Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran Combofix now internet doesn't work


  • This topic is locked This topic is locked
14 replies to this topic

#1 L0ckz0r

L0ckz0r

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 25 May 2012 - 07:04 PM

I posted this in the windows 7 forum here: http://www.bleepingcomputer.com/forums/topic454893.html

Here is my problem:
I was having problems getting rid of the SearchQu virus/malware so I downloaded and ran combofix from
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

It said I had a rootkit virus that inserted itself into my TCP/IP settings and that my internet might not work and all I would have to do is run combofix again.

Combo fix ran, delted all my malware and rootkit viruses and then the internet didn't work.
So I re started, still didn't work.
Then I ran combofix again, still didn't work.

Wireless Internet still doesn't work. I'm posting this by tethering my phone to my computer via USB.

As requested in the other topic I have attatched log files.

Attached File  DDS.txt   17.27KB   7 downloads

Attached File  gmer.log   1.11KB   3 downloads

BC AdBot (Login to Remove)

 


#2 L0ckz0r

L0ckz0r
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 26 May 2012 - 07:58 PM

Someone asked me to post the combo fix log so here it is:
Attached File  ComboFix.txt   23.45KB   6 downloads

This log is from the 3rd time combo fix ran, because I ran it again because the program said I might need to if I don't have internet.

I should also say I have covenant eyes installed on my computer willingly, and it might have been the program combofix thought was attatched to the TCP IP thing. It's reinstalled now.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:04 PM

Posted 30 May 2012 - 09:57 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

You should download these tools to a CD or Flash drive using a goog computer. Copy the Files to the Desktop of the problem computer and run them.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP Configuration
  • List Last 10 Event Viewer Errors
  • List Users, Partitions and Memory Size
Click Go and copy/paste the log (Result.txt) into your next post.

If this fails to restart your internet continue.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Please post the logs for my review.

#4 L0ckz0r

L0ckz0r
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 04 June 2012 - 10:18 PM

Thankyou, ran those tests. Internet still doesn't work. Here are my logs.

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:04 PM

Posted 05 June 2012 - 07:18 AM

Please run Farbar Service Scanner.
Type the following in the edit box after "Search:".

dnsrslvr.dll

Click Search Files button and post the log (FSS.txt) it makes to your reply.

#6 L0ckz0r

L0ckz0r
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 06 June 2012 - 02:01 AM

Attached File  FSS.txt   903bytes   2 downloads

Edited by L0ckz0r, 06 June 2012 - 02:03 AM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:04 PM

Posted 06 June 2012 - 10:22 AM

Click the Posted Image button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7 with Elevated Privilege
http://www.mydigitallife.info/2007/02/17/how-to-open-elevated-command-prompt-with-administrator-privileges-in-windows-vista/
<<<>>>

If that fails.

Launch Notepad, and copy/paste all the blue instructions below to it.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]


Then, disconnect from the Internet!
Next,
Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.

On a Vista or Windows 7 operating system right click on the fixme.reg file and run as Administrator.

Optional if the following programs are in your computer.
Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed.
===

Continue if needed.

Fix Winsock Manually on Windows 7

1. Open up the command line utility and enter:
(open the run box, type cmd in the search box click ok.

The DOS PROMPT WILL BE SEEN.

type the following at the prompt and hit the Enter key after each entry..

netsh winsock reset

netsh winsock reset catalog

netsh int ip reset reset.log


p.s. I think your can copy and paste each line at the DOS prompt. Hit the enter key.

When all done type EXIT hit the enter key.

Restart the computer normally.

How is it now?

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:04 PM

Posted 12 June 2012 - 12:54 PM

Are you still with me?

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:04 PM

Posted 13 July 2012 - 06:17 AM

The topic is reopened.

Lets continue.

#10 L0ckz0r

L0ckz0r
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 13 July 2012 - 08:32 PM

Sorry about all that.
I followed your last instructions but still no internet.

Attached File  not connected.png   7.12KB   0 downloads

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:04 PM

Posted 14 July 2012 - 10:07 AM

Can you connect directly bypassing the router?

#12 L0ckz0r

L0ckz0r
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 15 July 2012 - 06:09 AM

What do you mean? Like plugging an ethernet cable in to the modem?

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:04 PM

Posted 15 July 2012 - 07:39 AM

Yes.

#14 L0ckz0r

L0ckz0r
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 19 July 2012 - 08:15 AM

The only ethernet cable I could find has been chewed through, so I'll endevour to get a new one and try.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:04 PM

Posted 25 July 2012 - 09:03 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users