Win XP laptop with possible malware - DNS networking issues

Discussion in 'Malware Help (A Specialist Will Reply)' started by texnyan, Jul 22, 2009.

  1. texnyan

    texnyan Private E-2

    This is my first posting, so I hope to have covered my bases.

    I have been trying to get a laptop cleaned up and back online with no luck. Have tried everything I can think of to correct the problem with no luck. Believe may have malware causing issues.

    Problem: The computer can receive IP address through DHCP on both the WX NIC and the internal NIC plugged in. Can ping inside the local network by IP and hostname. Can ping outside the network by IP, but cannot ping or web browse outside the network by hostname. Have tried manually configuring DNS servers and can ping them by IP, but still nothing by hostname.

    Steps taken so far:
    - Removed Norton Ghost, Symantec Corporate, and McAfee Security suite (all were installed, but were out of subscription) using Add/Remove and then the dedicated Removal tools for those products.
    - Reset the TCP/IP stack, flushed and reregistered dns, cleared arp cache
    - Updated drivers for both NICs and disabled the bluetooth network connection.
    - Uninstalled and reinstalled both NICs

    Had run Process Explorer and noticed a temp file called CATCHME.sys which further had me thinking this might be malware.

    With this done, no improvement at anytime, so then moved to following the malware removal process listed on the site. The requested logs are attached.

    Another thing that seemed odd is that none of the scan tools found any issues. Normally I at least see some minor issues, but this time not a single one.

    I truly appreciate any help with this.
     

    Attached Files:

    texnyan, Jul 22, 2009
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am not finding any malware in your logs. May I assume you did this:
    TDSSserv Non-Plug & Play Driver Disable?

    If so, I suggest you post in the networking forum for further assistance.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real-time protection. They are useful as backup scanners.They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    8. After doing the above, you should work thru the below link:
     
    TimW, Jul 25, 2009
    #2
  3. texnyan

    texnyan Private E-2

    Okay. Thank you for looking. I had not tried the TDSSserv solution, so if I can get to the laptop again (had returned it to owner) I'll get that a look. I did a post in the networking forum, too. So we'll see if we have any luck.

    Thank you again. You guys do good work.
     
    texnyan, Jul 26, 2009
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are most welcome....but to do the fix, you need to have his router returned to factory settings first.
     
    TimW, Jul 28, 2009
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds