Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cannot connect to internet, add/remove programs or system restore


  • Please log in to reply
3 replies to this topic

#1 rahrahmah

rahrahmah

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 10 May 2009 - 10:23 PM

To start with, I'm running XP and Firefox is my primary browser. I had Adaware installed to deal with malware, however it never found anything and the infection first appeared while I was browsing a site I know is clean, so I suspect it was lying dormant on my system for awhile. I also have CCleaner. Both Malwarebytes and SuperAntiSpyware were downloaded in the process of trying to cleanse my system. Adaware and Malwarebytes are both deleted now, because I was told not to have more than one antimalware program at one time.

On to the problem. It happened very suddenly. I opened a page in a new tab, and suddenly all the links went red. A message popped up from the system tray. I can't remember the exact wording, sadly, but it went something like "Your computer is infected! Download antispyware now" and I believe it claimed to be from Windows security, though the icon was a red circle with a white x rather than the usual shield shape. There was also a red link at the top of every page I navigated to saying something similar "Too many errors were detected on your computer. Get antivirus now!" or something to that effect.

I ran first Malwarebytes and it found and cleared several problems. The pop up from the tray stopped and the false link was gone, however, my computer was now crashing every few minutes. I then ran SuperAntiSpyware and it also found and cleared a few problems, however, now my computer couldn't connect to the internet at all. Not with firefox, not with IE, not with MSN, not with my music scrobbler LastFM.

To further complicate the matter, though I don't recall visiting their site or downloading their product, Stop Sign "antivirus" was also installed on my computer during this process. It was while trying to get rid of StopSign that I realized that add/remove programs was now no-longer working. It would open, but it wouldn't generate a list of programs. I don't think I dealt with it's removal in the best of ways. Not having add/remove at my disposal (and forgetting that CCleaner actually has a similar tool) I tried just deleting the folder wholesale, but certain programs were always "protected or in use by another program" so I renamed them without file extensions and tried again, which worked, but I then found it actually had two program folders. One under "Stop Sign" and one under eAcceleration, so I did the same thing. I'm sure there are still fragments on my computer of this stupid program.

Desperate now, I turned to system restore to find it was like add/remove programs. It would open, but it wouldn't let me scroll through the calendar to choose a date, nor were there any restore points listed for May.

And, the final obstacle in my path, my computer was sold to me by Future Shop without a Windows disc.

I've run SuperAntiVirus, the program I settled on, several times since deleting the others, while not connected to the internet at all, and it can't find anything left on my computer, but there is obviously something wrong. I've run CCleaner too, hoping that some final piece of the puzzle was hiding in my computer's detritus, and of course, still nothing.

So, I guess what I'm saying is, would any ordinary downloadable program like AVG or something be able to do what the other three could not? Even if it could, would I be able to download the setup file to a flashdrive and then install it to my computer? Is it possible that the malware itself is gone but whatever this was infected some vital files which were removed from my computer? Could I possibly find out what they are and replace them? And if I can't do those things, how will I come by a Windows disc? At the very least, can someone possibly identify what this might be/have been so I can curse it's name?

BC AdBot (Login to Remove)

 


#2 RavenPhoenix

RavenPhoenix

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere, Nowhere
  • Local time:03:32 AM

Posted 10 May 2009 - 10:52 PM

Sounds to me like a few things happened here:
1. You were infected with a rogue(fake) Anti-Malware program with a possible Trojan Downloader which keeps reinfecting your computer.
2. During the cleaning process you may have accidentally removed something which allows your ability to connect to the net, but I cannot be sure.

Do you still have your logs from the MBAM and SAS scans? If so please post the latest ones from each.
Forum Skulker. Preventing Comp Nukes everywhere. :-)

#3 rahrahmah

rahrahmah
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 10 May 2009 - 11:20 PM

Well, since, as I said, I can't connect to the internet with the infected computer I don't know how I would get those logs to post. I'm using my roommates laptop. It wouldn't matter anyway, since SAS can't find anything wrong. As far as whether I may or may not have deleted something which allows connectivity, perhaps information from network connections and MSN troubleshooter will be helpful:

Network connections says that I am connected and sending/receiving seems normal. It's properly assigning IP's and all that, it doesn't seem to see a problem at all. The errors that MSN finds when trying to troubleshoot lie with the "Hosts File" and the "Key Ports".

I haven't tried running SAS in safemode yet, I merely tried accessing system restore (to no avail).

#4 RavenPhoenix

RavenPhoenix

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere, Nowhere
  • Local time:03:32 AM

Posted 10 May 2009 - 11:34 PM

Well than lets do the following, You will have to download these programs ontoa seperate computer from yours (your friends laptop) as well as get the updates from there external locations as .exe's and apply them after you install the programs I know this will seem redundant to what you have already done however..... No worries I will provide all the links you need.



Please download Malwarebytes Anti-Malware and save it to your flash drive or cd, whatever you are using to transfer it.
  • Since you are using your friends computer you will have to manually download them from here or here again, save them to your flash or cd drive.

    Next

    ATF
    Please download ATF Cleaner by Atribune & save it to your flash drive or cd.

    Next

    SAS
    Since you already have SAS but cannot update it please download the latest definitions from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your flash drive.

    Now take and install each one and install their definitions and follow my instructions below:

    Malwarebytes Anti-Malware
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • DO NOT ALLOW IT TO START AUTOMATICALLY OR CHECK FOR UPDATES
  • Then click Finish.
  • MBAM should not automatically start so you will need to install teh definitions you downloaded earlier, update the program before performing a scan.
  • Launch MBAM
  • On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Also run

ATF
Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
    Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".
------------------------------------


[/list]Scan with SUPERAntiSpyware as follows:
  • Update it with the definitions you downloaded and transferred.
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.[list]
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have access to the internet, post your logs for each one, if not transfer the logs to a flash drive and post them from your friends computer.

Edited by RavenPhoenix, 10 May 2009 - 11:39 PM.

Forum Skulker. Preventing Comp Nukes everywhere. :-)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users