Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No Internet Connection After Removing Win 7 Virus


  • Please log in to reply
12 replies to this topic

#1 steadywaters

steadywaters

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 30 December 2011 - 01:53 PM

Hey guys, so my sister's computer was infected with the Win 7 virus that seems to have been hitting so many others here on the board. After removing it, I was unable to get Internet access (wifi and LAN) and I see several threads here with the same problem but there doesn't appear to be a straight forward solution.

Farbar Service Scanner
Ran by jamie (administrator) on 30-12-2011 at 12:42:19
Microsoft Windows 7 Home Premium (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2011-06-15 19:30] - [2011-04-24 21:35] - 0338944 ____A (Microsoft Corporation) 0DB7A48388D54D154EBEC120461A0FCD

Attention! C:\Windows\system32\Drivers\tdx.sys is missing.
C:\Windows\system32\Drivers\tcpip.sys
[2011-11-08 22:56] - [2011-09-29 10:43] - 1285488 ____A (Microsoft Corporation) 56C198AC82EFA622DD93E9E43575F79C

C:\Windows\system32\dnsrslvr.dll
[2011-04-14 19:50] - [2011-03-03 00:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:52 PM

Posted 30 December 2011 - 01:58 PM

Download

system look

Copy this script

:filefind
 tdx.sys

Paste it in the BOX

Click on Look

Post the log

Edited by narenxp, 30 December 2011 - 01:59 PM.


#3 steadywaters

steadywaters
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 30 December 2011 - 02:29 PM

Thanks for the fast response. Here's the log:

SystemLook 30.07.11 by jpshortstuff

Log created at 14:24 on 30/12/2011 by jamie

Administrator - Elevation successful



========== filefind ==========



Searching for "tdx.sys"

C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys --a---- 74240 bytes [23:12 13/07/2009] [15:04 30/12/2011] (Unable to calculate MD5)



-= EOF =-

Edited by steadywaters, 30 December 2011 - 02:30 PM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:52 PM

Posted 30 December 2011 - 02:45 PM

Can you retry the script again?

You're log is not proper

You can use farbar service scanner too.

Type

tdx.sys in BOX and click on search files

Post the generated log

Thanks

Edited by narenxp, 30 December 2011 - 02:46 PM.


#5 steadywaters

steadywaters
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 30 December 2011 - 02:53 PM

I used FSS instead:

Farbar Service Scanner
Ran by jamie (administrator) on 30-12-2011 at 14:49:05
Windows 7 Home Premium (X86)

************************************************
================== Search: "tdx.sys" ===================

C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys
[2009-07-13 18:12] - [2011-12-30 10:04] - 0074240 ____A () D41D8CD98F00B204E9800998ECF8427E

====== End Of Search ======

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:52 PM

Posted 30 December 2011 - 03:09 PM

Click the start button

Go to RUN (WIndows + R key) and copy this line

C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28

Click ok

Now copy the tdx.sys file from the location and paste it in


C:/Windows/system32/drivers folder

Restart your PC and see if you can browse now

Good luck

Edited by narenxp, 30 December 2011 - 03:10 PM.


#7 steadywaters

steadywaters
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 30 December 2011 - 03:53 PM

The problem still exists. Wireless is connected but no access. LAN doesn't recognize that cable is plugged in.

Here is a FSS log after following your steps:

Farbar Service Scanner
Ran by jamie (administrator) on 30-12-2011 at 15:47:21
Microsoft Windows 7 Home Premium (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2011-06-15 19:30] - [2011-04-24 21:35] - 0338944 ____A (Microsoft Corporation) 0DB7A48388D54D154EBEC120461A0FCD

C:\Windows\system32\Drivers\tdx.sys
[2011-12-30 15:42] - [2011-12-30 10:04] - 0074240 ____A () DE87CCA85BFCEB7900E007E37DBF4DA2

C:\Windows\system32\Drivers\tcpip.sys
[2011-11-08 22:56] - [2011-09-29 10:43] - 1285488 ____A (Microsoft Corporation) 56C198AC82EFA622DD93E9E43575F79C

C:\Windows\system32\dnsrslvr.dll
[2011-04-14 19:50] - [2011-03-03 00:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:52 PM

Posted 30 December 2011 - 03:59 PM

Click on start button and type

cmd

Right click on command prompt-run as administrator

Run this command

net start TDX
press ENTER


net start DHCP press ENTER

Let me know if it finds errors

Edited by narenxp, 30 December 2011 - 03:59 PM.


#9 steadywaters

steadywaters
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 30 December 2011 - 04:04 PM

For TDX:

System error 193 has occurred.

*** is not a valid Win32 application.

For DHCP:

System error 1068 has occurred.

The dependency service or group failed to start.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:52 PM

Posted 30 December 2011 - 04:10 PM

Open command prompt,run this command

sfc /scannow

Wait for scan to get completed

Restart your PC,now run the command again

Good luck

#11 steadywaters

steadywaters
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 30 December 2011 - 05:16 PM

Connection has been restored. Thank you narenxp for your time!

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:52 PM

Posted 30 December 2011 - 05:20 PM

:thumbsup:

#13 samcmullen

samcmullen

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 07 January 2012 - 01:29 PM

no internet access after removing win 7 security malware

Very very very much appreciated! Thanks steadywaters for taking the time to post your issue properly and thank you narenxp for providing the solution! Worked for me! Added the bit above so the poor souls who are googling the issue can find it quickly.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users