Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removed Win 7 Security 2012 virus - now have no internet and cannot run Avira


  • Please log in to reply
52 replies to this topic

#1 MegND01

MegND01

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 22 December 2011 - 02:04 PM

Hi, first sorry I already started a post in the log forum but I know that was the wrong place.

I was able to go through again and follow all the steps in the tutorial to remove this virus (utilizing a flash drive to transfer the downloads to the infected computer).

My remaining problem is no internet connectivity and cannot run Avira. Thank you!!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:41 PM

Posted 23 December 2011 - 10:47 AM

Hi

Download

http://download.bleepingcomputer.com/farbar/FSS.exe


and run it on the infected PC.

* Click on "Scan".
* It will create a log (FSS.txt) in the same directory the tool is run.
* Please copy and paste the log to your reply.

Edited by narenxp, 23 December 2011 - 11:13 AM.


#3 MegND01

MegND01
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 23 December 2011 - 10:59 AM

Hi- I get a "not found" when I click on that link. Can you check it? Thanks.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:41 PM

Posted 23 December 2011 - 11:15 AM

Try again :thumbup2:

#5 MegND01

MegND01
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 23 December 2011 - 11:29 AM

Farbar Service Scanner
Ran by Meg (administrator) on 23-12-2011 at 11:26:49
Microsoft Windows 7 Starter Service Pack 1 (X86)
********************************************************

Internet Services:
=================
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

tdx Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open tdx registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open tdx registry key. The service key does not exist.
Checking LEGACY_tdx: Attention! Unable to open LEGACY_tdx\0000 registry key. The key does not exist.


Connection Status:
=================
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.


File Check:
==========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
Attention! C:\Windows\system32\Drivers\tdx.sys is missing.
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:41 PM

Posted 23 December 2011 - 11:38 AM

Download

system look

Copy this script


:filefind
tdx.sys
:reg
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\tdx /s


Paste it in the BOX

Click on Look

Post the log

Edited by narenxp, 23 December 2011 - 11:41 AM.


#7 MegND01

MegND01
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 23 December 2011 - 12:05 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 12:01 on 23/12/2011 by Meg
Administrator - Elevation successful

========== filefind ==========

Searching for "tdx.sys"
No files found.

========== reg ==========

[HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\tdx]
(Unable to open key - key not found)

-= EOF =-

Side note..my Avira is running a scan on the infected computer (I had it programmed to run daily at noon) Not sure if this is an improvement or if auto scans were running and just manual scans were the problem.

Thanks.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:41 PM

Posted 24 December 2011 - 03:03 AM

Hi

You are missing tdx.sys driver.Do you have your Windows 7 DVD?

Thanks

#9 MegND01

MegND01
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 24 December 2011 - 09:40 AM

It's a dell mini. I just bought it at Costco last month. It didn't come with any DVDs..it doesn't have a DVD drive. I was afraid you'd mention drivers because I always panic when I hear that term! I don't really know what it means. Did the virus delete this thing? Is it built in to this type of computer?

Thank you.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:41 PM

Posted 24 December 2011 - 10:43 AM

Yes,I virus has deleted the file.The driver is needed for network connectivity


Please create a restore point

http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/


Now ,download the tdx.sys(win 7,32 bit) file

http://www.mediafire.com/?5yeyi5nbvk8vtmy

Copy the sys file to C:/Windows/system32/drivers folder

Download

http://www.mediafire.com/?7c60d5fa82ck2m0

Extract the two registry keys

Launch them and Click YES to import them to registry

Restart your PC and see if you can browse now

Good luck

#11 MegND01

MegND01
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 24 December 2011 - 11:42 AM

OK I created the restore point, downloaded the tdx.sys to a flash drive (from my working computer) and am trying to open it on the infected computer. I get the message Caution you are attempting to open a file of type .sys etc and I have to click Open with. then Windows can't open this file: tdx.sys - and What do you want to do? Select a program from the list of installed programs, etc.

What should I do? Thanks.

#12 MegND01

MegND01
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 24 December 2011 - 11:43 AM

oh, Oops, I think I am just supposed to copy it and not try to open it? Let me try that.

#13 MegND01

MegND01
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 24 December 2011 - 11:50 AM

OK I copied the tdx.sys file successfully. Downloaded the TDXkeys.rar but I get the same problem when trying to launch it. How do I extract the registry keys? Do I need some sort of program for that? Thank you.

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:41 PM

Posted 24 December 2011 - 01:36 PM

Yes you need to copy the sys file

Download

http://www.rarlab.com/download.htm

Install winrar and extract the registry keys

Launch them ,restart the PC

Good luck

#15 MegND01

MegND01
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 24 December 2011 - 02:18 PM

AHHHHHH

OK the tdx.reg key added fine.

the Legacy_tdx.reg says Cannot import C:\Users\Meg\AppData\Local\Temp\Rar$DIa0.107\Legacy_tdx.reg: Error accessing the registry.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users