Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot connect to the internet after rootkit removal


  • Please log in to reply
9 replies to this topic

#1 rmorando

rmorando

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 08 September 2011 - 09:08 PM

I have a Windows XP Pro SP2 system, I performed a rootkit removal using combofix.

After the removal of the rootkit my tcp/ip stack was damaged, and I have a limited connectivity issue with my internet connection. My LAN works if I set it manually but I cannot connect to the internet. I have tried using different utilities such as XP TCPIP repair, Winsock XP Fix Tool, I have even tried different commands in the command line such as netsh winsock reset, ip flush and others. I am running out of options here, I appreciate all the help.

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:14 AM

Posted 09 September 2011 - 06:08 AM

Internet connectivity is the only issue currently apparent?

System manufacturer and model?

Have you tried a repair install of Windows...or running the sfc /scannow command? System files may have become damaged.

Louis

#3 GuruLounge

GuruLounge

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles, CA.
  • Local time:11:14 PM

Posted 09 September 2011 - 02:46 PM

Did you also try Microsoft's solution:

http://support.microsoft.com/kb/299357

Jeff

#4 rmorando

rmorando
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 09 September 2011 - 07:47 PM

Internet connectivity is the only issue currently apparent?

System manufacturer and model?

Have you tried a repair install of Windows...or running the sfc /scannow command? System files may have become damaged.

Louis


That's correct internet connectivity is the only issue. It is a Compaq Presario SR1630NX, Athlon 64, 1 GB of RAM. I haven't tried a repair install of Windows XP as I am afraid I may lose my personal information that I am not able to back up at this moment.


Did you also try Microsoft's solution:

http://support.microsoft.com/kb/299357

Jeff


I tried the manual reset of TCP/IP but it didn't work.

#5 GuruLounge

GuruLounge

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles, CA.
  • Local time:11:14 PM

Posted 09 September 2011 - 08:12 PM

If all else fails... try a different network card, a spare one from another computer, a cheap-o from the late-night computer store... :)

Jeff

#6 hamluis

hamluis

    Moderator


  • Moderator
  • 56,127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:14 AM

Posted 10 September 2011 - 08:35 AM

Did you uninstall the network drivers...and then reinstall them?

How do you know that your stack was damaged...what was the exact error message, please?

Louis

#7 rmorando

rmorando
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 10 September 2011 - 09:08 PM

Did you uninstall the network drivers...and then reinstall them?

How do you know that your stack was damaged...what was the exact error message, please?

Louis


I haven't reinstalled the network drivers as the NIC comes integrated with the motherboard.

When I ran combofix it told me that it found a rootkit and that the TCP/IP stack was corrupted, after I ran combofix it removed the rootkit, currently I have LAN access only but no internet access.

I tried the sfc commmand it is asking me for the Windows XP Pro CD, which I have, what i am worried is if it is going to overwrite my documents, photos, and music and if it is going to delete the users of this system?

#8 GuruLounge

GuruLounge

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles, CA.
  • Local time:11:14 PM

Posted 10 September 2011 - 11:32 PM

SFC simply scans the windows system for corrupted/damaged system files and replaces them. It doesn't eliminate personal documents or user profiles.

Jeff

#9 hamluis

hamluis

    Moderator


  • Moderator
  • 56,127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:14 AM

Posted 11 September 2011 - 06:42 AM

References: How To Use Sfc.exe To Repair System Files - http://www.bleepingcomputer.com/forums/topic43051.html AND LEARN how to use SFC.EXE (system file checker) in this article! - http://www.updatexp.com/scannow-sfc.html

Louis

#10 GuruLounge

GuruLounge

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles, CA.
  • Local time:11:14 PM

Posted 11 September 2011 - 01:43 PM

References: How To Use Sfc.exe To Repair System Files - http://www.bleepingcomputer.com/forums/topic43051.html AND LEARN how to use SFC.EXE (system file checker) in this article! - http://www.updatexp.com/scannow-sfc.html

Louis


Very good read. I wasn't aware of some of this. Thanks for posting the links.

Jeff




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users