Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can't connect to the internet


  • Please log in to reply
11 replies to this topic

#1 geordief

geordief

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 14 February 2011 - 11:29 AM

As a result of a virus or a trojan (or something) my computer was unable to connect to the internet.
I have bought a new PC that has solved that problem for me but I now would like to clean up the old one. (it did have Spybot installed but that didn't find anything -or else I scanned it too late.
Apparently it is best for me to clean it up (by the use of a program downloaded to my new PC and transfered to my old stricken PC via a memory stick)
Can anyone recommend a program that would be up to the job- or do I need to try several before I reinstall the old operating system (WinXP)- as I have often heard that said?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:06 AM

Posted 14 February 2011 - 02:41 PM

Hello and welcome..
For the connection try these...
Please click Start > Run, type inetcpl.cpl in the runbox and press enter.

Click the Connections tab and click the LAN settings option.

Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.

Now check if the internet is working again.

OR
Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.



Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now reboot to Normal and run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

[b]Troubleshoot Malwarebytes' Anti-Malware [/b
Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 geordief

geordief
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 14 February 2011 - 07:45 PM

thank you very much for going to that trouble.
I have followed your instrunctions and it was successful -to a point.
The first step was to check the proxy box in internet settings .It wasn't checked so I left it as it was and exited.
Next I did the dos screen with the netsh winsock reset command.
When I restarted (in normal mode) I was pleased that the internet had come back.
However , when I attempted to restart in safe mode with networking I was unable to get the internet again.Even when I attempted to repeat the steps that had reset the internet it wouldn't work second time around.
I tried the safe mode with networking 2 or 3 times and also restarting in normal mode (repeating the steps that had been successful the first time) but it doesn't seem to want to work.
Does that make sense?
When you say reboot is that the same as restart or did I need to shut down (I only restarted on the occasion that it seemed to have fixed the connection)?
I did speak to my ISP who monitored my connection while I was talking to them .They told me that while my screen was telling me that I was trying to connect to Google my traffic was in fact going to another address.When I pinged one or two numbers (at my ISP's request)I got a reply in the dos screen that 3 out of 4 attempts were unsuccessful....

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:06 AM

Posted 14 February 2011 - 08:45 PM

Hello and you're welcome, is all internet or just security sites blocked?

When you say reboot is that the same as restart

YES

Which browser are you running IE 7 or 8 and do you use firefox or another?

Let's try 2 other things if you connect then just run RKill etc... immediately. So we get a scan dione and remove
some things.

EDIT (A 3rd)
Please go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.


Try a sytem Restore to a date prior to the infection.
Windows XP System Restore Guide

OR try logging in as a different user and see if tat one can connect.

Edited by boopme, 14 February 2011 - 09:03 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 geordief

geordief
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 15 February 2011 - 07:49 PM

thanks again
Well I have been trying repeatedly to get the connection to come back -if only long enough to download the RKill program.
But (even though the first attempt via the inetcpl.cpl and winsock commands were initially successful)
I am loosing faith and I feel now that I may be better off to transfer the files I need too save onto a memory stick and thence onto my new PC (after that I suppose I may do a complete installation of my WinXP Pro CD onto the PC that is already infected)
My worry is that I might transfer the infection from the old PC to my new PC via the memory stick.

Is this possible or likely?

Or if I have Norton 360 installed on my new machine is that likely to be sufficient protection?
I have downloaded the RKill program to the desktop(of the new PC also) but I would be really upset if I did somehow introduce this virus (or trojan or whatever) to my brand new machine..
Obviously my first action would be to scan the memory stick (and the whole computer) but could this infection get into the (new) PC just by virtue of me plugging it in ?

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:06 AM

Posted 15 February 2011 - 09:15 PM

Ok,... ( a little work)You can attach the infected drive as a slave drive and scan it from the other PC safely.
How to Slave a Hard Drive


If the infection is an "autorun" type and we do not know then in can infect the Flash drive and other PC.

