Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected causing network failure and ie redirecting


  • This topic is locked This topic is locked
2 replies to this topic

#1 num1bryanp

num1bryanp

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 16 February 2012 - 05:24 PM

Hello,
I was asked to look at this XP Pro system after it had locked up and the user had to hold the power button to unlock it. After it rebooted there was no networking, it was like the LAN on the motherboard had failed, so I put in a second LAN card and it did not work either.
At this point I ran the following:
Ccleaner
Malwarebytes
Tried to run Combofix but it would not run, just gets stuck in store/restore section.
FYI. helpctr.exe will not run either. Tried the SP2 trick of turning off DEP for helpctr.exe no change.
Winsockxpfix.. still not networking, it would connect but no go.

Went out to services and turned on updates process.
Went out to msconfig and disabled all the startups

The LAN worked at first, I was able to do all the current MS updates… but now it is redirecting when you try to use it. And update is even failing.

Ran GMER & DDS, included logs.
Attached File  ark.txt   41.06KB   0 downloads
Attached File  attach.txt   19.72KB   0 downloads
Attached File  dds.txt   12.58KB   1 downloads

Time for someone better than me to look at the logs…

Thanks,
Bryan

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:15 PM

Posted 21 February 2012 - 10:35 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please check the properties of this file in bold.
C:\WINDOWS\system32\SWSC.exe

It it's not from Microsoft it may be malware.

>>> Run Jotti's malware scan: Please copy this line (in bold):
C:\WINDOWS\system32\SWSC.exe
  • Go to Jotti's malware scan and click the Browse button,
  • A window will open, right-click in the File name field and choose Paste.
  • Click the Submit button and let the scan run uninterrupted.
  • At the end right-click the Permalink button and choose "Copy the link". Posted Image
  • Open Notepad (Start => All Programs => Accessories) and click "Edition" => "Paste".
Please copy and paste these Permalink in your next reply.
If Jotti is busy, please go to http://www.virustotal.com
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Note: You may be asked if you want to download Avast Free Antivirus I suggest you deny this download unless you do not have any Antivirus protection on the computer.
===

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:15 PM

Posted 27 February 2012 - 09:49 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users