No internet access

Discussion in 'Malware Help (A Specialist Will Reply)' started by stumpy842, Dec 5, 2012.

  1. stumpy842

    stumpy842 Private E-2

    After Avast found and deleted an infected copy of c:\Windows\System32\Drivers\tcpip.sys, I have no internet access. I tried copying over a good copy from my other machine with no luck.

    Both systems are Windows XP Pro w/SP3 (32-bit). I'm attaching my logs from the READ & RUN ME FIRST section. Thanks!
     

    Attached Files:

    stumpy842, Dec 5, 2012
    #1
  2. stumpy842

    stumpy842 Private E-2

    Hey folks, I did some more checking and found my TCP/IP stack was corrupted. After uninstalling/reinstalling it I can connect now!

    I'll give it a few days, then toggle System Restore to clear out any possible junk in the restore points. At least I know my system is relatively clean now after running the programs from the malware removal thread (I hope, although none of those really found any issues).
     
    stumpy842, Dec 5, 2012
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    There may be more issues to fix. Let's take a new look to see where things stand.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\MGlogs.zip
     
    chaslang, Dec 7, 2012
    #3
  4. stumpy842

    stumpy842 Private E-2

    OK here is the new log file... Thanks for the help!
     

    Attached Files:

    stumpy842, Dec 7, 2012
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It looks like your BITS service has been disable and this will make it impossible to get Windows Updates. Let's see if we can fix it.


    Be patient while doing the below. The fixes can sometimes take quite awhile to run. Especially the permissions repairs. It may be best to kick it off and goto bed or do something else. It is better not to run anything while the repairs are going on.

    Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.
    • Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)
    • Now select the Start Repairs tab.
    • The click the Start button.
    • Create a System Restore point if prompted.
    • On the next screen, click the Unselect All button to first deselect all repairs.
    • Now select the following repair options:
      • Reset Registry Permissions
      • Reset File Permissions
      • Register System Files
      • Repair WMI
      • Remove Policies Set By Infections
      • Repair Windows Updates
      • Set Windows Services To Default Startup
    • Now on the lower right side check the box to Restart/Shutdown System When Finished
    • Then make sure the Restart System radio button is enabled.
    • Shutdown any other programs that you are running now before continuing.
    • Now click the Start button.
    • Be patient while the tool repairs the selected items.
    • It should reboot automatically when finished.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Dec 8, 2012
    #5
  6. stumpy842

    stumpy842 Private E-2

    @chaslang I really appreciate all the help! When some other stuff quit working on me this morning, I finally got PO'd and did a full backup with DriveImage XML (running from a BartPE disc), then wiped the entire system and reinstalled.

    I don't know if I got hit with a rootkit or what, but the anti-malware programs' results were fairly inconclusive, and I decided it might be safer to simply start over with a clean slate. Of course an added benefit is a faster system, since (for now) the registry isn't all junked up with years of accumulated garbage, so I figure its win-win.

    BTW sure glad I just received my new 1 TB external HD yesterday (that some internet company who likes Eggs conveniently had on sale!)...

    Thanks again and if I run into more problems I know where to come ;)
     
    stumpy842, Dec 9, 2012
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Glad to hear you have it working well now.

    Your problems were symptomatic of a ZeroAccess or other TDL infection but there were no signs of this other than possibly the fact that your MBR type showed as unknown. This is not always a problem though.
     
    chaslang, Dec 10, 2012
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds