Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removed Adware, now no internet


  • Please log in to reply
5 replies to this topic

#1 Enkopresis

Enkopresis

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 02 February 2015 - 10:01 AM

Hey everyone,
 
first of all, I searched for a similar topic and have been reading for a great period of time, but I could not find a solution or something similar.
 
My co-workers system was flooded by adware... twice. I removed everything the first time. After everything was gone, Internet wasn't working.
So I checked proxy-settings. Somehow the adware - or during the removal of the Programms - proxyies were activated. After I deactivated proxies, internet
and everythings was working again. Now this time, the second time - adwares are gone, internet is again not working, but there are no proxies active. Well,.. there is internet! I can ping every
webpage, but I can't acces via browser! Even if I reinstall them (latest versions of Firefox/Chrome/IE)
 
 
I followed many guides, including this one: http://www.selectrealsecurity.com/fix-internet-connection
but yet without any success.
I ran Farbar Service Scanner and attached the output-file. I have not found a description, what "File is digitaly signed" actually means? I would presume that it is nothing positive, right?
 
The System is Windows 7 Professional. The most agressiv Adware was WebSearch Start, but there where many more involved, that I sadly can't remember the names.
 
 
Do you have any suggestions? Which informations did I missed to write? Thanks a lot for your time!
 
/edit: file attached
 
Enko
 
 
 

Farbar Service Scanner Version: 17-01-2015
Ran by JohnDoe (administrator) on 02-02-2015 at 15:40:33
Running from "C:\Users\JohnDoe\Desktop\Sonstiges"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal

****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

Edit: Topic moved from Windows 7 to the more appropriate forum. ~ Animal

Attached Files

  • Attached File  FSS.txt   2.3KB   1 downloads


BC AdBot (Login to Remove)

 


#2 Phantom010

Phantom010

  • Members
  • 1,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cyberspace
  • Local time:06:50 AM

Posted 02 February 2015 - 12:21 PM

Did AdwCleaner delete Hotspot Shield from your computer? If you don't know, open AdwCleaner's Quarantine manager and look for Hotspot Shield or Anchorfree. If it did, reinstalling the program might get you back your Internet connection. Then, if you don't need it, uninstall it the normal way (without AdwCleaner).



#3 Enkopresis

Enkopresis
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 02 February 2015 - 02:20 PM

Hey, thanks for the quick reply! I just got home, and I found a way, too. Sorry that I won't be able to check your solution!

But the least thing to do, I will tell what solved the problem for me.

 

Basicly

1. Windows Repair 2.10.4" saved me

http://www.bleepingcomputer.com/download/windows-repair-all-in-one/

 

I ran it in standard configuration. Quick and easy, "everything" got solved. All browsers started working fine after that.

 

To make sure every trace of mal-/adware is gone, I ran:

 

2. TDSSKiller as well, I ran FixTDSS

3. HitmanPro (free trial)

4. AdwCleaner

 

Every program did a little something, helping me to get rid of all the leftovers.

 

Again, thanks for your help! I was dealing with this problem for a few days now, and I am happy and surprised how quick and easy everything got back to normal.


Edited by Enkopresis, 02 February 2015 - 02:38 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:50 AM

Posted 02 February 2015 - 03:47 PM

Now you should Create a New Restore Point and purge the rest to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

  • Click the Start Orb and in the Search box type: Create a restore point ...then click on it.
  • When the System Properties window opens, under the System Protection tab, select the Create... button at the bottom. Give the restore point a name, then click "Create". The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then to remove all but the newly created Restore Point, use Disk Cleanup.

.
Resources to do the above:

-- Note: When using Disk Cleanup in Windows 7/8, click on the Clean up system files button, then click on the More Options tab.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Enkopresis

Enkopresis
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 03 February 2015 - 05:35 AM

Thanks for your suggestion! I created now a new System Restore Point and deleted all the old ones.

 

Any Questions or any Information to add? Otherwise I would suggest, the topic is now solved.

 

Thank you all!



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:50 AM

Posted 03 February 2015 - 05:59 AM

You're welcome on behalf of the Bleeping Computer community.

You may want to read these topics.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users