Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

internet problems after ZeroAccess rootkit infection


  • This topic is locked This topic is locked
4 replies to this topic

#1 yotam

yotam

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 27 November 2011 - 09:16 AM

Hi,

i had my laptop infected with Sirefef rootkit after i successfully removed the virus my laptop will not
connect to the internet, it connects to networks (both WiFi and LAN) but not to the internet.
attached is the log from Farbar.

help would be most appreciated...
:)

thanks.
Yotam

the log:


Farbar Service Scanner
Ran by Margolin Yotam (administrator) on 27-11-2011 at 15:49:28
Windows 7 Professional Service Pack 1 (X86)
********************************************************

Service Check:
==============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx: "system32\drivers\tskFDDE.tmp".


File Check:
===========
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2011-06-16 10:59] - [2011-04-25 04:18] - 0338944 ____A (Microsoft Corporation) 9EBBBA55060F786F0FCAA3893BFA2806

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-11-09 20:42] - [2011-09-29 18:03] - 1290608 ____A (Microsoft Corporation) 65D10B191C59C5501A1263FC33F6894B

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is accessible.
LAN connected.
WAN connected
Attempt to Google returned error: Google IP is offline
Attempt to yahoo returend error: Yahoo IP is offline

**** End of log ****

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:38 PM

Posted 27 November 2011 - 01:52 PM

Hello Yotam,

Welcome to this forum.

Please download Attached File  tdx.reg   562bytes   63 downloads
Transfer it to infected computer.
Double-click and confirm to merge.

Reboot and see if the connection is restored.

#3 yotam

yotam
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 27 November 2011 - 05:11 PM

it worked perfectly! :)

thank you so much!!

keep up the amazing work helping us against evils pf the toolkit such..

Yotam

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:38 PM

Posted 27 November 2011 - 05:14 PM

You are most welcome. :)

Happy Surfing Yotam.:)

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:38 PM

Posted 28 November 2011 - 01:56 AM

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a Private Message and I will reopen it for you. If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users