Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removed ZeroAccess but no http works


  • Please log in to reply
2 replies to this topic

#1 molitar

molitar

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 AM

Posted 01 January 2012 - 09:51 PM

Has anyone figured out what this malware does? I removed the ZeroAccess and cleaned it up entirely.. I ran sfc /scannow.. I reinstalled and repaired the TCP/IP protocal. I can browse to non-standard ports like remotelyanywhere port 2000. But try to browse any standard ports it will not connect.. pings fine.. dns resolves fine.. non-standard ports work fine.. repair Windows Firewall. But still something blocks standard http and https ports. At this time I am resorting to a wipe reinstall on this clients system because it's an Asus EEE PC and has no repair install options. But I wish to know what could still block standard http ports as I have another client to work on later this week. Does anyone have a clue?

BC AdBot (Login to Remove)

 


#2 molitar

molitar
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 AM

Posted 02 January 2012 - 12:52 AM

Further information.. nslookup works but pings and tracert do not.. it appears to be some issue with DNS.. why would nslookup work fine but ping, tracert and browsers do not?

#3 www.osisecurity.com.

www.osisecurity.com.

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Australia
  • Local time:07:48 PM

Posted 02 March 2012 - 01:27 AM

Hi molitar,

I had the same problem but all of the malware forum google results did not have an answer, so thought I would share and hopefully help others. I fixed it by:

Reboot into the Microsoft Windows Recovery Console, then (where D:\ is the Windows install CD-ROM or Service Pack);

expand d:\i386\ipsec.sy_ c:\Windows\system32\drivers\ipsec.sys
expand D:\i386\dnsapi.dl_ C:\Windows\system32\dnsapi.dll
expand D:\i386\dnsrslvr.dl_ C:\Windows\system32\dnsrslvr.dll

More info can be found at http://www.osisecurity.com.au/blog/zeroaccess-rootkit-sirefef-no-internet-connectivity-dns ... but it worked for me without repairing or reinstalling Windows. I'd be interested to hear if this helps anyone else.

Cheers,
-Patrick




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users