No internet after combofix cleared XP security 2012 virus

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

3 Pages
←
1
2
3

You cannot start a new topic
This topic is locked

No internet after combofix cleared XP security 2012 virus

#31 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,538
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 03 January 2012 - 11:00 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.

NOTE**You can research each of those lines >here< and see if you want to keep them or not
just copy the name between the brackets and paste into the search space
O4 - HKLM\..\Run: [IntelliPoint]

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
- Click Start
When asked, allow the ActiveX control to install
- Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options
Click Scan
Wait for the scan to finish
Click on copy to clipboard and paste the results here in this topic
you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt

Copy and paste that log as a reply to this topic

Gringo

I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->

<-- Don't worry every little bit helps.

#32 mrtshlita

Member

Group: Members
Posts: 17
Joined: 26-December 11

Posted 04 January 2012 - 07:01 PM

i should note that though my computer connects to the internet, it still won't connect using the cable directly. It stops at renewing IP address. Here are teh results from the scan (it said there were 9 or so infected files):

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=547139a7afc9e84d9c4001c881752355
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-04 04:56:31
# local_time=2012-01-04 11:56:31 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=18373
# found=2
# cleaned=0
# scan_time=4491
C:\Documents and Settings\Daniel J\Desktop\Other Laptop\Desktop\USB\Desktop - Big Computer\apps\smitRem.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Daniel J\Desktop\Other Laptop\Desktop\USB\Desktop - Big Computer\apps\smitRem\Process.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
esets_scanner_update returned -1 esets_gle=53251
# version=7
# IEXPLORE.EXE=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=547139a7afc9e84d9c4001c881752355
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-04 05:08:11
# local_time=2012-01-04 12:08:11 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=753
# found=0
# cleaned=0
# scan_time=150
# version=7
# IEXPLORE.EXE=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=547139a7afc9e84d9c4001c881752355
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-04 07:42:43
# local_time=2012-01-04 02:42:43 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=65685
# found=19
# cleaned=0
# scan_time=9160
C:\Documents and Settings\Daniel J\Desktop\Other Laptop\Desktop\USB\Desktop - Big Computer\apps\smitRem.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Daniel J\Desktop\Other Laptop\Desktop\USB\Desktop - Big Computer\apps\smitRem\Process.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Daniel J\Desktop\Other Laptop\My Documents\apps\smitRem.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Daniel J\Desktop\Other Laptop\My Documents\apps\smitRem\Process.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Daniel J\Desktop\Other Laptop\My Documents\smitRem\Process.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Daniel J\Application Data\Mozilla\Firefox\Profiles\yfuuktbc.default\extensions\{cbafef83-90dd-4ede-891b-da34bf3b91c3}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Daniel J\Local Settings\Application Data\atu.exe.vir a variant of Win32/Kryptik.XZI trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Jessie\Application Data\Mozilla\Firefox\Profiles\to9a8sci.default\extensions\{cbafef83-90dd-4ede-891b-da34bf3b91c3}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ipsec.sys.vir a variant of Win32/Rootkit.Kryptik.HB trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{E065921A-8DE3-4208-8E8E-2DEF84E09D85}\RP198\A0022850.dll a variant of Win32/Kryptik.XVX trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{E065921A-8DE3-4208-8E8E-2DEF84E09D85}\RP198\A0022851.dll a variant of Win32/Kryptik.XVX trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{E065921A-8DE3-4208-8E8E-2DEF84E09D85}\RP198\A0022852.dll a variant of Win32/Kryptik.XVX trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{E065921A-8DE3-4208-8E8E-2DEF84E09D85}\RP200\A0022914.sys a variant of Win32/Rootkit.Kryptik.HB trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{E065921A-8DE3-4208-8E8E-2DEF84E09D85}\RP202\A0023914.sys a variant of Win32/Rootkit.Kryptik.HB trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{E065921A-8DE3-4208-8E8E-2DEF84E09D85}\RP202\A0024031.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{E065921A-8DE3-4208-8E8E-2DEF84E09D85}\RP202\A0024152.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{E065921A-8DE3-4208-8E8E-2DEF84E09D85}\RP202\A0024153.exe a variant of Win32/Kryptik.XZI trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{E065921A-8DE3-4208-8E8E-2DEF84E09D85}\RP202\A0024158.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{E065921A-8DE3-4208-8E8E-2DEF84E09D85}\RP208\A0024886.sys a variant of Win32/Rootkit.Kryptik.HB trojan (unable to clean) 00000000000000000000000000000000 I

#33 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,538
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 04 January 2012 - 09:39 PM

go back to post 13 and do each thing one at a time and check the connection each time

gringo

<-- Don't worry every little bit helps.

#34 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,538
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 07 January 2012 - 12:03 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

do you still need help with this?
do you need more time?
are you having problems following my instructions?
if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

<-- Don't worry every little bit helps.

#35 mrtshlita

Member

Group: Members
Posts: 17
Joined: 26-December 11

Posted 07 January 2012 - 06:11 PM

Hi,

I need a little more time to go through that whole step again. I should be able to do it tomorrow. Thank you so much.

#36 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,538
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 07 January 2012 - 08:15 PM

No problem and thanks for letting me know

gringo

<-- Don't worry every little bit helps.

#37 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,538
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 10 January 2012 - 12:26 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.