Sony Vaio PVC-RZ14G Hijacked - won't connect to network

Discussion in 'Malware Help (A Specialist Will Reply)' started by lckc, Jan 14, 2010.

  1. lckc

    lckc Private E-2

    Computer has been infected with virus/trojan. Network connection has been hijinxed. Have completed the READ THIS FIRST steps (completed in Safe Mode). The Sony Vaio PCV-RZ14G is running MS XP Home with Service Pack 2, Norton 360 Premier Edition.
    Will not connect to network. After READ ME FIRST steps will only boot up in Safe Mode. Decided not to restart in Last Known Good Startup as this just recycles me back to a corrupt state with Registry issues repeated.
    Have been going in circles for the better part of the week and am not sure where to turn from here. Could not get RootRepeal to run. System always hangs at initializing step. The computer has network connections which are listed as working properly (local area connection w/ Realtek RTL8139/810x family Ethernet NIC and Wireless network connection 2 w/ Rangemax Next Wireless Adapter WN311B. Keep getting message that system is not able to connect to network even though 2 other computers are up and running right next to the one I have been trying to fix. Have run network diagnostic. Have checked settings in MS IE and they seem OK. Did notice at one time that the homepage was being redirected (www.microsoft.com/isapi/redir.dll?prd=iepver=6ar=mshome) but that has been cleaned out in the Read Me First process. Also noticed during ComboFix that iastor.sys was not found.
    Not sure where to go from here short of XP reinstall which I am really trying to avoid.
    Any assistance that can be provided is appreciated.
     

    Attached Files:

    lckc, Jan 14, 2010
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    First, please take ComboFix out of the Malwarebytes folder on your desktop and slide it directly onto the desktop. It should be here:
    c:\documents and settings\Barbara\Desktop\ComboFix.exe

    Why are you running in safe mode? What exactly happens if you try to boot to normal mode?

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.

    After clicking Fix, exit HJT.

    Now copy just the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    Now please try to install SP3 on your computer.

    Let me know if you are able to do that. If so, then run ComboFix and then run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\ComboFix.txt
    * C:\MGlogs.zip
     
    TimW, Jan 16, 2010
    #2
  3. lckc

    lckc Private E-2

    First of all thank you for taking the time to assist me on this quest.
    Answers to Questions:
    Q1: That was the folder I used to load all of the fix it files as the machine does not connect to the internet. I will move the Combo fix file directly to the desktop.
    Q2: Not able to start operating system after performing the fix it steps in the READ Me First instructions. The only way the system will boot up is to use the "Start up in the last successful configuration". Whe I did that all of the fix it steps seemed to be undone. After doing this 2 times I elected to start in Safe Mode which at least booted but still does not connect to internet and began this thread hoping someone could steer me clear of whatever I was doing incorrectly.
    Will go ahead and perform the tasks outlined in your reply and enter outcomes in my next reply.
    Thanks again!
     
    lckc, Jan 17, 2010
    #3
  4. lckc

    lckc Private E-2

    Performed all tasks as outlined in Tim W (1-16-2010) post.
    Successfully fixed registry per edit instructions.
    Created a restore point
    installed SP3 successfully. At restart needed to do a disk check for consistency and then system booted normally.
    Have established an internet connection but does not seem to be stable as connection is lost or iE freezes in use.
    Wireless connection has been hit and miss but mostly miss. (Netgear RangeMax Wireless N PCI Adapter)
    No sound. Checked devices and all report "working normally".(Yamaha AC-XG WDM Audio) Have checked Audio in Admin Tools and reports OK.
    Ran ComboFix and MGTools\GetLogs.bat and attached logs as instructed.
    TimW thanks for the guidance so far as you helped make more progress with instructions in one post than I was able to accomplish in countless hours over 3 weeks.
    I now hold out a guarded hope that the computer can be repaired.
    Your assistance is much appreciated.
     

    Attached Files:

    lckc, Jan 18, 2010
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your logs are clean. But you needed to put MGTools.exe directly on your C:\ drive, not here:
    C:\Documents and Settings\Barbara\Desktop\MGtools.exe

    Your lingering issues with IE and sound would best be addressed in the software forums.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real-time protection. They are useful as backup scanners.They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Go to add/remove programs and uninstall HijackThis.
    7. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    8. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore ato create a new clean Restore Point.
    9. After doing the above, you should work thru the below link:
     
    TimW, Jan 20, 2010
    #5
  6. lckc

    lckc Private E-2

    Many thanks to TimW for your advice and direction.
    Have completed all instructions in your last post and am happy to report the computer has been running without incident for a couple of hours now.
    Turns out the wireless networking was attributed to faulty hardware and the no sound problem was remedied by reinstalling DirectX and then running through all the pages associated with sound and music.
    Having never submitted a problem to a help forum before. :)You certainly made my first experience a very positive one. You can't imagine how happy I am not to have to go through the time and effort of backing up - flashing - and then reinstalling the operating system and all associated programs and drivers.
    You are coounted among my heroes.
    Hope someday I can do the same for others.
    Signing off as a lowly private!
     
    lckc, Jan 20, 2010
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are most welcome...safe surfing. :)
     
    TimW, Jan 22, 2010
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds