Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet does not work after XP Security 2012 Fix


  • Please log in to reply
8 replies to this topic

#1 Blue Yoshi

Blue Yoshi

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:07:14 PM

Posted 19 December 2011 - 06:21 PM

Hello,

I followed the instructions for the removal of the rouge XP security program (TDSSKiller, rkill, Malwarebytes, etc.) on another computer, and now the computer seems clean.

Unfortunately, the Internet does not work anymore.

I would be extremely thankful if you would help me with this problem.

Thank you in advance!

I speak up against Malware!


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:14 PM

Posted 19 December 2011 - 08:58 PM

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 Blue Yoshi

Blue Yoshi
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:07:14 PM

Posted 20 December 2011 - 06:14 PM

Here you go. Additionally, I got window saying something about not being able to bring up the firewall at some point (can't remember the specifics).

Farbar Service Scanner
Ran by *removed* (administrator) on 20-12-2011 at 17:11:11
Microsoft Windows XP Professional Service Pack 3 (X86)
********************************************************

Service Check:
==============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open IpSec registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open IpSec registry key. The service key does not exist.


File Check:
===========
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
Attention! C:\WINDOWS\system32\Drivers\ipsec.sys is missing.
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors

**** End of log ****

I speak up against Malware!


#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:14 PM

Posted 20 December 2011 - 09:06 PM

You may be still infected but for now I can see one system file and one registry key missing.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
    :filefind
    ipsec.sys 
    :reg
    HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\ipsec /s
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 Blue Yoshi

Blue Yoshi
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:07:14 PM

Posted 21 December 2011 - 11:01 AM

Here is the log.

System Look Log
SystemLook 30.07.11 by jpshortstuff
Log created at 09:56 on 21/12/2011 by *removed*
Administrator - Elevation successful

========== filefind ==========

Searching for "ipsec.sys "
C:\i386\ipsec.sys --a---- 74752 bytes [16:52 24/08/2010] [10:00 10/08/2004] 64537AA5C003A6AFEEE1DF819062D0D1
C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys -----c- 74752 bytes [23:25 07/02/2011] [10:00 10/08/2004] 64537AA5C003A6AFEEE1DF819062D0D1
C:\WINDOWS\ServicePackFiles\i386\ipsec.sys ------- 75264 bytes [19:19 13/04/2008] [19:19 13/04/2008] 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\system32\dllcache\ipsec.sys --a---- 75264 bytes [09:18 16/08/2005] [19:19 13/04/2008] 23C74D75E36E7158768DD63D92789A91

========== reg ==========

[HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\ipsec]
(Unable to open key - key not found)

-= EOF =-

I speak up against Malware!


#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:14 PM

Posted 21 December 2011 - 07:37 PM

Open Windows Explorer, navigate to C:\WINDOWS\ServicePackFiles\i386 folder, copy ipsec.sys file form there and paste it to C:\WINDOWS\system32\Drivers folder.

Then....

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/windows-vista/create-a-restore-point-for-windows-vistas-system-restore/

Download XP.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip the file.
You'll find six files inside.
Right click on ipsec.reg file, click "Merge".
Allow registry merge.
Restart computer and see if internet works.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 Blue Yoshi

Blue Yoshi
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:07:14 PM

Posted 21 December 2011 - 08:17 PM

The Internet still does not work. I ran FSS again just in case you need it.

Farbar Service Scanner
Ran by *removed* (administrator) on 21-12-2011 at 19:13:11
Microsoft Windows XP Service Pack 3 (X86)
********************************************************

Service Check:
==============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.


File Check:
===========
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is blocked.
LAN connected.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors

**** End of log ****

I speak up against Malware!


#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:14 PM

Posted 21 December 2011 - 08:33 PM

I think something more is going on there:

Localhost is blocked.


Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 Blue Yoshi

Blue Yoshi
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:07:14 PM

Posted 22 December 2011 - 01:27 PM

I have created the topic here.
http://www.bleepingcomputer.com/forums/topic433974.html

Thank you for all your help!

I speak up against Malware!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users