Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast deleted afd.sys


  • Please log in to reply
5 replies to this topic

#1 type7

type7

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 25 December 2011 - 07:06 AM

I ran avast anti virus and it deleted a few files, of those was afd.sys in C:\Windows\System32\drivers and afd.sys in C:\windows\winsxs\x82_microsoft-windows-winsock-core_31bf38564e35_6.1.760.17603_none_d9f97e05bca8003a. I had Win 7 Anti Virus 2011, however that was over a week ago and it didn't mess with the internet, it only replaced itself with the execution handler which I have already fixed. However since others seem to have had that be the main problem I'm not ruling it out.

I downloaded FSS.exe and ran it already.

Farbar Service Scanner
Ran by Jesse (administrator) on 25-12-2011 at 05:19:07
Microsoft Windows 7 Professional (X86)
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.

afd Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open afd registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open afd registry key. The service key does not exist.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
Attention! C:\Windows\system32\Drivers\afd.sys is missing.
Attention! C:\Windows\system32\Drivers\tdx.sys is missing.
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Thank you for the time

Edited by hamluis, 25 December 2011 - 09:26 AM.
Moved from Networking to Am I Infected.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:57 AM

Posted 25 December 2011 - 08:56 AM

Do you have the detection log from Avast?

#3 type7

type7
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 25 December 2011 - 11:41 AM

I have scan logs, however there isn't a way (I know of at least) to get it in text, however I can upload a screenshot to an image site if you'd like. It's just a screen with the threat rating, the file path, and an action that you can perform on it.

It says that it found problems in C:\Windows\System32\drivers\afd.sys, and C:\Windows\winsxs\bunch o' letters\afd.sys. I moved them to chest and restarted, it was then that the internet stopped working. So I tried restoring them and restarting however it didn't fix the problem.

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:57 AM

Posted 25 December 2011 - 11:43 AM

Yes take a screenshot of the detection of malware.

#5 type7

type7
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 25 December 2011 - 11:52 AM

I've uploaded it: http://imgur.com/c7m8r

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:57 AM

Posted 26 December 2011 - 01:55 PM

Portions of the infection may still exist, so Please follow the instructions in ==>Malware Removal and Log Section Preparation Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

Most importantly please be patient till you get a reply to your topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users