I removed the "Guard Online" malware from a clients PC, and now it won't access the network. It won't mount network shares on the server, or even browse the network.
I can access the internet, so it's not an NIC issue.
They have XP Pro SP3, and a network domain.
The Computer Browser service isn't running, but when I try to start it, it fails because of a dependency on the WorkStation service.
When I try to start the "WorkStation" service it fails with error 2250 (Edited: not 2205!).
It also says to check the System log, which says there was a problem with RDR. (again, sorry I don't have the specific message to hand).
STEPS I TOOK TO REMOVE "GUARD ONLINE"
1) Kaspersky TDSSKiller.exe. This only found a couple of possible issues, not the root kit. I told it to delete them. ...hmm, I wonder if this is the cause?
2) MalwareBytes Anti Malware (I updated it first). Removed 8 nasties.
FURTHER STEPS TO RESOLVE CURRENT ISSUE
- I tried sfc /scannow. I had to create a slipstreamed XP Pro SP3 install disk (I used nLite from www.nliteos.com). It ran through fine, but didn't fix it.
That was the only promising idea I could find.
Does anyone have any idea how I can get the WorkStation service to run again?
...or, am I "barking up the wrong tree", and this is a symptom of a bigger issue?
NB: I'll post the specific error messages and ID's when I get to my client's office later.
Edited by hamluis, 11 October 2011 - 04:11 PM.
Moved from XP to Am I Infected.