Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lost wireless connection after MBAM removed rootkits


  • Please log in to reply
11 replies to this topic

#1 J Moldy

J Moldy

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 17 July 2012 - 08:04 AM

Hello again.

Found out MBAM and MSE hadn't been running for well over a month on my laptop, and reactivated them. To my modest surprise, MBAM found two rootkits on my computer. I had it delete them and, after a while, restarted my computer. When it finished rebooting, it was unable to get internet access. It goes to Identifying, it connects to the network, but doesn't get internet access. I tried restarting the routers and my computer but to no avail. Diagnose doesn't help, it comes up with "couldn't identify". MBAM and MSE both report no viruses of any kind.

Edited by hamluis, 17 July 2012 - 06:39 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 FadeMind

FadeMind

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:03 PM

Posted 17 July 2012 - 08:24 AM

Do You reinstall network drivers?
Probably, when MBAM remove infected drivers, remove or corrupt property network drivers.
Solution:
- Remove and clean install drivers for network device.
- Full scan AV software. Remove MSE. Install Norton/ESET software. Your choice.
- If something disturbing, write a new topic in the section dealing with the analysis of logs. Wait for the opinion of specialists from log analysis.
Mbam he could not cope with the removal of the infection.

#3 J Moldy

J Moldy
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 17 July 2012 - 08:39 AM

Question. How do I install drivers without internet access?
Also, I've found MSE to be quite capable of handling most problems so far.

#4 FadeMind

FadeMind

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:03 PM

Posted 17 July 2012 - 09:30 AM

Question: How do u write new answer to this topic without connection to Internet?

You must identify your network card. Download, install and run HWiNFO32
Close summary window. Open in program menu:Report >> Create
Next, u check: Short Text Report in creator and click Next > button.
Click Copy to Clipboard button and paste report in pastebin.com .
In response, please link to the report.

#5 J Moldy

J Moldy
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 17 July 2012 - 09:47 AM

I'm using a different computer...
And as for the network card, it's an Intel WiFi Link 5100 AGN

Also, on starting my computer from powered down, it's started making the touchpad go crazy sensitive. Not sure what that's about.

#6 Wds 7

Wds 7

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 PM

Posted 17 July 2012 - 12:17 PM

Properly too late to stop virus , It's infected badly ...
The best way .. { I think }
Power up in safe mode .... save all your document ... to a flash drive {don't touch it ... some of the files you save might be infected too..}

Reinstall your windows ... and AV program back to normal and scan your flash drive before put the docs back .

{Another way you can try ... use another pc to download "Hijack this" and scan your pc then go to " http://www.hijackthis.de/en " to find out which program is bad ..)

Edited by Wds 7, 17 July 2012 - 12:18 PM.


#7 J Moldy

J Moldy
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 17 July 2012 - 12:43 PM

Properly too late to stop virus , It's infected badly ...
The best way .. { I think }
Power up in safe mode .... save all your document ... to a flash drive {don't touch it ... some of the files you save might be infected too..}

Reinstall your windows ... and AV program back to normal and scan your flash drive before put the docs back .

{Another way you can try ... use another pc to download "Hijack this" and scan your pc then go to " http://www.hijackthis.de/en " to find out which program is bad ..)


...No, it really isn't.

The laptop has been running absolutely fine UNTIL I had MBAM delete a pair of files. Meaning that most likely, it would have gone on running perfectly normally had I not gone and "fixed" the "problem".

#8 J Moldy

J Moldy
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 18 July 2012 - 12:55 AM

Found out the problem.

MBAM identified tdx.sys as a "rootkit.0Access" and deleted it.

Where can I get a clean copy of it?

#9 J Moldy

J Moldy
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 18 July 2012 - 10:20 AM

Using this thread here as a kind of guide, I put the tdx.sys back into the system32/drivers folder, and restarted my computer, but this did not help. I am not sure what I need to do to register the driver.

Some help on this would be greatly appreciated.

#10 J Moldy

J Moldy
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 19 July 2012 - 03:56 PM

Seriously, I would like some professional help here.

All I need to know is how do I reinstall the driver.

#11 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:01:03 PM

Posted 19 July 2012 - 09:16 PM

I am working on a solution at the present time :busy:
Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +

#12 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:01:03 PM

Posted 19 July 2012 - 09:22 PM

Are you able to Download Systemlook and transfer the program to the infected computer?

Was the file deleted or moved to quarantine?

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Edited by Sneakycyber, 19 July 2012 - 10:11 PM.

Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users