Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TrendNet Router stops working and Virus/Malware possible cause


  • Please log in to reply
1 reply to this topic

#1 GoingCrazy421

GoingCrazy421

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 06 June 2010 - 12:08 PM

Hi,

I'm not sure if someone hacked into my system or not, but here's what's happened and what I've done so far. I use XP Home Edition. My TrendNet Router all of a sudden showed a network cable was unplugged. I checked the ethernet cable. Took it out, even replaced it. My computer did not even recognize that I put it back and forth into the router. Contacted cable company. Walked me through connecting ethernet cable directly from my computer to the modem to connect to internet to see if it was a cable problem. The first attempt at that direct connection caused my computer screen to start doing this memory dump thing and it freaked me out and I shut it down. Same with the next two attempts. I unhooked the ethernet cable from the modem and I did a virus scan with Avast, Malware scan with Malwarebytes and I did a Spybot check and tried again and then the connection worked. They ended up telling me the router must have the defect. Next, I contacted TrendNet tech support. They walked me through resetting the router, holding reset button down 30 seconds, longer, etc. turn it off, on blah blah blah, etc., ...nothing. Only the 5 router lights still lit as they were, however still no flashing activity and computer told me network cable is still unplugged. I checked the connections on the back of the computer as well. TrendNet said they would replace the router. The router is a year old. I don't think it's really a router issue. My daughter was on a music downloading website the same day and she said that the computer did this just after she downloaded something.....yes.....what was this something?????? In addition, I am now getting warning an error messages from Windows Defender saying:

The At43.job command failed to start due to the following error:
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

But there are At1.job ---- At72.job separate error messages every day. What in the world are these? I was doing a search online and found some info and then found that in my Windows Tasks folder I saw them all listed there and the creator said SYSTEM. I did not create any tasks. They are scheduled to run every night just after midnight. I don't know if this is a virus or if it is some old task related to old virus software that maybe used to run at midnight but no longer does. All of the tasks "Could not start".

The things I've done on my own to try to help myself:

I went through Windows Services to make sure that I compared my services to what should be basic for XP users. I found a I did find some services saying "allow service to interact with desktop". I UNCHECKED those...as I thought maybe someone was getting into my computer through the internet connection, or wireless connection when router is working, and accessing my desktop. I certainly don't need remote access to my computer desktop, so I don't know why it would be checked. Please advise if I am wrong. Also, the Application Layer Gateway Service has a password attached to it and I'm not sure if that's a normal thing when you click the properties, then Log On tab? I didn't put a password there and I have no idea what it would be.

Second, I did a Spybot check and was unusually surprised. It found nothing. It always finds something, but it found not one tiny thing....not even these little at16.job error things that Windows Defender is talking about. Also did Malwarebytes check and Avast Antivirus check and all looked clean.

Windows Defender found the following:

Program: Win32/PowerRegScheduler - action: Quarantined
Trojan: Win32/Vundo.gen!AI - action: Removed
Adware: JS/SearchPage.A - action: Quarantined

Third, I tried to do a System Restore and it failed and asked for a different restore point date. I tried 7 different dates. It failed all 7 times. I gave up.

I did an Avast boot scan from start up. It found nothing.

Here are other error messages I'm getting:

1. TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

2. Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 000CF191A6E4. The following error occurred:
The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

3. Severity: Not Yet Classified
Category: Not Yet Classified
Path Found: regkey:HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Nexon\Combat Arms\NMService.exe;firewallokfile:HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Nexon\Combat Arms\NMService.exe;file:C:\Nexon\Combat Arms\NMService.exe
Alert Type: Unclassified software
Detection Type:

4. Your computer has detected that the IP address 192.168.10.101 for the Network Card with network address 000CF191A6E4 is already in use on the network. Your computer will automatically attempt to obtain a different address.

5. Name: Unknown
ID:
Severity: Not Yet Classified
Category: Not Yet Classified
Path Found: firewallokfile:HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
Alert Type: Unclassified software
Detection Type:

6. Name: Unknown
ID:
Severity: Not Yet Classified
Category: Not Yet Classified
Path Found: firewallokfile:HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\SYSTEM32\logonui.exe
Alert Type: Unclassified software
Detection Type:

7. The Windows Driver Foundation - User-mode Driver Framework service terminated with the following error:
A device attached to the system is not functioning.

8. Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

9. Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

10. The IP address lease 192.168.10.101 for the Network Card with network address 000CF191A6E4 has been denied by the DHCP server 192.168.10.1 (The DHCP Server sent a DHCPNACK message).

11. I am also getting a pop up error box that keeps telling me to put a disk in the D drive...but it comes with a title from Aol sometimes, and sometimes from various other programs or software that I have...all within the same hour or two. Same message, "put the disk in to continue"...or something like that. I felt like someone wanted to have me put my cable connection back up and some kind of disk in to the computer so that they could steal info or start dumping memory again or something. The application error messages are below from all of the programs that were doing this:

Application popup: aim6.exe - DLL Initialization Failed
Application popup: ctfmon.exe - DLL Initialization Failed
Application popup: AdobeARM.exe - DLL Initialization Failed
Application popup: iTunesHelper.exe - DLL Initialization Failed
Application popup: QTTask.exe - DLL Initialization Failed
Application popup: MSASCui.exe - DLL Initialization Failed
Application popup: Reader_sl.exe - DLL Initialization Failed
Application popup: ashDisp.exe - DLL Initialization Failed
Application popup: vVX1000.exe - DLL Initialization Failed
Application popup: AOLSoftware.exe - DLL Initialization Failed
Application popup: RUNDLL32.EXE - DLL Initialization Failed

I am hoping that someone can help me to restore my computer to a clean state, as well as to see if these issues caused my TrendNet router to malfuction --- as it all occurred on the same day and time.

Thanks.

EDIT: Moved from XP to Am I Infected forum ~ Hamluis.

Edited by hamluis, 06 June 2010 - 12:47 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,806 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:34 AM

Posted 06 June 2010 - 07:06 PM

Hello,

This will require specialized tools to remove. Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to try to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users