Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No internet connection after win7 virus removal


  • Please log in to reply
11 replies to this topic

#1 abc987

abc987

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 05 January 2012 - 10:41 PM

My computer was recently infected with the win 7 virus, and I got rid of it by following the directions posted on this site (FixNCR, RKill, & Malwarebytes). But the day after I got rid of it, the computer started to run a bit slower than usual and had no internet connection. It's been two days now, but there is still no internet connection. Everything else seems to be working fine, except that I was watching a dvd and after about 40 minutes, windows media player suddenly shut down and stopped working.

Thanks in advance!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:14 PM

Posted 05 January 2012 - 10:44 PM

Download

http://download.bleepingcomputer.com/farbar/FSS.exe


and run it on the infected PC.

* Click on "Scan".
* It will create a log (FSS.txt) in the same directory the tool is run.
* Please copy and paste the log to your reply.

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:14 AM

Posted 05 January 2012 - 10:45 PM

Please download TDSSKiller.zip,extract it and copy it over to the problem computer.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#4 abc987

abc987
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 06 January 2012 - 04:52 PM

I did the FSS, but when I ran the TDSSKiller, it asked me to reboot and when it started to reboot, a black screen came up asking me to choose if i wanted to start windows normally or by using Startup Repair. I chose to start it normally, but it kept going back to the same screen. So I chose the startup repair, but when it finished, it says "startup repair cannot repair this computer automatically" with two choices "send information about this problem" and "don't send" then when I click finish, the computer just shuts off. So I'll just post the FSS log.


Farbar Service Scanner
Ran by yaru631 (administrator) on 06-01-2012 at 14:22:12
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Yahoo IP returend error: Yahoo IP is offline


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 18:09] - [2009-07-13 19:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll
[2009-07-13 18:09] - [2009-07-13 19:40] - 0703488 ____A (Microsoft Corporation) 4992C609A6315671463E30F6512BC022

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 17:36] - [2009-07-13 19:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe
[2009-07-13 17:39] - [2009-07-13 19:39] - 1598976 ____A (Microsoft Corporation) 787898BF9FB6D7BD87A36E2D95C899BA

C:\Windows\System32\wscsvc.dll
[2011-02-09 15:31] - [2010-12-21 00:16] - 0097280 ____A (Microsoft Corporation) 8F9F3969933C02DA96EB0F84576DB43E

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-13 18:36] - [2009-07-13 19:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll
[2009-07-13 17:46] - [2009-07-13 19:41] - 0848384 ____A (Microsoft Corporation) 7F0C323FE3DA28AA4AA1BDA3F575707F

C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2009-07-13 17:49] - [2009-07-13 19:40] - 0175104 ____A (Microsoft Corporation) 8C57411B66282C01533CB776F98AD384

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#5 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:14 AM

Posted 06 January 2012 - 06:34 PM

So are you saying that you cannot get into Windows now?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#6 abc987

abc987
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 06 January 2012 - 09:57 PM

Yea I can't get into windows anymore. But it lets me do system restore so im trying that right now.

#7 abc987

abc987
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 07 January 2012 - 12:00 AM

ok now i can get into windows, but still no internet connection. I ran the FSS one more time and here is the log.

Farbar Service Scanner
Ran by yaru631 (administrator) on 06-01-2012 at 13:58:34
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Yahoo IP returend error: Yahoo IP is offline


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 18:09] - [2009-07-13 19:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll
[2009-07-13 18:09] - [2009-07-13 19:40] - 0703488 ____A (Microsoft Corporation) 4992C609A6315671463E30F6512BC022

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 17:36] - [2009-07-13 19:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe
[2009-07-13 17:39] - [2009-07-13 19:39] - 1598976 ____A (Microsoft Corporation) 787898BF9FB6D7BD87A36E2D95C899BA

C:\Windows\System32\wscsvc.dll
[2011-02-09 15:31] - [2010-12-21 00:16] - 0097280 ____A (Microsoft Corporation) 8F9F3969933C02DA96EB0F84576DB43E

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-13 18:36] - [2009-07-13 19:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll
[2009-07-13 17:46] - [2009-07-13 19:41] - 0848384 ____A (Microsoft Corporation) 7F0C323FE3DA28AA4AA1BDA3F575707F

C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2009-07-13 17:49] - [2009-07-13 19:40] - 0175104 ____A (Microsoft Corporation) 8C57411B66282C01533CB776F98AD384

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#8 abc987

abc987
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 07 January 2012 - 04:36 PM

can anyone help me?

#9 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:14 AM

Posted 07 January 2012 - 04:38 PM

Open the Start Menu, type in "cmd" in the bar along the bottom, then press CTRL+SHIFT+ENTER.

In the black "Administrator Command Prompt" window that opens type these two commands:

netsh int ip reset reset.log
netsh winsock reset catalog


Reboot and then do a fresh FSS scan. Post the FSS log.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#10 abc987

abc987
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 07 January 2012 - 04:44 PM

Ok it seems to be working now after I deleted McAfee Antivirus

#11 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:14 AM

Posted 07 January 2012 - 06:51 PM

Good to hear that you got it sorted out. :thumbup2:
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#12 himani.sheth

himani.sheth

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 13 January 2012 - 09:16 AM

Could you help me on the same.
I have facing the same situation and below is the FSS notepad I had after doing Scan on FSS.exe. Have no idea what do I do next.



Farbar Service Scanner
Ran by Himani (administrator) on 13-01-2012 at 22:10:09
Microsoft Windows 7 Home Premium (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd: "system32\drivers\tskA9F5.tmp".


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.


File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys
[2012-01-09 00:23] - [2010-04-08 23:24] - 1285000 ____A (Microsoft Corporation) 63170B9EE1D0EF0032F0408605671D1A

C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit


**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users