Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

internet connection problem after malware/virus removal


  • Please log in to reply
16 replies to this topic

#1 marbino

marbino

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 21 August 2013 - 10:10 PM

can someone help me...my pc recently removed a malware and afterwards i cant connect to the internet (yellow icon no network acess)

heres the FSS log....thanx hope you can help me with this one

 

 

Farbar Service Scanner Version: 18-08-2013
Ran by marvin (administrator) on 01-01-2002 at 02:22:49
Running from "C:\Users\marvin\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error. 
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
IE proxy is enabled.
 
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-08-19 10:05] - [2013-07-06 13:05] - 1293760 ____A (Microsoft Corporation) 4E8B9BE71B807B3BAEDB7F4243F85E3C
 
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
 
 
**** End of log ****

Edited by hamluis, 22 August 2013 - 06:19 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 marbino

marbino
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 21 August 2013 - 10:19 PM

i'll really appreciate a quick reply :)



#3 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:30 PM

Posted 21 August 2013 - 10:27 PM

Hello -

Can you please list any and all tools that you used to remove the malware.

 

Can you please list the name(s) of the infection(s) that you removed.

 

Were you helped by anyone else, or did you follow any guides for the removal ?

 

Thank You -



#4 marbino

marbino
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 21 August 2013 - 10:34 PM

i used comodo and spybot...im sorry i cant get the list of the infections its already deleted...i just followed these guides from this http://www.selectrealsecurity.com/fix-internet-connection


Edited by marbino, 21 August 2013 - 10:35 PM.


#5 marbino

marbino
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 21 August 2013 - 10:51 PM

please help me i dont want to resolve in re-formatting my computer :(



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:30 PM

Posted 21 August 2013 - 10:57 PM

If you can just list any other removal programs, or try to recall the infection it will help.

Reinstall should not be required, if you can help with any other details -

 

This is to use after you have removed and your internet is not restored .....

Did you at any time use ComboFix program, and have you Fully Rebooted the computer ??

 

Did you follow the directions listed there to restore -


@Echo off
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
cls
echo Script finished.
pause
del %0

Copy this script to Notepad Etc. ?

If so, what was the result ?

 

 

Thanks -



#7 marbino

marbino
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 21 August 2013 - 11:08 PM

the malware is this backdoor.win32.agent.cxi4@60719159



#8 marbino

marbino
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 21 August 2013 - 11:13 PM

i didnt use any combo fix...i just run the reset.bat...and follow the rest of the instruction... theres still no net connection :(



#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:30 PM

Posted 21 August 2013 - 11:33 PM

Comodo Identifier - Backdoor.Win32.Agent.CXI4
This was the infection (I think)

On rebooting the computer I take it that you have all services operating Except for internet

Is this correct -

 

You will need a USB Flash drive to transfer this program from a good computer, and run it.

Please download MiniToolBox, Save it to your desktop and run it.
Checkmark the following boxes:
• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts

 

 

Thanks -



#10 marbino

marbino
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 21 August 2013 - 11:35 PM

thanx ill give it a try :)



#11 marbino

marbino
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 21 August 2013 - 11:40 PM

this is the result

 

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by marvin (administrator) on 01-01-2002 at 03:54:25
Running from "C:\Users\marvin\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
127.0.0.1 localhost
 
 
**** End of log ****


#12 marbino

marbino
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 21 August 2013 - 11:42 PM

do i need to restart my pc??



#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:30 PM

Posted 21 August 2013 - 11:44 PM

If there is no change yet, then

-  Yes - Reboot -



#14 marbino

marbino
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 21 August 2013 - 11:50 PM

its still the same :(



#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:30 PM

Posted 21 August 2013 - 11:53 PM

Asking for help -

 

Back in 5 (I hope) -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users