I understand that post was locked. However, I hope you will hear me out before removing my post here to add new info and to request help about this.
( post I'm referencing: http://www.bleepingcomputer.com/forums/t/534143/body4udiymyricecom/ )
I am on my partner's computer now because my notebook cannot seem to access the internet anymore. This is part of the issue here. Let me explain.
I will preface by saying that my computer is an HP notebook, Windows 7 Home Premium, 64-bit.
1) For the last few years, I have been using a program called Peerblock, which is a free and open source software firewall application. It blocks incoming and outgoing connections to Internet IP addresses that are included on blacklists which a user selects, but also any addresses manually specified by the user. I've been frequently monitoring traffic that flows in and out of my Peerblock program in order to keep my VPN service running.
2) For the last few months I have been using Private Internet Access, a VPN service. I have been using a server in the same country I reside, the US.
3) About a week ago I downloaded the add-on NoScript for my firefox browser.
Around the same time, I updated my blocklists from iblocklist for peerblock, and added a couple of new ones as well.
I noticed on my peerblock roster that the pings for the "IANA" lists were spamming my computer really badly, as well as my partners, which I had put on there as well. I decided to remove the IANA lists for thinking I was probably doing something wrong. The spamming was quickly replaced by a stream of pings from the "bogon" lists. I decided to remove those as well, and that is when I started seeing the malware pings. Do not attempt to go to these sites, they are dangerous -- body4u.diy.myrice.com and asnbm.myftpsite.net -- I repeat, do not attempt to go to these sites. It was those two that I began to see.
I noticed my VPN was doing some weird disconnections and reconnections. It would disconnect after trying to connect, and then when I tried again, it would appear as though it was working again. However, when I tested it out with http://ipleak.net, it was as though there was no VPN active.
I started to do more research, and came across the post on your site. I realized there was much more going on here than I at first realized, specifically because far more advanced computer users than myself were having serious trouble with figuring this out. I did make some attempt to follow the steps that blackbox suggested on that thread - I uninstalled and reinstalled my firefox browser, and the problem persisted. There were even ping requests happening while I had my wifi "shut off". Not very comforting considering the basic logistics we're all supposed to believe when it comes to what "wifi disabled" means.
After talking things over with my partner, it was evident that even if I could magically manage to stop the pings from being answered, it was not allowing my VPN service to work, as in messing hardcore with my DNS settings (perhaps among other things, I'm really not sure.) And in the previous post about this problem, getting a VPN to work in addition to ridding this problem was not included among the dialogue.
At that point, I proceeded to post on the Private Internet Access forums. Not too much came of it. I will link it, though, so you can read my description in greater detail - http://tiny.cc/jp4ghx Also note that I linked the previous post listed here on bleepingcomputer.
After thinking about things I realized the connection with the other articles I had read talking about "add-ons" being a connection to how this gets into a computer, and remembered that I had recently added NoScript to my add-ons. I decided to head over to the forums for NoScript and see if I could get more help. That conversation is now at a stand-still, however so far those who are well-versed with using NoScript claim there has not been any red flags about this malware attached to their add-on. That conversation can be found here - http://tiny.cc/xhyjhx
So, with all of that being said, I come to my current point. I took steps to try to put all the data on my notebook that I wanted to save into a zip file, and to transfer that file over my home network to my partners computer, because I lack an external drive to do so at the moment, and the money to acquire said external drive. (The pings are continuously being blocked by peerblock, but keep coming in a steady stream.) I managed to make a zip file. The problem happened when I tried to transfer it. It got about 5% through - and then my internet connection suspiciously stopped working properly on my notebook, while working fine on my partners computer.
I have a modem, and a wireless router, and I noticed that instead of seeing it trying to connect to the router which has a name we have assigned it, it was saying "unidentified network" as the thing it was trying to connect to.
I went in to try to troubleshoot the problem with Windows Network Diagnostics. It came back at me with an error message that said, "Wireless Network Connection" doesn't have a valid IP configuration."
This is basically where I'm really starting to panic. I'm not sure if this malware is intelligent enough to mess up the inherent IP configurations of my computer, and what's more, all of my stuff is still on it. It's as though I tried to carefully and quietly pack all my stuff up and move it out and the malware decided to block that process from happening. And now I cannot even connect to the internet on it to maybe try to upload my stuff to a cloud-based service of some kind - which looking back is probably what I should have tried to do!!
I'm hoping this is just a basic setting that needs to be switched on or off or some such thing, but I have a feeling it's not that simple.
The only theory I have is that the "unidentified network" has to do with the VPN service (which I have not had active in over a week now) in some way, as I was connected to one to use the VPN service in addition to my router.
Before you ask, no, I don't have any screenshots. I could get them if you needed them, but there's not really anything amazing to take a screenshot of. What I said is what you see.
Thanks for any feedback. Please have patience with me, as I am not super advanced at this stuff, in case you couldn't already tell.
EDIT: Forgot to add that I was trying to move stuff off of my computer in order to use my recovery CDs that I have for it. (Thankfully.)
Edited by stuffandthings, 16 June 2014 - 10:33 AM.