BleepingComputer.com: Just Cleaned out Vista Antivirus 2012, no internetz

Jump to content

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Just Cleaned out Vista Antivirus 2012, no internetz

#1 User is offline   BloodWraith 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 1
  • Joined: 10-March 09

Posted 05 January 2012 - 12:56 PM

I apologize for the repetitive posts concerning this PITA but as the topic states I have cleared out the pesk Vista Antivirus 2012 and of course the internet is not working on the laptop. It appears that the tcp/ip stack is fubared but all fixes I have encountered thus far have not helped :(

Just as a summary of what has been done:

Cleaned out virus (should be gone but will know for sure when the internet comes back on and I can get mbam updated.

Fixed Legacy SDR issue (the registry entry got hosed somehow)

Ran TDSSKiller, mbam, FixNCR.reg, and pulled a FSS log afterwards

Reset everything of the tcp/ip stack I could think of a performed a netsh winsock reset as well for good measure.

Get a 169.254 address for IP

Please, I need your help :)

Sincerely,

bwraith

Farbar Service Scanner
Ran by User (administrator) on 05-01-2012 at 11:36:11
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll
[2008-01-20 20:49] - [2008-01-20 20:49] - 0024576 ____A (Microsoft Corporation) ACB62BAA1C319B17752553DF3026EEEB

C:\Windows\System32\drivers\nsiproxy.sys
[2008-01-20 20:49] - [2008-01-20 20:49] - 0024064 ____A (Microsoft Corporation) 1523AF19EE8B030BA682F7A53537EAEB

C:\Windows\SysWOW64\dhcpcsvc.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2011-06-18 10:27] - [2011-04-21 08:20] - 0405504 ____A (Microsoft Corporation) 0CC146C4ADDEA45791B18B1E2659F4A9

C:\Windows\System32\drivers\tdx.sys
[2009-06-21 20:08] - [2009-04-10 23:43] - 0094720 ____A (Microsoft Corporation) 458919C8C42E398DC4802178D5FFEE27

C:\Windows\System32\Drivers\tcpip.sys
[2011-11-08 21:44] - [2011-09-20 15:06] - 1426304 ____A (Microsoft Corporation) 2CC45D932BD193CD4117321D469AD6B2

C:\Windows\System32\dnsrslvr.dll
[2011-04-12 20:00] - [2011-03-02 10:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-06-21 20:09] - [2009-04-11 01:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-06-21 20:08] - [2009-04-11 01:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys
[2008-01-20 20:49] - [2008-01-20 20:49] - 0081408 ____A (Microsoft Corporation) C92B9ABDB65A5991E00C28F13491DBA2

C:\Windows\System32\SDRSVC.dll
[2008-01-20 20:47] - [2008-01-20 20:47] - 0128000 ____A (Microsoft Corporation) 4FF71B076A7760FE75EA5AE2D0EE0018

C:\Windows\System32\vssvc.exe
[2009-06-21 20:10] - [2009-04-11 01:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-06-21 20:07] - [2009-04-11 01:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-06-21 20:08] - [2009-04-11 01:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll
[2009-10-01 18:10] - [2009-08-06 20:24] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D

C:\Windows\System32\qmgr.dll
[2009-06-21 20:10] - [2009-04-11 01:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-06-21 20:10] - [2009-04-11 01:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2009-06-21 20:09] - [2009-04-11 01:11] - 0166912 ____A (Microsoft Corporation) 18918613E63F387CDE4D95CA7D49DCF7

C:\Windows\System32\svchost.exe
[2008-01-20 20:50] - [2008-01-20 20:50] - 0027648 ____A (Microsoft Corporation) CDA9F1373805AF88F6FA4F2064BBA24D

C:\Windows\System32\rpcss.dll
[2009-06-21 20:10] - [2009-04-11 01:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****

#2 User is offline   Jet Stream 1 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 6
  • Joined: 06-January 12

Posted 07 January 2012 - 02:06 PM

I had similar issues after eliminating the XP version of this malware.
This fix from Microsoft solved my internet connectivity problem (same 169.254. symptom)
http://support.microsoft.com/kb/299357

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users