Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant connect to internet


  • Please log in to reply
49 replies to this topic

#1 joosay

joosay

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 04 December 2011 - 10:22 AM

I was working with another expert to try and eradicate a virus.
http://www.bleepingcomputer.com/forums/topic429392.html
While we fixed many things, the internet connection was not one of them.

Looking for help where I can find it.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:46 AM

Posted 04 December 2011 - 05:14 PM

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Check "Include All Files" option.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 joosay

joosay
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 04 December 2011 - 07:20 PM

I downloaded FSS from a clean computer and transfered it to the infected machine. When I open FSS on the infected machine and click scan I immediately get an error message that reads:
AutoIt Error
Line 2342 File (File "C:\Documents and Settings\Admin\desktop\FSS.exe"):
Error:Error in expression

Once I press 'OK' the entire application shuts down.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:46 AM

Posted 04 December 2011 - 09:06 PM

I'll report this to tool's author. Hold on there.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:46 PM

Posted 04 December 2011 - 11:37 PM

Thanks for reporting it Broni. The tool is updated and should be working now.

#6 joosay

joosay
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 05 December 2011 - 10:12 AM

Farbar Service Scanner
Ran by Admin (administrator) on 05-12-2011 at 10:11:11
Microsoft Windows XP Service Pack 3 (X86)
********************************************************

Service Check:
==============
Dhcp Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to retrieve start type of Dhcp. The value does not exist.
Checking ImagePath: Attention! Unable to retrieve ImagePath of Dhcp. The value does not exist.
Checking LEGACY_Dhcp: Attention! Unable to open LEGACY_Dhcp\0000 registry key. The key does not exist.
Checking ServiceDll: Attention! Unable to open Dhcp registry key. The service key does not exist.

Dnscache Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open Dnscache registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open Dnscache registry key. The service key does not exist.
Checking LEGACY_Dnscache: Attention! Unable to open LEGACY_Dnscache\0000 registry key. The key does not exist.
Checking ServiceDll: Attention! Unable to open Dnscache registry key. The service key does not exist.

NetBt Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to retrieve start type of NetBt. The value does not exist.
Checking ImagePath: Attention! Unable to retrieve ImagePath of NetBt. The value does not exist.
Checking LEGACY_NetBt: Attention! Unable to open LEGACY_NetBt\0000 registry key. The key does not exist.

Tcpip Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to retrieve start type of Tcpip. The value does not exist.
Checking ImagePath: Attention! Unable to retrieve ImagePath of Tcpip. The value does not exist.
Checking LEGACY_Tcpip: Attention! Unable to open LEGACY_Tcpip\0000 registry key. The key does not exist.

IpSec Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open IpSec registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open IpSec registry key. The service key does not exist.
Checking LEGACY_IpSec: Attention! Unable to open LEGACY_IpSec\0000 registry key. The key does not exist.


File Check:
===========
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys is missing.
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors

**** End of log ****

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:46 AM

Posted 05 December 2011 - 08:05 PM

It looks like you have several registry keys missing.
Let's see...

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
    :reg
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\IpSec /s
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Tcpip /s
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\NetBt /s
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Dnscache /s
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Dhcp /s
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#8 joosay

joosay
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 05 December 2011 - 08:50 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 20:48 on 05/12/2011 by Admin
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\IpSec]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Tcpip]
(No values found)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Tcpip\Parameters]
"DatabasePath"="%SystemRoot%\System32\drivers\etc"
"ForwardBroadcasts"= 0x0000000000 (0)
"IpEnableRouter"= 0x0000000000 (0)
"UseDelayedAcceptance"= 0x0000000000 (0)


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\NetBt]
(No values found)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\NetBt\Parameters]
"TransportBindName"="\Device\"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Dnscache]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Dhcp]
"DependOnService"="Tcpip Afd NetBT"


-= EOF =-

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:46 AM

Posted 05 December 2011 - 08:57 PM

Let's start with recreating those registry keys we can and we'll see how it goes.

Following steps involve registry editing. Please create new restore point before proceeding!!!

Download XP.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip the file.
You'll find three files inside.

Right click on ipsec.reg file, click "Merge".
Allow registry merge.

Right click on netbt.reg file, click "Merge".
Allow registry merge.

Restart computer and post new Farbar Service Scanner log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#10 joosay

joosay
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 05 December 2011 - 09:10 PM

Farbar Service Scanner
Ran by Admin (administrator) on 05-12-2011 at 21:09:06
Microsoft Windows XP Service Pack 3 (X86)
********************************************************

Service Check:
==============
Dhcp Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to retrieve start type of Dhcp. The value does not exist.
Checking ImagePath: Attention! Unable to retrieve ImagePath of Dhcp. The value does not exist.
Checking LEGACY_Dhcp: Attention! Unable to open LEGACY_Dhcp\0000 registry key. The key does not exist.
Checking ServiceDll: Attention! Unable to open Dhcp registry key. The service key does not exist.

Dnscache Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open Dnscache registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open Dnscache registry key. The service key does not exist.
Checking LEGACY_Dnscache: Attention! Unable to open LEGACY_Dnscache\0000 registry key. The key does not exist.
Checking ServiceDll: Attention! Unable to open Dnscache registry key. The service key does not exist.

NetBt Service is not running. Checking service configuration:
The start type of NetBt service is OK.
The ImagePath of NetBt service is OK.
Checking LEGACY_NetBt: Attention! Unable to open LEGACY_NetBt\0000 registry key. The key does not exist.

Tcpip Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to retrieve start type of Tcpip. The value does not exist.
Checking ImagePath: Attention! Unable to retrieve ImagePath of Tcpip. The value does not exist.
Checking LEGACY_Tcpip: Attention! Unable to open LEGACY_Tcpip\0000 registry key. The key does not exist.

IpSec Service is not running. Checking service configuration:
The start type of IpSec service is OK.
The ImagePath of IpSec service is OK.
Checking LEGACY_IpSec: Attention! Unable to open LEGACY_IpSec\0000 registry key. The key does not exist.


File Check:
===========
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys is missing.
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors

**** End of log ****

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:46 AM

Posted 05 December 2011 - 09:15 PM

Those two keys installed fine but there is much more missing.
Do you have Windows XP CD?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#12 joosay

joosay
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 05 December 2011 - 09:20 PM

No, my netbook did not come with a win xp cd. only with the xp sticker on the bottom.
Ugh, this virus was so bad it wiped away that much of the operating system? Good grief.

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:46 AM

Posted 05 December 2011 - 09:24 PM

The problem is that some registry keys like tcpip are unique just to your computer so they can't be copied from another working machine.
What Windows version is installed on a computer you're posting from?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#14 joosay

joosay
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 05 December 2011 - 09:26 PM

I'm posting from an old dell pc with windows xp.

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:46 AM

Posted 05 December 2011 - 09:48 PM

I can't guarantee it'll work but at this point we can't make things worse so we can give it a shot.

IMPORTANT! Create fresh restore point again.

We'll try one key for now.

On your Dell, go Start>Run type in:
regedit
Click OK.

Registry editor will open (keep it open as we'll need it again if our fix will work).
Navigate to:
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services
Double click on "Services" to expand that key.
Underneath you'll see large number of subkeys.
Scroll down to tcpip key.
Right click on it, click "Export".
Name the file tcpip (.reg extension will be added automatically) and save it to known location like your desktop.
Double check file name.
It should read tcpip.reg.

Using USB flash drive transfer the file to your bad computer.
Right click on it, click "Merge".
Allow registry merge.

Restart computer.

Post new Farbar Service Scanner log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users