Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unable to connect to internet after trying to cleanup with TDSSKiller- had Google redirect, possibly others too


  • Please log in to reply
No replies to this topic

#1 Girlfriendbot

Girlfriendbot

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 15 December 2011 - 10:56 PM

Okay. I am posting from my computer, because I can no longer connect to the internet with the problem computer.

The problem computer (my boyfriend's) is a Dell Intel Pentium 4 CPU 2.60GHz running Microsoft Windows XP Professional Version 5.1 Service Pack 3.
Windows, 32 bit, English, MSIE
Don't have Windows Installation disks.

The original problem seemed to be the Google redirect virus, though it could have been multiple things in addition to that as he was getting some random pop-ups ("You're a Texas Winner!" is a good thing to say to me right now if you want me to throw something) and he's been less than careful about where he's been going (if you know what I mean) and I haven't been updating and cleaning his computer as often as I knew I probably should have (he doesn't know how, and if he can't use his computer he'll try to use mine, and helllll no). Anyway when he said he was getting random popups I immediately took over and ran Rkill and Malwarebytes' Anti-Malware, which quarantined some stuff that looked nasty so I deleted them all and rebooted, figuring I was done.

Since it had been a while I then tried to enable the Microsoft Automatic Updates, which were turned off for some reason, so I tried to go to the Microsoft website to see if I could read more. It wouldn't load the updates page but other websites loaded fine, which I thought was weird. I started to worry that they had stopped supporting XP or something (I've been working on a mac for the last year) but when I tried to Google specific keywords I saw that something was really wrong. I told him about the redirects and he said "Yeah, that's been going on for a couple of days". I had him unplug the ethernet cable to the internet immediately, and started researching on my laptop. Praying it wasn't some sort of rootkit, which is out of my league, I uninstalled a bunch of unneeded programs and updated Java, turned automatic updates back on, did more Mbam scans and restarts until nothing appeared. Reconnected to the internet, downoaded and installed IE8, ran the Microsoft Windows Malicious Software Removal Tool, used IE, no popups, restarted, still no popups, but then found out more about the Google redirect virus. Discovered that the Host file from C:\Windows\System32\Drivers\Etc was gone, replaced that. Meanwhile somewhere in that process some invisible thing somewhere kept spawning new things for Malwarebytes to find, internet connection or no.

Something kept deleting the Host file and nothing seemed to be stopping the popups or redirect, so I started following the directions at http://www.elitekiller.com/malware.htm. I ran TDSSKiller: no threats found. I ran Hitman Pro, it said that NetBT.sys was a rootkit and potentially dangerous. I looked it up elsewhere and others said it was possibly a needed system file, so I just left everything alone until I could find out more. I had already run Mbam so I moved on to CCleaner. I ran the Cleaner part but I was uncomfortable using the registry cleaner - there's a lot I don't understand in there and didn't want to mess with stuff I wasn't sure about, especially after reading about rootkits that masquerade as needed files. At that point I had been on my laptop so long confiusing myself reading too much about what does what in Task Manager and learning more about the registry so I started again.

This time I created a new System Restore point, with the intention of running Hitman Pro and trying it's removal recommendations. But because I had restarted a couple of times I did everything in order again. I reconnected to the internet and updated TDSSKiller from support.kaspersky.com. I ran it, no threats found. Then I changed the parameters, checking the additional options. This time when I checked "Verify driver digital signatures" it found 3 threats: NetBT, AegisP, and rh8185. I thought that since I'd created a system restore point I'd be ok, so I went ahead and removed them, and rebooted. Upon reboot there was a blue error message (I took a pic if you want it). Basically it ran CHKDSK and when it finally rebooted everything seemed fine, but I can't get on the internet.

When I hit "diagnose connection problems" in IE I get this (god I wish I could just copy & paste):
Last diagnostic run time: 12/15/11 17:36:17
IP Configuration Diagnostic
Invalid IP Address
info Zero (0.0.0.0) IP address detected
action Automated repatir: Renew IP address
action Releasing the current IP address...
error Error releasing the current IP address: The RPC server is unabailable.
info Zero (0.0.0.0) IP address detected
action Automated repair: Reset network connection
action Disabling the network adapter
action Enabling the network adapter
info Network adapter successfully enabled
info Zero (0.0.0.0) IP address detected
action Manual repair: Reboot modem

my questions:
1. how do I repair the internet connection?
2. how do I know when the computer is clean?
3. how much of that CCleaner registry stuff can I actually trust? Because a lot of it really is junk. Is there another registry cleaner I can trust?

Thanks all!

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users