually disabled) connections show

Thanks for the help.

 

checked the services list.

Network connections (netman) startup type: automatic status: blank.
NLA startup type: automatic status: blank.
System Restore Service Startup: Automatic Status: Started.


ran the scan and used the CD but it gave me notifications on what it had done, it just closed. I presume it worked ok.

Checked device manager, all fine except "Nvidia nforce networking controller #2" which I presume is my ethernet connection that I have disabled.

Regarding my network connections icons, the fact that they have disappeared, is that a result of the problem or should I try to reestablish it?

Also with my wireless card driver errors, when I look at device manager it says it is working properly and that presumably means the driver is actually ok?

Thanks for your help on this, much apprieciated.

 

Net connections

General tab: Path to executable : C:\Program Files\tinyproxy\tinyproxy.exe
Service status: stopped
Recovery tab: All fails say restart service reset fail count after 0 days and restart service after one minute.

Dependancies tab: None

NLA says the same as network connections under each tab

My network places are not on my desktop or the taskbar do you mean network connections? That is not on the desktop or taskbar either. I can access both via the control panel.

When I try to connect to the network using the new connections wizard, the wizard simply doesn’t start.

 

No I can't, the boxes are grey rather than white. I have no idea how to change it.

What do you suggest?

 

network adapters uninstalled. the tinyproxy path remains.

 

Before you start the below, physically unplug the cable to your computer and shut down all antispy and antivirus programs.

Now, download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Once you comlete the above, attach the log from Avenger.

 

Avenger log attached

 

First, download a fresh copy of ComboFix and run this once more. Attach the new log once completed.

Second, please download Registry Search (see the link titled RegSearch Download Link )

• Extract the files from Regsearch.zip into a folder.
• Doubleclick regsearch.exe to start the program.
• Enter tinyproxy in the top area of the form and then click "OK".
• Notepad will be opened with text in it (the file named RegSearch.txt will be saved in the program's folder as well). Attach this file along with the new ComboFix log.

 

attached

 

Do you have your WinXP disc? If you do NOT have a WinXP disc, then please follow the below instructions.

Installing Windows Recovery Console Using ComboFix

Also, please see the below thread and attach a log.

Running GMER to detect rootkits

Your next post should contain, the following two logs:

• GMER Log
• CF_RC.txt log

 

I do have the XP disc and the recovery console is already installed on my computer.

Here is the GMER log.

 

Let's start by copying the bold text below to notepad. Save it as fixDNSC.reg to your desktop. Be sure the "Save as" type is set to "all files".

• Please go to this link:http://live.sysinternals.com/
• find the psexec.exe file listed in the list and click on it and download and save it to your Desktop. Doing this properly is critical for other steps below.
• Now click Start, Run, and enter cmd and click OK. This will open a command prompt window with a prompt that shows the current folder you are in.
• For you the prompt should show C:\Documents and Settings\User>
• Now type cd Desktop and hit the enter key. There is a space after the cd.
• If you do this properly, your prompt will change to C:\Documents and Settings\User\Desktop>
• Type the below bold text and hit the enter key. This will open the Window Registry Editor. You will have to agree to the SysInternals License Agreement first that pops up.
  • psexec -s -i regedit
• In the Registry Editor click File, Import and then navigate to the fixDNSC.reg file on your Desktop from the previous fix and double click on it to import it into your registry. If it works properly you should get a success message.
• If you get a success message continue on with the below, otherwise stop and explain to me any problems you had.

Now, download a fresh copy of ComboFix and attach the new log, also run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• ComboFix Log
• C:\MGlogs.zip

Make sure you tell me how things are working now!