Caution: If you are considering backing up data and reformatting, keep in mind, with a Virut infection, there is always a chance of backed up data reinfecting your system. If the data is that important to you, then you can try to salvage some of it but there is no guarantee so be forewarned that you may have to start over again afterwards if reinfected by attempting to recover your data. Only back up your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, .htm, .html, .xml ) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executables inside them as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may even disguise itself by hiding a file extension or adding to the existing extension as shown here (click Figure 1 to enlarge) so be sure you look closely at the full file name. If you cannot see the file extension, you may need to reconfigure Windows to show file name extensions. Then make sure you scan the backed up data with your anti-virus prior to to copying it back to your hard drive.

If your CD/DVD drive is unusable, another word of caution if you are considering backing up to an external usb hard drive as your only alternative. External drives are more susceptible to infection and can become compromised in the process of backing up data. I'm not saying you should not try using such devices but I want to make you aware of all your options and associated risks so you can make an informed decision if its worth that risk.Again, do not back up any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

If you're not sure how to reformat or need help with reformatting, please review:These links include step-by-step instructions with screenshots:Vista users can refer to these instructions:Don't forget you will have to go to Microsoft Update and apply all Windows security patches after reformatting.

Note: If you're using an IBM, Sony, HP, Compaq or Dell machine, you may not have an original XP CD Disk. By policy Microsoft no longer allows OEM manufactures to include the original Windows XP CD-ROM on computers sold with Windows preinstalled. Instead, most computers manufactured and sold by OEM vendors come with a vendor-specific Recovery Disk or Recovery Partition for performing a clean "factory restore" that will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it. See Technology Advisory Recovery Media. If the recovery partition has become infected, you will need to contact the manufacturer, explain what happened and ask them to send full recovery disks to use instead..

If you need additional assistance with reformatting or partitioning, you can start a new topic in the Operating Systems Subforums forum.


I would use the NOrton and MBAM as an on demand scanner,update and do it weekly.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 geordief

geordief
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 16 February 2011 - 10:18 PM

thanks again
Well I was reluctant to open up my new PC and so I put the memory stick with the data I had salvaged into the G drive on my new computer.I removed autorun before I did it and simply scanned it (the new computer including the memory stick) , first with Norton 360 (47 cookies only) and then I ran RKill (nothing I think) and SUPERAntiSpyware Free Edition (log attached) and Malwarebytes' Anti-Malware(nothing found)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/17/2011 at 01:38 AM

Application Version : 4.48.1000

Core Rules Database Version : 6416
Trace Rules Database Version: 4228

Scan type : Complete Scan
Total Scan Time : 01:19:26

Memory items scanned : 583
Memory threats detected : 0
Registry items scanned : 11236
Registry threats detected : 0
File items scanned : 134538
File threats detected : 39

Trojan.Agent/Gen-IEFake
C:\USERS\LUCY\APPDATA\LOCAL\TEMP\RARSFX0\H\IEXPLORE.EXE
C:\USERS\LUCY\APPDATA\LOCAL\TEMP\RARSFX0\PROCS\IEXPLORE.EXE
C:\Windows\Prefetch\IEXPLORE.EXE-08C22B33.pf
C:\Windows\Prefetch\IEXPLORE.EXE-300241E8.pf

Trojan.Agent/Gen-IExplorer[Fake]
C:\USERS\LUCY\APPDATA\LOCAL\TEMP\RARSFX0\NIRD\IEXPLORE.EXE
C:\Windows\Prefetch\IEXPLORE.EXE-592C8FA9.pf

