Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Security 2012


  • Please log in to reply
19 replies to this topic

#1 Leothelion

Leothelion

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South King County
  • Local time:03:04 AM

Posted 02 December 2011 - 05:32 PM

Hello again. Thanks for your reply Boopme. I tried everything you suggested and nothing worked. The lan setting use proxy was not checked. I then tried typing in netsh winsock reset in the dos window. It said it was reset successfully. I then rebooted and still no internet. Typed in netsh interface ipv4 got back a reply that said interface ipv4 not installed. Same thing for interface ipv6. Then tried ipconfig/flushdns. Nothing worked. I have the original windows xp pro installation disk. Is there anyway that can be used to correct the problem other than restalling it and then downloading 200 or so automatic updates that have been added since the computer was new?

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:04 AM

Posted 02 December 2011 - 09:36 PM

Your post had been split from a different topic so you'll have to restate your issues.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Leothelion

Leothelion
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South King County
  • Local time:03:04 AM

Posted 03 December 2011 - 06:04 PM

My initial post stated that I had an attack by XP Secuity 2012 virus/malware. I followed the advice given for the initial post of using the rkill solution. I used all four of the rkill extensions to get rid of the Virus/Malware program. That was successful however I still could not access the the internet. Boopme gave me advice on different resets to try. I did and nothing worked, therefore I asked for further assistance. I have the original xp pro installation disk and want to know if it can be used to fix the problem without reinstalling the program which then would necessitate have to download about 2-300 updates also.

I am new to this and thought I had to start a new topic. Let me know the proper procedure if putting a reply is the wrong way to ask for help on this issue.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:04 AM

Posted 03 December 2011 - 06:54 PM

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Check "Include All Files" option.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Leothelion

Leothelion
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South King County
  • Local time:03:04 AM

Posted 05 December 2011 - 11:55 AM

Good morning Broni,

Here is the text from the scan. Hope this helps us solve the riddle caused by XP Security 2012.

I really appreciate your help.

Farbar Service Scanner
Ran by Counter 2 (administrator) on 05-12-2011 at 08:40:25
Microsoft Windows XP Service Pack 3 (X86)
********************************************************

Service Check:
==============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open IpSec registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open IpSec registry key. The service key does not exist.


File Check:
===========
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys is missing.
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors

**** End of log ****

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:04 AM

Posted 05 December 2011 - 08:07 PM

It looks like you have one file and one registry key missing.
Let's see...

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
    :filefind
    ipsec.sys
    :reg
    HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\ipsec /s
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 Leothelion

Leothelion
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South King County
  • Local time:03:04 AM

Posted 06 December 2011 - 07:19 PM

Hi Broni,

I don't know what happened or why but after trying everything you said before your last post I tried going online. It worked. I then went to download updates and it told me to download netframework 2.0. I did and then ran the update program again. This time I had to download about 40 more updates such as netframework 3.5 and security updates.

Thank you so much for your help with this problem. I do not understand what happened and am so sick of people intentionally trying to cause others problems with these malware/virus programs. I truly hope it is not being done by some antivirus company in order to obtain business.

Thanks again Broni.

Leothelion

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:04 AM

Posted 06 December 2011 - 09:24 PM

Good news then :)

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 Leothelion

Leothelion
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South King County
  • Local time:03:04 AM

Posted 07 December 2011 - 12:46 PM

Broni,

Yes it is. When I restarted the computer I used my other logon name. Maybe that had something to do with being able to go online. The only problem I am having now is that when I plug in a usb device the computer does not recognize it. Any suggestions for this?

Thanks again Broni,

Leothelion

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:04 AM

Posted 07 December 2011 - 07:53 PM

I suggest starting new topic in appropriate forum.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 Leothelion

Leothelion
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South King County
  • Local time:03:04 AM

Posted 08 December 2011 - 07:34 PM

Hi again Broni,

Someone pulled a fast one on me. They switched the problem computer with one that was fine except for the automatic downloads.

Here is the systemlook file from the infected computer.

SystemLook 30.07.11 by jpshortstuff
Log created at 16:25 on 08/12/2011 by Counter 2
Administrator - Elevation successful

========== filefind ==========

Searching for "ipsec.sys"
C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys -----c- 74752 bytes [16:21 05/04/2010] [10:00 04/08/2004] 64537AA5C003A6AFEEE1DF819062D0D1
C:\WINDOWS\ServicePackFiles\i386\ipsec.sys ------- 75264 bytes [17:56 19/10/2008] [19:19 13/04/2008] 23C74D75E36E7158768DD63D92789A91

========== reg ==========

[HKEY_LOCAL_MACHINE\System\Surrentcontrolset\Services\ipsec \s]
(Unable to open key - key not found)

-= EOF =-


I just did not need the headache but the other machine is now up to date and running fine. Hopefully this one will be soon.

Thanks for your past help.

Leothelion

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:04 AM

Posted 08 December 2011 - 08:46 PM

Haha...that was a good one :)

You have ipsec.sys file missing from proper location and also related registry key is missing.

Open Windows Explorer.
Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
Remove checkmark next to Hide protected operating system files (put the checkmark back when you're done with our fix).
Click OK.
Press F5 to refresh Windows Explorer view.

Copy ipsec.sys file from this location:
- C:\WINDOWS\ServicePackFiles\i386
and paste it to this location:
- C:\WINDOWS\system32\Drivers

Then...

Following steps involve registry editing. Please create new restore point before proceeding!!!

Download XP.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip the file.
You'll find three files inside.
Right click on ipsec.reg file, click "Merge".
Allow registry merge.
Restart computer and see if internet works.

Edited by Broni, 08 December 2011 - 08:51 PM.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 Leothelion

Leothelion
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South King County
  • Local time:03:04 AM

Posted 09 December 2011 - 01:42 PM

Hi again Broni,

Followed your advice. Still no internet. Re-ran systemlook... log follows.

SystemLook 30.07.11 by jpshortstuff
Log created at 10:33 on 09/12/2011 by Counter 2
Administrator - Elevation successful

========== filefind ==========

Searching for "ipsec.sys"
C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys -----c- 74752 bytes [16:21 05/04/2010] [10:00 04/08/2004] 64537AA5C003A6AFEEE1DF819062D0D1
C:\WINDOWS\ServicePackFiles\i386\ipsec.sys ------- 75264 bytes [17:56 19/10/2008] [19:19 13/04/2008] 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\system32\dllcache\ipsec.sys --a--c- 75264 bytes [18:13 09/12/2011] [19:19 13/04/2008] 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\system32\drivers\ipsec.sys --a---- 75264 bytes [18:13 09/12/2011] [19:19 13/04/2008] 23C74D75E36E7158768DD63D92789A91

========== reg ==========

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ispec]
(Unable to open key - key not found)

-= EOF =-

Thanks again for you help Broni!

Leothelion

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:04 AM

Posted 09 December 2011 - 07:03 PM

Re-run Farbar Service Scanner.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 Leothelion

Leothelion
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South King County
  • Local time:03:04 AM

Posted 10 December 2011 - 12:05 PM

Good morning Broni,

Here's the log from Farbar Scan.

Farbar Service Scanner
Ran by Counter 2 (administrator) on 10-12-2011 at 08:58:16
Microsoft Windows XP Professional Service Pack 3 (X86)
********************************************************

Service Check:
==============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.


File Check:
===========
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors

**** End of log ****

Thanks again Broni for your advice. I hope this problem can be solved without reinstalling windows xp setup disk.

Leothelion




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users