Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No Network after XP antivirus 2012 rootkit removal


  • Please log in to reply
1 reply to this topic

#1 arau

arau

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 11 January 2012 - 05:21 PM

hi all,
my pc recently got infected with a rootkit (zerolevel I believe) while surfing web. It was the "XP antivirus 2012" rootkit. I took the PC offline and removed the rootkit manually (with Google's help). Then I ran TDSSKiller, SuperAntiSpyware, ZeroAccessRemovalTool & ComboFix to make sure that the PC was clean. ComboFix did find an infection and cleaned it (I ran it thrice to make sure everything is good).
After all was done I tried to hookup the ethernet wire but couldn't get connected to internet. I quickly looked into network connection properties and found there were no values displayed under "support" tab (I use a static IP). Trying repair under 'Support' tab threw an error message saying "Failed to query TCP/IP". I knew that my TCP/IP stack was corrupt. No matter what I did, I couldn't get it to work again. This is what I've tried so far:

- reset tcp/ip stack using "netsh int ip reset resetlog.txt"
- reset winsock using "netsh winsock reset"
- removed and re-installed tcp/ip protocol
- tried reseting tcp/ip using built-in feature of 'SuperAntiSpyware'

all of this didn't work and i'm still sitting where i was before. I'd really appreciate if anyone here could help me with this as i need to have this pc online very soon.


Edit: sorry I forgot to add that I also get event:7000 in my system logs with error message - "tcp/ip protocol service failed to start becuase the specified proceedure couldn't be found". I also checked the tcpip.sys file and found that it was corrupt. so, i restored a correct copy from the cache.
I also want to add that I ran ComboFix, TDSSKiller & other tools before joining the forums here.

Edited by arau, 11 January 2012 - 05:57 PM.


BC AdBot (Login to Remove)

 


#2 arau

arau
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 11 January 2012 - 07:44 PM

Scratch this ^. I resolved my own issue. I looked into device manager (show hidden devices) and found out that the tcpip device driver had an "!" mark on it. Checked the file version and it was a windows 7 version tcpip.sys file. replaced it with an xp tpcip.sys file from another desktop and voila. i could not get ip address and ping my network devices.

just a quick one. i believe that one of the rootkit remover has also removed my bookmarks for both IE and firefox. is there a way i can get it back? I'd like to get back those bookmarks if possible.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users