Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess Rootkit


  • Please log in to reply
6 replies to this topic

#1 bschmitt78

bschmitt78

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 29 March 2012 - 08:02 AM

Hello,
Hopefully someone can help me out. After "successfully" removing this virus from my Dell Latitude laptop with XP SP3, I can't connect to the internet nor see any of my internet connections. I tried resetting my TCP/IP stack using the NETSH command but it said I was missing the framedyn.dll file. After a number of checks of my PC with various tools, the virus appears to be gone, but the status of my wireless network card and my local area connection is "disconnected", unless I hardwire the router cord to my compuer, and even then it takes a long time for both my wireless and my local area connections to reset. If I reboot my computer, the connections are lost again. Also, I cannot make any FTP connections to a few FTP sites that I have, and cannot connect to my apache web server, AT ALL.

Before reinstalling Windows and my drivers, I was wondering if anyone knew of another solution?

Thanks,
Ben

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:46 PM

Posted 30 March 2012 - 02:05 AM

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:46 PM

Posted 30 March 2012 - 09:56 AM

Moved topic to the Am I Infeced forum.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 bschmitt78

bschmitt78
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 30 March 2012 - 05:10 PM

Thanks for your reply. Here are the results of my scan. Please note, I am now connected to my wireless and local area connections because I hard-connected my laptop to my modem. This seems to bring back my connections. Then, if I restart my machine, all my connections are lost. I can't even see the statuses of my connections. It's as if I am turning on a brand new computer.

Anyway, here is my scan output:

Farbar Service Scanner Version: 01-03-2012
Ran by Benjamin (administrator) on 30-03-2012 at 17:04:32
Running from "C:\Documents and Settings\Benjamin\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) SYMTDI(10) Tcpip(3)
0x0A000000040000000100000002000000030000000A0000000800000005000000060000000700000009000000
IpSec Tag value is correct.

**** End of log ****

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:46 PM

Posted 31 March 2012 - 01:21 PM

Download

Winsock fix

Launch it ,Click on FIX

Restart your PC after it gets completed

Check your browser.If that doesnt work try this


PLEASE create a restore point before trying this

Please copy the entire contents of the codebox below into Notepad:


REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2]





Open a notepad ,copy the script,save it as

Filename:winsock.reg
save as type:All files


Launch it and click YES to add it to registry

After that, Reboot your computer.

After the restart,

Go to Network Connections
Right click on your normal connection icon, and choose Properties
Click the Install button
Choose Protocol then click Add
Click Have disk
In the drop down box, type in: C:\WINDOWS\INF and click OK
In the next dialog, click Internet Protocol (TCP/IP) then click OK
Click Close to leave the properties box

After that, restart your computer


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#6 bschmitt78

bschmitt78
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 02 April 2012 - 08:09 AM

Well, I ran the Winsock tool and I made it to the point of adding those 2 registry keys, but after rebooting, I cannot access my wireless connection, nor can I even browse to my network connections as you directed me to do after rebooting. When I open the control panel, my laptop freezes up; I can't even get to Network Connections. And when I hardwire my laptop to my modem, before I could at least get my wireless to come back after waiting a couple hours. However, now I CAN navigate to localhost on my laptop, so at least whatever you had me do did fix that part.

When I get home tonight I'll try to do the last part of your instructions again, if I can get to my Network Connections.

Thanks,
Ben

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:46 PM

Posted 02 April 2012 - 10:21 AM

:thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users