Trojan.Agent/Gen-PEC
C:\USERS\LUCY\APPDATA\LOCAL\TEMP\RARSFX0\PROCS\EXPLORER.EXE

Adware.Tracking Cookie
s0.2mdn.net [ C:\Users\Lucy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BU7VZR9G ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\lucy@account.live[2].txt
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\lucy@ad.wsod[2].txt
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\lucy@adnet-media[1].txt
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\lucy@ads.bleepingcomputer[2].txt
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\lucy@ads.pubmatic[2].txt
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\lucy@ads.undertone[2].txt
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\lucy@analytics.ientry[1].txt
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\lucy@atdmt[2].txt
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\lucy@chitika[2].txt
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\lucy@collective-media[1].txt
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\lucy@ie-stat.bmmetrix[1].txt
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\lucy@imrworldwide[2].txt
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\lucy@interclick[2].txt
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\lucy@invitemedia[2].txt
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\lucy@legolas-media[1].txt
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\lucy@media6degrees[1].txt
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\lucy@mediabrandsww[1].txt
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\lucy@mynortonaccount[2].txt
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\lucy@qnsr[1].txt
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\lucy@user.lucidmedia[1].txt
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\lucy@www.googleadservices[1].txt
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\lucy@www.googleadservices[3].txt
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\lucy@www.googleadservices[4].txt
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\lucy@www.googleadservices[5].txt
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\lucy@www.googleadservices[6].txt
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\lucy@www.googleadservices[7].txt
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\lucy@www.mynortonaccount[2].txt
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\lucy@www.mynortonaccount[3].txt
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\lucy@www.mynortonaccount[4].txt
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\lucy@www.qsstats[1].txt
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\lucy@www.qsstats[2].txt

I was surprised to find a trojan in the new computer as it has the Norton 360 since the outset but I did previously plug in the memory stick from the infected computer (I was perhaps misled by the confidence I had in the semmingly harmless nature and location of the files I was saving and didn't consider that the infection might transfer regardless of the actual file on the stick - I just wanted to run Belarc which was on it).

Anyway , once I inspected the virus that had been found (iexplore.exe) I was able to do a search on the infected computer to see if it was there as well.
I found about 15 instances of the file and deleted all save one.
When I rebooted I wasn't successful in connecting to the internet but I have redone the iexplore.exe search and one of those I deleted seems to have returned ( a pf file in Windows\prefetch)

I may have to take it in to the local shop to get it cleaned since I don't think I can open up the new PC and use the old hard drive as a slave as I would be too unpopular with my partner if tampered with it (maybe also I would be waiving the guarantee since it is so new...)

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:06 AM

Posted 16 February 2011 - 10:28 PM

Perhaps getting it serviced then is the best solution. I would like you to run this on both if possible because of what you found.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 geordief

geordief
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 17 February 2011 - 07:00 AM

thanks again
I have done as you said .On my NEW MACHINE the results were good and there was nothing found.
When I transfered the tdsskiller to the OLD MACHINE and ran it from the memory stick (I didn't bother saving it to the desktop) I had the following problems.
OLD MACHINE
the administrator option wasn't available.This I think is on account of the fact that the company who sold me this machine (even though he also sold me the winxp pro cd at the same time )didn't give me administrator status and it is only now that I have realised that.
I rang him several times yesterday and the day before that but I think he might be on holiday.
(I had been trying to do a Recovery with the WinXP CD and that was when I realised there was this problem).

Anyway I continued and ran the program as a user(had to uncheck the button that prevented changes being made to the computer).

OLD MACHINE RESULT
Again it was clean though.

Next I returned to the instances of iexplore in the machine (I had reduced them down from 15 to 2 )I deleted (also emptied the recycle bin) the 2nd of these and rebooted.
I did another search on rebooting and there was only 1 left (in Program Files)
Emboldened I reenabled the internet connection but was unsuccessful.
I did another search and the 2nd instance of iexplore had returned.
Then I tried it again in safe mode with networking.No success in connecting -indeed the LAN connection refused to be enabled.And there is still just the one instance of iexplore.exe

So do you think that the iexplore could be the problem ?
The computer itself does seem to be running much quicker but the LAN connection seems as bad as ever.
When I looked into iexplore they said it was a nasty piece of work but there was no mention that I saw of connection problems..

Oh and by the way I did use a blank memory stick to transfer the TDSSKiller.exe fromm the good PC to the bad .Should I not reinsert it in the new computer at all until this problem is sorted?

