Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Cannot Delete Network Connection (antivirus 2008)

  • Please log in to reply
1 reply to this topic

#1 Syringa2


  • Members
  • 5 posts
  • Local time:11:37 PM

Posted 16 July 2008 - 11:09 AM


Let my guard down for one millisecond at TitanTV.com and stupidly allowed ActiveX control to load. Antivirus 2008 was installed and started its business (among other things, seems to have installed mrinfo.exe). Shut down the computer as rapidly as possible then rebooted in safe mode and renamed a few files in the Windows folder that showed up with a time stamp at the occurence. Probably, rebooted a couple of times to note I was still infected. Removed the drive to an external case and scanned it with TrendMicro and Kaspersky online scanners. Also scanned it with Windows Defender and maybe something else. Reinstalled and booted the drive to note that the O/S still didn't look right - desktop wallpaper in particular was not as expected. Opened Control Panel 'Display' app to note the tabs weren't right - in particular, the one to change wallpaper was missing + at least one other. Edited group policies to try to unhide them, then hacked the registry to remove wallpaper and obvious virus screen saver (although I couldn't find the files they pointed to - even with Explorer set to show hidden and system files/folders). (Late note: I should have also said that another symptom was the message that 'Task Manager has been disabled by the Administrator' or something like that. I managed to reactivate TaskMan by either group policy editing or hacking in the registry per some MS KB article.)


The wireless and wired network connections don't get an IP address and the Delete context menu item is grayed out. I was able to get rid of the wireless connection by removing the hardware in Computer Management. After reinstalling the hardware, was able to set up a new network connection, but it doesn't get an IP. Wired connection is in the same state, as is Hamachi (even after uninstalling Hamachi). Giving the wireless connection a manual IP address then shows status as connected, but the connection doesn't work.

Further notes:

This machine has two bootable partitions and the infection was to the secondary boot. As little as I want to, I can cream that partition and start over, but I'd rather not. What are the chances my primary boot has survived without infection? I have not booted it since the original problem. Has anybody heard of a virus infecting the non-current system drive in this type of situation? To be clear, both partitions are on the same physical hard drive with C: being the main and D: being the one I've messed up.

Edited by Syringa2, 16 July 2008 - 02:14 PM.

BC AdBot (Login to Remove)


#2 Guest_superbird_*


  • Guests

Posted 17 July 2008 - 12:23 PM


When you can boot from the infected partition ( D ), do it with that one. Else, do this from your C-drive:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users