Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran TDSS Killer now can't get online. Need help.


  • Please log in to reply
3 replies to this topic

#1 rigby1

rigby1

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 13 January 2012 - 01:57 AM

Hello,

First removed the XP Spyware 2012 virus using Malewarebytes. Norton was still popping up with Tidserv Activity warning so I ran TDSS Killer. Now I can't access the internet.

Current Farbar is below. Any help getting back online would be greatly appreciated.



Farbar Service Scanner
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open IpSec registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open IpSec registry key. The service key does not exist.


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled. The default start type is Auto.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: Attention! Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.


File Check:
========
H:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
H:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
H:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
H:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
H:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
H:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
H:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
H:\WINDOWS\system32\netman.dll => MD5 is legit
H:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
H:\WINDOWS\system32\srsvc.dll => MD5 is legit
H:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
H:\WINDOWS\system32\wscsvc.dll => MD5 is legit
H:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
H:\WINDOWS\system32\wuauserv.dll => MD5 is legit
H:\WINDOWS\system32\qmgr.dll => MD5 is legit
H:\WINDOWS\system32\es.dll => MD5 is legit
H:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
H:\WINDOWS\system32\svchost.exe => MD5 is legit
H:\WINDOWS\system32\rpcss.dll => MD5 is legit
H:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) NetBT(6) PSched(7) SYMTDI(8) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
Attention! IpSec Tag value should be 5Attention! IpSec Tag value is missing and it should be 5

**** End of log ****

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:58 PM

Posted 13 January 2012 - 10:07 AM

To be on safer side before running registry fixes i would suggest you to

Download

http://www.snapfiles.com/get/erunt.html

Install it and backup your registry to C:/Windows/erdnt

Download

http://www.mediafire.com/?6ipdcqgvm1rua09

Download and launch it,click YES when you receive a prompt

Restart your PC and check your browser

Good luck

#3 rigby1

rigby1
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 13 January 2012 - 10:35 AM

To be on safer side before running registry fixes i would suggest you to

Download

http://www.snapfiles.com/get/erunt.html

Install it and backup your registry to C:/Windows/erdnt

Download

http://www.mediafire.com/?6ipdcqgvm1rua09

Download and launch it,click YES when you receive a prompt

Restart your PC and check your browser

Good luck



That worked! Thanks so much for the help.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:58 PM

Posted 13 January 2012 - 10:59 AM

You're welcome :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users