Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Network adapters no longer work after ComboFix


  • This topic is locked This topic is locked
10 replies to this topic

#1 ThevileOne

ThevileOne

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 08 August 2010 - 10:25 PM

Eh i'm having trouble after running combofix to get rid of a rootkit (catchme.tmp anyone?) and a redirect infection. I was hesitent to run CF before until a friend told me that my infection might get worse if i didn't get rid of it fast and he suggested combofix. That was yesterday and earlier today i left my computer on for an extended period of time to recharge my mouse and eat some food and i came back to a message saying Logonui was infcted and i was locked out of my account. That scared me enough to run in safemode and use combo fix to get rid of the infection once and for all and it seems to have worked.

My only problem is that it now says it detects no active network adapters and wont let me on the internet with that computer. I check device manager and it says my main network adapter card is functional. My computer uses VIA rhine II Fast ethernet adapter. However three items did have exclamation points under them.Two of them were under the network adapter category and one was under other. (the exclamation said that their registry was damaged or incomplete.)

Network adapter issue drivers

VIA rhine II fast ethernet adapter winpkFilter miniport (Manufacturer NTKR)
WAN miniport(IP) winpkFilter Miniport (Manufacturer NTKR)

Other devices

Unknown name: Location VIA standard PCI to ISA bridge (Not sure what this is)


I already downloaded an updated driver to replace the old driver and it still doesn't detect anything. I can't think of what to do to get it to work.

BC AdBot (Login to Remove)

 


#2 Retirednow

Retirednow

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 09 August 2010 - 12:45 AM

I think you need to run a complete scan with a anti-virus program that has all the updates and then run it. Then download Malwarebytes Anti-Malware software, install it and run it, http://download.cnet.com/Malwarebytes-Anti...4-10804572.html. If you are infected, follow the directions on the home page of this forum for virus infections.

#3 Orecomm

Orecomm

  • Members
  • 266 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roseburg, Oregon
  • Local time:05:01 PM

Posted 09 August 2010 - 09:55 AM

Once you are disinfected go into Device Manager and delete the network adapters. Reboot and Windows will re-add them, and re-establish the links that were broken when the malware's "wiretaps" were installed. You probably need to do the same for the PCI to ISA bridge (that's a disk controller). Don't try to do anything else once you delete that one - reboot immediately. That should bring your network back, although you may have to reconfigure any static or wireless connections.

#4 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:01 PM

Posted 09 August 2010 - 09:56 AM

Or you can manually download the drivers off the appropriate site.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#5 ThevileOne

ThevileOne
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 09 August 2010 - 11:24 AM

I have still not done that yet. although I will soon. Apparently I am still infected. even though it says I have no active Network adapters running, something is still allowing viruses to be downloaded to my computer. I think it has something to do with this rootkit.agent/gen-TDSS that Super antiSyware keeps detecting and yet wont get rid of and wont let me delete it either.

Edit:Combofix wouldn't detect it.

I'll most likely be making a post in the am I infected forum with the logs. i want to get a gmer scan in before I post.

Edited by ThevileOne, 09 August 2010 - 11:45 AM.


#6 Retirednow

Retirednow

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 09 August 2010 - 11:58 AM

I agree, the best thing to do right now is get the logs and post them in the I am infected forum. Good Luck.

#7 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:01 PM

Posted 09 August 2010 - 01:48 PM

Wish you luck. :thumbsup:

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#8 computerxpds

computerxpds

    Bleepin' Comp


  • Moderator
  • 4,488 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:01 PM

Posted 09 August 2010 - 01:54 PM

Hi,

Just a reminder Logs belong in the Malware Removal forum ONLY and not the Am I Infected? forum :thumbsup:
sigcomp.png 
If I have replied to a topic and you reply and I haven't gotten back to you within 48 hours (2 days) then send me a P.M.
Some important links: BC Forum Rules | Misplaced Malware Logs | BC Tutorials | BC Downloads |
Follow BleepingComputer on: Facebook! | Twitter! | Google+| Come join us on the BleepingComputer Live Chat on Discord too! |

#9 ThevileOne

ThevileOne
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 09 August 2010 - 04:07 PM

I figured out what was wrong. I think something affected my driver settings. It was those Winpkfilter drivers that were denying access to the internet. I disabled winpkfiltering and repaired my internet connection and now it works again.

There are a couple red flags that I noticed. 1. Both winpkfilter drivers came from a manufacturer named NTKR, even the one labelled as a VIA product. 2. All other manufacturers were from Microsoft and the Network adapter driver was manufactured from VIA technologies. 3. These drivers didn't have any real descriptions to them at all. I looked the function of a winpkfilter and it is sort of like a packet firewall.

Now that I have access to the internet. The redirect infection is gone, and search.star.net redirect for gogle implanted itself back to my browser, which I swiftly swapped google browsers and that's hopefully gone. Eh this rootkit thing is still on my computer. If I leave the computer idling out of safe mode for longer than 15 minutes, AVG Resident Shield detects some form of adware or trojan on my computer that this thing is downloading.

Finally thanks for instructing me where to go to post a log.

#10 ThevileOne

ThevileOne
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 10 August 2010 - 05:05 PM

Update: I think that Winpkfilter driver was causing the viruses to get on my machine. The previous day I was getting new trojans every 15 minutes and yesterday, after turning winpkfilter off I haven't received anything. Although that tltkoobh (Rootkit.agent/gen-TD55) is still there and it wont let me access the registry keys; wont evenm let me view them, nevermind delete them.

#11 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,987 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:01 PM

Posted 10 August 2010 - 06:31 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/338794/rootkitagentgen-tdss/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users