No internet connection after run&read 1st.

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by fdmevron, Apr 23, 2012.

  1. fdmevron

    fdmevron Private E-2

    Hello

    I recently downloaded a keygen for Diablo 2. I was infected by a virus that diverted some web page links and would make contact with addresses in Germany and Russia. I used a reverse IP search engine to find out who they were. The sites were mostly computer generated pages, word stuffing and PPC sites. The virus also disabled zone alarm and made it impossible for me to access the internet without shutting down zone alarm. I ran Clam win and spybot which found some files. Clamwin found the rootmodem.dll file being run in Ram memory.

    I soon found this site and started the "read and run this first" thread. I followed each step until combofix removed my c:\windows\system32\PSLogon.dll and I replaced it in order to access my account in normal mode (safe mode was working). I HAVE STOPPED ON STEP 3.

    An internet connection is detected but I cannot access it from firefox and the connection manager show the connection to be weak or not connected.

    Besides that. All the problems I was having seem to be gone. I turned on malwarebytes in order to detect any outgoing activity. And there was none.

    I know that I diverted from the original recipe. If I have to start all over again I understand.

    -Fdmevron

    I have attached the log files as requested.
     

    Attached Files:

    fdmevron, Apr 23, 2012
    #1
  2. fdmevron

    fdmevron Private E-2

    One last log.
     

    Attached Files:

    fdmevron, Apr 23, 2012
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    You are suffering from a ZeroAccess infection.


    1. Go to Start ==> Run (or Windows key+R)
      • Type the following in the run box and click OK: notepad c:\windows\inf\nettcpip.inf
        (note that there is space after notepad)
      • The above file will open in the notepad.
      • Under TCP/IP Primary Install section find the following: Characteristics = 0xA0
      • Edit 0xA0 and replace it with 0x80 (replace A with 8)
      • Under File menu click Save and close the notepad.
    2. Go to Start ==> Control Panel. Double-click Network Connections. Right-click Local Area Connection, and select Properties.
      • On the General tab, click Install a popup window opens.
      • Select Protocol from the list and then click Add.
      • A new window opens, click Have Disk....
      • In the browse... box type c:\windows\inf
      • Click OK.
      • Select Internet Protocol (TCP/IP), and then click OK.
      • On the Local Area Connection Properties screen select Internet Protocol (TCP/IP) and click Uninstall, and then click Yes.
      • Wait until it asks to restart, and then restart as requested. Continue with the below after restarting.
    3. Go to Start ==> Run (or Windows key+R)
      • Type the following in the run box and click OK: notepad c:\windows\inf\nettcpip.inf
        (note that there is space after notepad)
      • A file opens in the notepad. Under TCP/IP Primary Install section find the following: Characteristics = 0x80
      • Edit 0x80 and replace it with 0xA0 (replace 8 with A)
      • Under File menu click Save and close the notepad.
    4. Go to Start ==> Control Panel. Double-click Network Connections. Right-click Local Area Connection, and select Properties.
      • On the General tab, click Install
      • A popup window opens. Select Protocol.
      • A new popup window opens. Select Internet Protocol (TCP/IP), and then click OK.
      • Wait until it asks to restart, and then restart as requested. Continue with the below after restarting.
    5. After restart please rerun TDSSkiller again and save log to attach below.
    6. Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


      Then attach the below logs:
      • the TDSSKiller log
      • C:\MGlogs.zip
     
    chaslang, Apr 23, 2012
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds