Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't connect to Internet after Cloud AV 12 virus removal


  • Please log in to reply
8 replies to this topic

#1 VenugopalV

VenugopalV

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 28 November 2011 - 01:48 AM

Hello All,

I've been recently infected by Cloud AV 12 virus and i did remove this using, Malwarebytes Anti-Malware software (http://www.bleepingcomputer.com/download/anti-virus/malwarebytes-anti-malware). For cleaning this virus, i've used the very own BleepingComputer instructions (http://www.bleepingcomputer.com/virus-removal/remove-cloud-av-2012)

Ever since the virus has been cleared, i'm been seeing two main issues

1) My IE and FireFox is not being connected to the Internet
2) My Wireless connection shows Connected-Excellent but the received & sent packets are like less than 10

I've tried to do the following:

1) On IE - Tools -> Internet Options -> Connection tab -> LAN Settings -> Removed the "Automatically Detect Settings"
2) On IE - Tools -> Internet Options -> Advanced tab -> Reset

Both the above options did not work.

Can some one please help me out to fix this issue?

I've read the post, http://www.bleepingcomputer.com/forums/topic429269.html, which is very similar to my issue. But i've not tried the fixes tried on that page.

Please do advise. Any help is appreciated.

Thank you !!

BC AdBot (Login to Remove)

 


#2 Vlad700

Vlad700

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 28 November 2011 - 02:39 AM

I also am having the same problem, other computers can connect but mine cant.

#3 al n

al n

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 28 November 2011 - 03:31 AM

I'm also experiencing the same issue. I've tried everything I could find on the web without success. I've observed that firewall settings can't be displayed because an associated service, Windows firewall / internet connection sharing (ICS),is not running. Trying to start the service produces an error message. Attempting to start the service by going to the Computer Management module [RC on My Computer --> Manage ----> Services] slso produces an error message. The malware appears to have damaged the firewall and ICS which is preventing connection to the internet.

#4 al n

al n

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 28 November 2011 - 04:58 AM

Finally success! Downloaded the Farbar Service Scanner (see article link above) and ran a scan. Found that the AFD.SYS file was missing from the Windows/System32/Drivers folder. Copied and pasted the file from the Windows/System32/DLLCACHE folder to the /DRIVER folder. Also the AFD registry key was missing. Exported the AFD key from another machine via Sandisk and imported it into the registry of the subject machine. Rebooted and the Internet came up. Antivirus update also started. Everything seems to be functioning properly now.

#5 al n

al n

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 28 November 2011 - 05:02 AM

Here's the link to the Farbar Service Scanner: http://download.bleepingcomputer.com/farbar/FSS.exe

#6 VenugopalV

VenugopalV
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 28 November 2011 - 04:43 PM

Thank you so much Al N for your replies. I did download FSS and already have scanned it. From the output looks like i need to restore "ipsec.sys"??

Attached is the output:

Farbar Service Scanner
Ran by Venugopal Vadapalli (administrator) on 27-11-2011 at 23:26:03
Microsoft Windows XP Service Pack 3 (X86)
********************************************************

Service Check:
==============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open IpSec registry key. The service might not exist.
Checking ImagePath: Attention! Unable to open IpSec registry key. The service might not exist.


File Check:
===========
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors

**** End of log ****

#7 al n

al n

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 28 November 2011 - 05:40 PM

There are numerous IpSec-related keys in the registry but I would look for this key first: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec. If it is missing I would export it from another machine (running the same OS & SP) and import it into the subject machine. Be sure to back-up the registry first. Good luck

#8 Vlad700

Vlad700

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 28 November 2011 - 11:33 PM

Sooo what am I missing?

Service Check:
==============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open afd registry key. The service might not exist.
Checking ImagePath: Attention! Unable to open afd registry key. The service might not exist.


File Check:
===========
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys is missing.
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-11-08 14:45] - [2011-09-29 07:43] - 1285488 ____A (Microsoft Corporation) 56C198AC82EFA622DD93E9E43575F79C

C:\Windows\system32\dnsrslvr.dll
[2011-04-13 11:26] - [2011-03-02 21:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9


Connection Status:
==================
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.

**** End of log ****

#9 Vlad700

Vlad700

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 06 December 2011 - 12:38 AM

Any help????? Still stuck without internet




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users