my pc recently got infected with a rootkit (zerolevel I believe) while surfing web. It was the "XP antivirus 2012" rootkit. I took the PC offline and removed the rootkit manually (with Google's help). Then I ran TDSSKiller, SuperAntiSpyware, ZeroAccessRemovalTool & ComboFix to make sure that the PC was clean. ComboFix did find an infection and cleaned it (I ran it thrice to make sure everything is good).
After all was done I tried to hookup the ethernet wire but couldn't get connected to internet. I quickly looked into network connection properties and found there were no values displayed under "support" tab (I use a static IP). Trying repair under 'Support' tab threw an error message saying "Failed to query TCP/IP". I knew that my TCP/IP stack was corrupt. No matter what I did, I couldn't get it to work again. This is what I've tried so far:
- reset tcp/ip stack using "netsh int ip reset resetlog.txt"
- reset winsock using "netsh winsock reset"
- removed and re-installed tcp/ip protocol
- tried reseting tcp/ip using built-in feature of 'SuperAntiSpyware'
all of this didn't work and i'm still sitting where i was before. I'd really appreciate if anyone here could help me with this as i need to have this pc online very soon.
Edit: sorry I forgot to add that I also get event:7000 in my system logs with error message - "tcp/ip protocol service failed to start becuase the specified proceedure couldn't be found". I also checked the tcpip.sys file and found that it was corrupt. so, i restored a correct copy from the cache.
I also want to add that I ran ComboFix, TDSSKiller & other tools before joining the forums here.
Edited by arau, 11 January 2012 - 05:57 PM.