Edited by geordief, 17 February 2011 - 08:36 AM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:06 AM

Posted 17 February 2011 - 08:07 PM

So do you think that the iexplore could be the problem ?
Yes it can be. The TDSS killer should fix this with the Cure option.

Still no internet?? I wanted to give you a flash drive cleaner.
Oh I just found the manual cleaning method for the Drive.


Manually Clean Autorun INF

Flash drive infections usually involve malware that loads an autorun.inf file into the root folder of all drives (internal, external, removable). When the removable media is inserted, autorun looks for autorun.inf and automatically executes a malicious autorun.bat file which calls wscript.exe to run autorun.vbs on your computer. When a flash drive becomes infected, the Trojan will infect a system when the removable media is inserted if autorun has not been disabled.

Please insert your flash drive before we begin!

Reconfigure Windows XP to show hidden files, folders. Open My Computer, go to Tools > Folder Options and click on the View tab. Under Hidden Files and Folders, check "Show hidden files and Folders", uncheck "Hide Protected operating system Files (recommended)", uncheck "Hide file extensions for known file types", and hit Apply > OK.

Open My Computer, right-click on your primary drive (DO NOT double-click), select "Explore", and search for any autorun.inf at the root. Repeat the search on all your drives (including your flash drive and any recent CDs you have used). If autorun.inf is present continue as follows:

Reboot your computer in "Safe Mode" or "Safe Mode With Command Prompt" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode With Command Prompt".

Go to Start > Run and type: cmd
  • press Ok.
  • At the command prompt, type in your primay drive location, usually C:
  • You may need to change the directory. If so type: cd \
  • Hit Enter.
  • Type: attrib -s -h -r -a autorun.inf
  • Hit Enter.
  • Type: dir
  • Hit Enter. This will allow you to see and confirm the Autorun files.
  • Type: del autorun.inf
  • Hit Enter.
  • Repeat the above commands for each drive on your computer.
  • Exit the command prompt and reboot normally.
When done remove the Startup RUN value by downloading and using Autoruns.


As you have an OS disk maybe running SFC will fix this iexplore.
Please run SFC (System File Checker)
Please run System File Checker sfc /scannow... For more information on this tool see How To Use Sfc.exe To Repair System Files

NOTE for Vista/WIN 7 users..The command needs to be run from an Elevated Command Prompt.Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'


You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the CD when asked.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 geordief

geordief
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 19 February 2011 - 02:29 PM

thanks for that.
I feel really ungrateful after all your help but I think I will do this another way.(I am spooked by the idea of transfering any data at all into my brand new PC from the old one -unreasonably and lazily so no doubt-in my favour the computer was starting to creak in several directions:I disabled Google and Firefox didn't seem to be taking up the slack)

This is my new plan.

I am going to take out a lot of data (not all but I have a memory stick with 4 gigs so I can afford to get all I need) from the old PC onto a memory stick.
This is going to be followed by a complete reinstall of the WinXP CD.
At that stage , if the internet doesn't return then there has to be hardware damage I would guess.
The next step is to reimport this data to its original PC and put it back again as well as I can.
Then I will see if the whole thing works properly and ,if it does ,tranfer data across to the new computer ,keeping the old one for hopefully useful tasks.
so thanks very much again.I know I sound ungrateful but I do appreciate all the help and patience you had

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:06 AM

Posted 19 February 2011 - 07:04 PM

Not an unwise decision to make. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action but I cannot make that decision for you.

Reformatting a hard disk deletes all data. If you decide to reformat, you can back up all your important documents, data files and photos. The safest practice is not to backup any autorun.ini or .exe files because they may be infected. Some types of malware may disguise itself by adding and hiding its extension to the existing extension of files so be sure you take a close look at the full name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to your hard drive.

The best proceedure is a low level format. This completely wipes the drive. Then reinstall the OS.
Use the free version of Active@ KillDisk.
Or Darik's Boot And Nuke

The best sources of Information on this are
Reformatting Windows XP
Michael Stevens Tech
Windows XP: Clean Install

Of course also feel free to ask anything on this in the XP forum. They'd be glad to help.

You are very welcome.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users