Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removed Malware, Now I have no internet access


  • Please log in to reply
10 replies to this topic

#1 dhnew

dhnew

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 19 January 2012 - 03:11 PM

Hi, I'm new to this Forum so I apologize if I'm repeating previous requests. I just used "Malwarebyte's Anti-Malware" to remove "Win 7 Antispyware 2012" from my son's laptop. Now I cannot connect to the Internet. My Wireless Network Connection shows "Connected" with Excellent signal strength but it is also telling me "No internet access".
Can anyone tell me how to fix this?

Edited by Budapest, 19 January 2012 - 05:24 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~Budapest


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 AM

Posted 19 January 2012 - 05:23 PM

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 partridge123

partridge123

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 23 January 2012 - 02:17 PM

i have this exact problem too! so i contacted my service provider and they said i had no internet drivers?? so i did this test that was advised above and the log came back as follows:

Farbar Service Scanner Version: 18-01-2012 01
Ran by Administrator (administrator) on 23-01-2012 at 19:02:24
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".
Checking LEGACY_BITS: Attention! Unable to open LEGACY_BITS\0000 registry key. The key does not exist.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll
[2008-04-14 00:41] - [2008-04-14 00:41] - 0246272 ____A (Microsoft Corporation) 19A799805B24990867B00C120D300C3A

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Just wonder if you have any suggestions? thanks Dave x

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 AM

Posted 23 January 2012 - 04:44 PM

Try running WinSock XP Fix.

To download it click on one of the three links under "Download Locations".

Run it, reboot and then post a new FSS log.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 Blue Coconut

Blue Coconut

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:the right side ocean, NC
  • Local time:07:03 PM

Posted 24 January 2012 - 12:21 AM

Just wanted to say I had a machine come through my office with the same problems after removing a redirect virus. If the IPSec file was over written for the redirect and had been removed you might want to try this as it fixed my problem.

basically you need to flush the overtaken ipsec driver file with the original microsoft driver file.

easiest way is that I went to another machine not infected running the same operating system, copied the ipsec driver file to a USB. ( should be C:\WINDOWSsystem32\drivers ) then go to the infected machine, make sure you disconnect the ethernet cable until complete. start your infected machine, delete the ipsec file completely then copy the new ipsec file into that spot and reboot. If you get any boxes asking permission click ok or yes or continue. restart your machine. plug in your ethernet cord as the machine is rebooting. once started up open cmd box, ping the internet "ping 4.2.2.2" should get a response. your back up and running. Now, this worked in my situation, and I am by no means trying to step on any of these guys on here toes, but I was here researching something and just happen to see this post. If this works for you then there you go, if it doesnt, then these guys will get you going.

cheers

Viper12
Ever tried landing a city block? Its a rush one cannot describe.

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 AM

Posted 24 January 2012 - 01:05 AM

Blue Coconut in this situation I do not believe that it is the ipsec driver because the FSS log implies that it is OK.

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit


The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 Blue Coconut

Blue Coconut

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:the right side ocean, NC
  • Local time:07:03 PM

Posted 25 January 2012 - 01:58 AM

Mine said the same thing, just tryin to help Buda.

Cheers,

Viper
Ever tried landing a city block? Its a rush one cannot describe.

#8 partridge123

partridge123

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 26 January 2012 - 06:46 PM

thanks for all the help, still cant find any internet drivers. ive followed the procedures you told me and i have a new log thats much shorter?? any further ideas??

Farbar Service Scanner Version: 18-01-2012 01
Ran by Administrator (administrator) on 26-01-2012 at 23:41:27
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#9 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 AM

Posted 29 January 2012 - 05:28 AM

Sorry for the late reply but I've been out of town for a few days.

http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#10 dhnew

dhnew
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 01 February 2012 - 11:22 AM

Thanks Budapest. I'll try it when I get home this evening. I also noticed my son is running rtkill(?) and its' log says it changed the proxy settings. Is that a clue?

#11 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 AM

Posted 01 February 2012 - 04:39 PM

Yes changed proxy settings can block internet access. Was there any improvement after running rkill?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users