Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No Internet after Spyware removal


  • Please log in to reply
9 replies to this topic

#1 MarksCS

MarksCS

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 09 December 2011 - 02:53 PM

I have removed spyware and now I cannot get online. I can connect to wireless network and says everything is working but cannot get online through IE or Firefox. Windows XP Home Edition

BC AdBot (Login to Remove)

 


#2 MarksCS

MarksCS
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 09 December 2011 - 02:55 PM

Sorry, it's xp professional

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,931 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:43 AM

Posted 09 December 2011 - 03:29 PM

Hello and welcome to BleepingComputer!

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure "Include All Files" option remains checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 MarksCS

MarksCS
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 09 December 2011 - 03:39 PM

Thank you for you quick reply, here is the log you requested:


Farbar Service Scanner
Ran by Ted Krings (administrator) on 09-12-2011 at 12:37:41
Microsoft Windows XP Professional Service Pack 3 (X86)
********************************************************

Service Check:
==============

File Check:
===========
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Yahoo IP returend error: Yahoo IP is offline

**** End of log ****

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,931 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:43 AM

Posted 09 December 2011 - 03:45 PM

That all looks good.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 MarksCS

MarksCS
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 09 December 2011 - 03:53 PM

Here ya go...

MiniToolBox by Farbar
Ran by Ted Krings (administrator) on 09-12-2011 at 12:50:34
Microsoft Windows XP Professional Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================





========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection 9 (Connected)
NETGEAR WNA1100 Wireless-N 150 USB Adapter = Wireless Network Connection 9 (Connected)
Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 9"

set address name="Wireless Network Connection 9" source=dhcp
set dns name="Wireless Network Connection 9" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 9" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : TEDSLAPTOP

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-0D-56-35-44-94



Ethernet adapter Wireless Network Connection 9:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : NETGEAR WNA1100 Wireless-N 150 USB Adapter

Physical Address. . . . . . . . . : 30-46-9A-3A-24-B5

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.1.10.204

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.1.10.1

DHCP Server . . . . . . . . . . . : 10.1.10.1

DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : Friday, December 09, 2011 12:34:32 PM

Lease Expires . . . . . . . . . . : Saturday, December 10, 2011 12:34:32 PM

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.254

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host google.com. Please check the name and try again.

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.254

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host yahoo.com. Please check the name and try again.

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.254

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 0d 56 35 44 94 ...... Broadcom 440x 10/100 Integrated Controller
0x10004 ...30 46 9a 3a 24 b5 ...... NETGEAR WNA1100 Wireless-N 150 USB Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.1.10.1 10.1.10.204 25
10.1.10.0 255.255.255.0 10.1.10.204 10.1.10.204 25
10.1.10.204 255.255.255.255 127.0.0.1 127.0.0.1 25
10.255.255.255 255.255.255.255 10.1.10.204 10.1.10.204 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.1.10.204 10.1.10.204 25
255.255.255.255 255.255.255.255 10.1.10.204 10003 1
255.255.255.255 255.255.255.255 10.1.10.204 10.1.10.204 1
Default Gateway: 10.1.10.1
===========================================================================
Persistent Routes:
None

**** End of log ****

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,931 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:43 AM

Posted 09 December 2011 - 04:15 PM

In your browser address bar, please type http://10.1.10.1 and press enter
Does this redirect you to your router settings page?

What malware did you remove?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 MarksCS

MarksCS
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 09 December 2011 - 04:24 PM

In your browser address bar, please type http://10.1.10.1 and press enter
Does this redirect you to your router settings page?

What malware did you remove?


Yes 10.1.10.1 brings me to router setup.

I am not sure what malware was removed but there was at least 2 rootkits, if i remember right.

#9 MarksCS

MarksCS
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 09 December 2011 - 04:32 PM

I am not really sure what has happened but it just started working.

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,931 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:43 AM

Posted 10 December 2011 - 05:03 AM

Glad to hear that! Do you have any other problem at this point?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users