Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to connect to network from rootkit to error 1075


  • Please log in to reply
No replies to this topic

#1 wolfkin

wolfkin

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Toronto
  • Local time:12:02 AM

Posted 07 November 2011 - 12:04 PM

This is my sister's netbook. The problems started with one of those new "fake antivirus" that puts up a ton of obviously fake results that claim your computer is highly infected*. She being... less technologically inclined apparently decided to run the "Antivirus scan" over and over again over night and then the next day gave it to me to try to figure out what was wrong. I can't find the links right now but I found a bunch of blogs that mentioned (Privacyprotection.exe) and among the most frustrating aspects what that it blocked pretty much everything from running. I did a bit of digging and eventually found out it was a rootkit causing the issues and the tools they gave me wouldn't run but I was able to follow the manual instructions. (remove the .exe, remove the alias, regedit and remove the key that matched privacyprotection.exe but not the other ones like the one underchrome etc).

That took care of the major problem and I was able to get Microsoft Security Essentials running but everyscan kept turning up a few "Trojans" and that upon trying to clean would result in an error. The error would lead to 'restart to finish removel'. I tried safe mode and the same result. One top of that google results kept getting redirected (forget the site right now.. something like awesomesearch.com or what have you). I decided to try from another angle the redirect angle and found this

http://www.bleepingcomputer.com/forums/topic422038.html

I tried the TDSS with middling results. I found one problem. Cured it but MSE kept throwing up red flags when i rebooted. It kept cleaning the problem but finding it upon reboot. Eventually what worked was starting from the top. Booted into SafeMode I used MiniToolBox, TDSS by this point was giving me no results so that was good. I ran RKill. and finally the rootkit and all associated trojans were gone quick scan was completely clean.

New Problem

I STILL can't run Malware Anti-Malware Bytes. I keep getting a not enough permissions type of error. Not that I'm terribly concerned about that.. My major problem is that the computer will not longer get online. I have my ethernet cable and we have wifi but nothing. I did a bit of digging

As suggested here
http://forums.techguy.org/2942026-post6.html

The '2' in "Local Area Connection 2" is of no consequence; it's really just counting the number of times you reinstalled. The original no longer exists. You can rename this one to anything you want to.

You have convinced me that you are correct about the problem being with your computer, but I have no good ideas. Some other things I would check or try ...

Right click on the connection - Properties; make sure Internet Protocol (TCP/IP) is listed and checked.

Control Panel - Administrative Tools - Services; make sure TCP/IP NetBIOS Helper and DHCP Client services are started.

Device Manager - right click on the ethernet adaptor - Properties - Advanced tab; make sure 'Link Speed & Duplex' is auto-detect (or the correct value for your network). From the General tab try the "Troubleshoot" (almost never works, but once in a while ...).

Start - Run - cmd - OK; in the command window type ping 127.0.0.1
This is a loopback test; if you don't get four responses the adaptor is probably bad and you'll need to get a new one. Or, if warranty, convince them to replace.


My problem came up when I went to admin tools. TCI/IP NetBIOS Helper and DHCP client couldn't be started. I would get the error
error 1075 the dependency service does not exist

I'm under the wire here and the MS link wasn't helpful (http://support.microsoft.com/kb/839089) but I did find something that looks a bit more useful
http://kaliphonia.com/content/windows/how-to-fix-error-1075-the-dependency-service-does-not-exist-or-has-been-marked-for-d

I tried to follow the more simple instructions first

Update #1:
------
One of my reader which having the same exact error message as stated above, but different problem. His problem was the Windows Firewall service on his computer cannot be started, stopped, nor restarted. Suggested to reset the winsock instead. Launch command line and execute the following command:
netsh winsock reset
This method works for him, I just put it here for your reference -- in case you have the same problem.


and that didn't work so i tried the main one

Cure:
Note: all of the commands below executed from Windows command line.
Stop WMI service:
net stop winmgmt
We will rebuild the repository, rename the folder to something else as a backup.
ren %windir%\System32\Wbem\Repository Repository_old
Start WMI service:
net start winmgmt
Repair the repository:
Windows XP:
rundll32 wbemupgd, UpgradeRepository

Windows Vista:
winmgmt /salvagerepository

Register the new WMI components:
cd /d %windir%\system32\wbem

for %i in (*.dll) do RegSvr32 -s %i

for %i in (*.exe) do %i /RegServer
Reboot the computer for the changes to take effect.


My sister is a combination of impatient, panicy, and unwilling to adapt so I'm trying to solve this as quickly as possible before she tried to borrow money to try to buy another computer (not that she particularly likes this form factor anyway *too small*). Reinstalling Windows is a dire dire prognosis for a number of reasons. a) she saves everything on the desktop so she can find it. She works with a lot of files so the entire desktop is filled with documents all of which she wants in the same location. ehh now I'm sort of rambling on about issues that are more for me than for you.

Any help in resolving this could be greatly appreciated.

Computer
WinXP Home - SP3
Netbook - http://www.bestbuy.ca/en-CA/product/acer-acer-aspire-10-1-netbook-featuring-intel-atom-n4a55-processor-aod257-13448-black-aod257-13448/10171799.aspx?lang=en-CA&pcname=&sku=10171799&path=0aff52c060c7943dc42ff91304181351en02


I did just try to do the comprehensive reinstall portion but I forgot that needs a disc and these are netbooks without drives. I did just remember however that we have two of these computers. One for each of my sisters. If there is someway I can copy the file i need from one computer to another that might be workable.

* wow.. as I'm typing this I'm wondering if this is what my cousin had when she called me a few weeks ago ... but that's a topic for a different thread.

Edit
just tried SUPERAntiSpyware Free
as suggested here (http://www.bleepingcomputer.com/forums/topic267354.html)
and again that was rather helpful for ridding myself of infections but it hasn't solved my network problem.

Edited by wolfkin, 07 November 2011 - 08:34 PM.
Moved from XP to Am I Infected.

just another second banana
http://about.me/wolfkin

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users