Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Used TDSSKiller & now "aquiring network address"


  • Please log in to reply
9 replies to this topic

#1 peterk422

peterk422

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 31 December 2011 - 04:39 PM

I followed your tutorial on removing the XP Antivirus 2012. When I got to the step that told me to us TDSSKiller I followed the instruction except for the final step: "To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection. If it does not say Cure, leave it at the default action of Skip and press the Continue button. Do not change it to Delete or Quarantine as it may delete infected files that are required for Windows to operate properly" I changed it to delete & rebooted. Now when I boot, the computer is "acquiring network address" and system restore will not restore.I hope you can help. Thank you

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:19 PM

Posted 31 December 2011 - 05:04 PM

Hi

Download

http://download.bleepingcomputer.com/farbar/FSS.exe


and run it on the infected PC.

* Click on "Scan".
* It will create a log (FSS.txt) in the same directory the tool is run.
* Please copy and paste the log to your reply.

Please post the tdsskiller log too

#3 peterk422

peterk422
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 01 January 2012 - 11:31 AM

Farbar Service Scanner
Ran by Owner (administrator) on 01-01-2012 at 11:23:11
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

NetBt Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open NetBt registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open NetBt registry key. The service key does not exist.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


System Restore:
============

System Restore Disabled Policy:
========================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
Attention! C:\WINDOWS\system32\Drivers\netbt.sys is missing.
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****


I could not locate the TDSS Killer log

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:19 PM

Posted 01 January 2012 - 11:50 AM

Please launch the FSS again and type

netbt.sys in the BOX

Click on search files

Please post the generated log

#5 peterk422

peterk422
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 01 January 2012 - 11:57 AM

Farbar Service Scanner
Ran by Owner (administrator) on 01-01-2012 at 11:54:18
Microsoft Windows XP Service Pack 3 (X86)

************************************************
================== Search: "netbt.sys" ===================

C:\WINDOWS\system32\dllcache\netbt.sys
[2004-08-04 05:00] - [2008-04-13 14:21] - 0162816 ___AC (Microsoft Corporation) 74B2B2F5BEA5E9A3DC021D685551BD3D

C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2008-09-03 12:42] - [2008-04-13 14:21] - 0162816 ____C (Microsoft Corporation) 74B2B2F5BEA5E9A3DC021D685551BD3D

C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2008-09-03 12:54] - [2004-08-04 05:00] - 0162816 ____C (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

====== End Of Search ======

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:19 PM

Posted 01 January 2012 - 01:23 PM

Navigate to this path

C:\WINDOWS\ServicePackFiles\i386

Copy the netbt.sys from the location and paste it in

C:/windows/system32/drivers folder

Download

http://www.mediafire.com/?so1tr8o9748siiu

Launch it and click YES to import it to registry

Restart your PC and check your browser

Good luck

#7 peterk422

peterk422
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 01 January 2012 - 04:29 PM

I hate to ask a stupid question. When I download the link to my laptop to save it to a flash drive so I can use it on the affected computer, I get get a prompt to open it with notepad. How do I launch it onto the infected computer? I really appreciate the help you've given me so far.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:19 PM

Posted 01 January 2012 - 04:33 PM

Right click on the file

Select open with

Click on Browse

Navigate to C:/Windows folder ,click on REGEDIT

Select the regedit file and click ok

Now click on YES

Good luck

Edited by narenxp, 01 January 2012 - 04:33 PM.


#9 peterk422

peterk422
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 01 January 2012 - 05:36 PM

It worked. Thanks so much. If you have a paypal account I'd like to make a little deposit for your trouble. Thanks again. On another note, everytime the computer starts up a New Hardware Wizard window pops up and asks "what do you want the wizard to do". It says that it wants to install the software for PCI Simple Communications Controller. The computer is like 3 or 4 years old and nothing new has been added to it for a while. This has been popping up for about 2 weeks now. I hit cancel and that seems to do the trick, but I was just wondering if you ever heard of it.

Anyway thanks again, and send me your info.

Pete

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:19 PM

Posted 01 January 2012 - 05:46 PM

:thumbsup:

PCI Simple Communications Controller. //

Please browse to your PC manufacturer site

Download the CHIPSET drivers

Good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users