Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista Security 2012 Virus


  • Please log in to reply
28 replies to this topic

#1 Gandoo

Gandoo

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 02 December 2011 - 08:07 PM

Hey everyone, i recently acquired the Vista Security 2012 virus. i did not have much problem removing it...my big problem now is....the laptop that WAS infected will show that im connected to my wireless network, but it will not let me surf the web...i have tried a lot but am now hoping someone might know a thing or to?

Thanks Everyone!!

Edited by hamluis, 02 December 2011 - 09:13 PM.
Moved from Vista to Am I Infected.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:49 PM

Posted 02 December 2011 - 09:30 PM

Welcome aboard Posted Image

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Check "Include All Files" option.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Gandoo

Gandoo
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 02 December 2011 - 10:46 PM

Farbar Service Scanner
Ran by Sagar Gandhi (administrator) on 02-12-2011 at 22:43:59
Windows Vista ™ Home Premium Service Pack 2 (X86)
********************************************************

Service Check:
==============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

tdx Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open tdx registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open tdx registry key. The service key does not exist.


File Check:
===========
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys is missing.
C:\Windows\system32\Drivers\tcpip.sys
[2011-11-08 22:22] - [2011-09-20 16:02] - 0913280 ____A (Microsoft Corporation) 16731B631F28F63CD9F4CB60940E7DDD

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

**** End of log ****

I HOPE THAT HELPS!!!

Thanks Broni!

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:49 PM

Posted 02 December 2011 - 11:00 PM

You have one network related file missing and possibly one registry key is corrupted or missing.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
    :filefind
    tdx.sys
    :reg
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdx /s
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Gandoo

Gandoo
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 02 December 2011 - 11:17 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 23:13 on 02/12/2011 by Sagar Gandhi
Administrator - Elevation successful

========== filefind ==========

Searching for "tdx.sys"
C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys --a---- 71680 bytes [02:24 21/01/2008] [02:24 21/01/2008] D09276B1FAB033CE1D40DCBDF303D10F
C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys --a---- 72192 bytes [03:15 10/09/2009] [08:24 02/12/2011] (Unable to calculate MD5)

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdx]
(Unable to open key - key not found)

-= EOF =-

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:49 PM

Posted 02 December 2011 - 11:27 PM

Very well.
Let's try to fix it.

Open Windows Explorer.
Navigate to this folder:
C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7 (make sure it's correct folder)
Copy tdx.sys file from there and paste it to C:\Windows\system32\Drivers folder.

Then.....

Download Vista.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip the file.
You'll find three files inside.
Right click on tdx.reg file, click "Merge".
Allow registry merge.
Restart computer and see if internet works.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 Gandoo

Gandoo
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 02 December 2011 - 11:51 PM

Broni!! you are a Computer God among mortals!! Thank you so much for all your help! expect a damn good donation!!!

Thank you again!
Gandoo

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:49 PM

Posted 02 December 2011 - 11:54 PM

I assume you're surfing again?....:)

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 Gandoo

Gandoo
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 03 December 2011 - 12:01 AM

Yes Sir!! your steps were completely easy...fast response...beautiful walkthrough!! i cannot thank you enough Broni!! THANK YOU!!!

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:49 PM

Posted 03 December 2011 - 12:06 AM

You're very welcome Posted Image

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 Gandoo

Gandoo
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 10 December 2011 - 02:33 PM

Hey Broni! looks like my laptop is up to it again. It seems as if whatever virus i had previously, might still be lingering around. i ran malware the other day and it picked out some viruses and deleted them. but in the process it has left my internet unoperational once again. not quite sure on what i should do at this point, i am pretty sure there is no virus on the laptop, but i have no clue on this one.

Thank You

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:49 PM

Posted 10 December 2011 - 03:22 PM

Can you post the most recent Malwarebytes log?

Post new Farbar Service Scanner log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 Gandoo

Gandoo
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 10 December 2011 - 04:46 PM

Hey Broni, i had to go to work for a couple of hours. i will post the logs around 7-730....thanks for all your help

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:49 PM

Posted 10 December 2011 - 05:21 PM

No problem :)

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 Gandoo

Gandoo
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 10 December 2011 - 07:18 PM

do i need to do a full scan of my laptop and give you that report?

FSS Report:

Farbar Service Scanner
Ran by Sagar Gandhi (administrator) on 10-12-2011 at 19:14:42
Windows Vista ™ Home Premium Service Pack 2 (X86)
********************************************************

Service Check:
==============

File Check:
===========
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys
[2011-12-02 23:36] - [2008-01-20 21:24] - 0071680 ____A (Microsoft Corporation) D09276B1FAB033CE1D40DCBDF303D10F

C:\Windows\system32\Drivers\tcpip.sys
[2011-11-08 22:22] - [2011-09-20 16:02] - 0913280 ____A (Microsoft Corporation) 16731B631F28F63CD9F4CB60940E7DDD

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.
IE proxy is enabled.
ProxyServer: http=127.0.0.1:57394

**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users