Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Issues


  • Please log in to reply
1 reply to this topic

#1 mwdakota

mwdakota

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 30 December 2011 - 10:18 PM

I recently got a virus while trying to watch a tv show online. It wouldn't let me do anything. I was finally able to start and run combofix in safe mode. It told me that I had the rootkit.zero access. It was able to get rid of it and my computer is running normally except that I am not able to connect to the internet. When I click repair it says it cant renew the ip address. I tried to ipconfig /renew in the cmd prompt, but it says that the RPC server is unavailable. I have checked to make sure that the rpc service is set to automatic and running. I am using my brothers computer for now. Is there anything that I can do to fix it? Please let me know as soon as possible. I work until 9 every night so I can respond then.

Thanks,
Keith McCall



I have a like issue and can post the reports that you called for if you can help me also.

Thanks Mike

Farbar Service Scanner
Ran by mike (administrator) on 30-12-2011 at 21:18:13
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

NetBt Service is not running. Checking service configuration:
The start type of NetBt service is OK.
The ImagePath of NetBt service is OK.
Checking LEGACY_NetBt: Attention! Unable to open LEGACY_NetBt\0000 registry key. The key does not exist.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(6) NwlnkIpx(21) NwlnkNb(22) PSched(7) Tcpip(3)
0x18000000040000000100000002000000030000000A0000000E00000012000000130000001400000005000000060000000700000008000000090000000B0000000C0000000D0000000F000000100000001100000015000000160000001700000018000000

**** End of log ****

SystemLook 30.07.11 by jpshortstuff
Log created at 21:17 on 30/12/2011 by mike
Administrator - Elevation successful
========== reg ==========

[HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\netbt]
"Type"= 0x0000000001 (1)
"Start"= 0x0000000001 (1)
"ErrorControl"= 0x0000000001 (1)
"Tag"= 0x0000000006 (6)
"ImagePath"="system32\DRIVERS\netbt.sys"
"DisplayName"="NetBios over Tcpip"
"Group"="PNP_TDI"
"DependOnService"="Tcpip"
"DependOnGroup"=" "
"Description"="NetBios over Tcpip"

[HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\netbt\Enum]
"0"="Root\LEGACY_NETBT\0000"
"Count"= 0x0000000001 (1)
"NextInstance"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\netbt\Linkage]
"Bind"="\Device\Tcpip_{E6D314CC-9C15-45FF-9A9C-F5245BA6EAB7} \Device\Tcpip_{1574B666-940E-4AA1-8E3B-3102DD39BBC1} \Device\Tcpip_{A274D5B8-64BF-4AF4-9CE1-C8745118A562}"
"Route"=""Tcpip" "{E6D314CC-9C15-45FF-9A9C-F5245BA6EAB7}" "Tcpip" "NdisWanIp""
"Export"="\Device\NetBT_Tcpip_{E6D314CC-9C15-45FF-9A9C-F5245BA6EAB7} \Device\NetBT_Tcpip_{1574B666-940E-4AA1-8E3B-3102DD39BBC1} \Device\NetBT_Tcpip_{A274D5B8-64BF-4AF4-9CE1-C8745118A562}"
"OtherDependencies"="Tcpip"

[HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\netbt\Parameters]
"EnableProxy"= 0x0000000002 (2)
"EnableLMHOSTS"= 0x0000000001 (1)
"NbProvider"="_tcp"
"NameServerPort"= 0x0000000089 (137)
"CacheTimeout"= 0x00000927c0 (600000)
"BcastNameQueryCount"= 0x0000000003 (3)
"BcastQueryTimeout"= 0x00000002ee (750)
"NameSrvQueryCount"= 0x0000000003 (3)
"NameSrvQueryTimeout"= 0x00000005dc (1500)
"Size/Small/Medium/Large"= 0x0000000001 (1)
"SessionKeepAlive"= 0x000036ee80 (3600000)
"TransportBindName"="\Device\"

[HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\netbt\Parameters\Interfaces]
(No values found)

[HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\netbt\Parameters\Interfaces\Tcpip_{110310AF-FFB6-47A5-A7EE-7C33403CE816}]
"NameServerList"=" "
"NetbiosOptions"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\netbt\Parameters\Interfaces\Tcpip_{1574B666-940E-4AA1-8E3B-3102DD39BBC1}]
"NameServerList"=" "

[HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\netbt\Parameters\Interfaces\Tcpip_{238FBECC-40DB-4227-B1C9-6EB3194D095A}]
"NameServerList"=" "
"NetbiosOptions"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\netbt\Parameters\Interfaces\Tcpip_{A274D5B8-64BF-4AF4-9CE1-C8745118A562}]
"NameServerList"=" "

[HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\netbt\Parameters\Interfaces\Tcpip_{E6D314CC-9C15-45FF-9A9C-F5245BA6EAB7}]
"NameServerList"=" "
"NetbiosOptions"= 0x0000000000 (0)
"DhcpNameServerList"="192.168.133.2"

[HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\netbt\Security]
"Security"=01 00 14 80 e8 00 00 00 f4 00 00 00 14 00 00 00 30 00 00 00 02 00 1c 00 01 00 00 00 02 80 14 00 ff 01 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 b8 00 08 00 00 00 00 00 14 00 8d 01 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 18 00 9d 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 25 02 00 00 00 00 14 00 fd 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 40 00 00 00 01 01 00 00 00 00 00 05 13 00 00 00 00 00 14 00 40 00 00 00 01 01 00 00 00 00 00 05 14 00 00 00 00 00 18 00 9d 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 2c 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 (REG_BINARY)


-= EOF =-

Edited by hamluis, 31 December 2011 - 09:15 AM.
Merged posts, split from different topic, PM sent new OP.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:07 PM

Posted 31 December 2011 - 10:56 AM

Download legacy_netbt.reg

http://www.mediafire.com/?8xr0d7oonod68ix


Click on start button and type

regedit and press ENTER

Navigate to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root

Right click on root-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Now launch the key and click YES to import it to registry

Again navigate to this path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root

Uncheck full control given for Everyone

Restart the PC

Check your browser

Good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users