Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No Internet Connection After Malware Removal


  • This topic is locked This topic is locked
14 replies to this topic

#1 twagoner

twagoner

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Illinois, USA
  • Local time:06:37 AM

Posted 05 March 2015 - 04:35 PM

After ridding myself of a virus that was redirecting my browser and creating popups, I am unable to connect to the internet.  I have followed the guide at SelectRealSecurity.com to "Fix Internet Connection after Malware Removal" with no success.  My computer's Network and Sharing Center says I have an internet connection but my browser do not connect, no do other programs that use an internet connection.  I connect just fine to the other computers on my network.  I have tried to restore the computer to an earlier time, but it does not complete successfully.  Any help or direction would be appreciated.

 



BC AdBot (Login to Remove)

 


#2 Nikhil_CV

Nikhil_CV

    Vestibulum Bleep


  • Members
  • 1,145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:err: Destination unreachable! bash!
  • Local time:05:07 PM

Posted 05 March 2015 - 05:19 PM

Hi,
If you believe your machine is clean, we can proceed with fixing..
First, let us know your system config like os ver., n/w adapter and other details.
What do you observe when you : open a command prompt > type in ' IPCONFIG /ALL ' > hit enter key? Post them back.
Download and execute minitool box from http://www.bleepingcomputer.com/download/minitoolbox/ and checkmark the boxes/options:
Flush DNS
Report IE proxy settings
Report firefox proxy settings
List content of hosts
List IP configuration
List winsock entries
List the last 10 event viewer errors
List of installed programs
List devices
.
After execution, Farbar MiniToolBox will provide you with a detailed report (result.txt). Post back its contents.
.
Download and run FSS from http://www.bleepingcomputer.com/download/farbar-service-scanner/
Checkmark all options > scan > copy the contents of the log to your reply.
.
For running tools, right click on the tool > Run as administrator.
.
Is your modem(+router) okay?
Regards : CV                                                                                                    There is no ONE TOUCH key to security!
                                                                                                                                       Be alert and vigilant....!
                                                                                                                                  Always have a Backup Plan!!! Because human idiotism doesn't have a cure! Stop highlighting!
                                                     Questions are to be asked, it helps you, me and others.  Knowledge is power, only when its shared to others.            :radioactive: signature contents © cv and Someone....... :wink:

#3 twagoner

twagoner
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Illinois, USA
  • Local time:06:37 AM

Posted 05 March 2015 - 06:38 PM

First - Thanks for your quick reply!  I was at a dead end.

I'm running Windows 7 Ultimate SP1, Network adapter is Realtek PCI GBE Family Controller.  The router and modem appear to be functioning normally.  All of the other computers and devices using my internet connection are working as usual.  Below is the ipconfig results and I have attached the MiniToolBox and FSS results as files.

Attached File  FSS.txt   3.03KB   8 downloadsAttached File  MiniToolbox Results.txt   72.73KB   15 downloads

 
 
C:\Users\TWW>ipconfig/all
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : TWW-OFFICE-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 00-02-72-A9-29-24
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection 2:
 
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 00-26-18-A7-5D-94
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::b83c:30ec:c8e:c6b3%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.57(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, March 05, 2015 3:16:29 PM
   Lease Expires . . . . . . . . . . : Friday, March 06, 2015 4:49:00 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 301999640
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-0F-89-6E-00-26-18-A7-63-FF
 
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCI GBE Family Controller
   Physical Address. . . . . . . . . : 00-26-18-A7-63-FF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
C:\Users\TWW>
 
 

 



#4 JohnC_21

JohnC_21

  • Members
  • 23,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:37 AM

Posted 05 March 2015 - 08:13 PM

Winsock is damaged. Type CMD in the search box and right click > Run as Administrator. At the prompt type

netsh winsock reset

You will get an output saying that it was successful. Reboot the computer and see if you can connect. If you can connect, I would not do anything that would require personal info such as bank sites until Nikhil_CV confirms you are clean.



#5 Nikhil_CV

Nikhil_CV

    Vestibulum Bleep


  • Members
  • 1,145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:err: Destination unreachable! bash!
  • Local time:05:07 PM

Posted 06 March 2015 - 05:23 AM

Hi twagoner :) ,

How is your connection after doing as John said?

Here is a fixit : http://go.microsoft.com/?linkid=9662461 similar to that.


I see that a lot of entries in your HOSTS file. Did you do it? Are  you a user  of custom hostfie entries ? Can you reset HOSTS till the issue is solved?

Here is a fixit :http://go.microsoft.com/?linkid=9668866

KB : http://support.microsoft.com/kb/972034/

 

 

Have you tried un-installing and re-installing network drivers (Realtek)?

BTW, I am not allowed to do malware removal at current level, it will be nice if you can share how the infection was fixed (links etc). Then John/myself can instruct you further on that. I doubt the removal was incomplete.


Edited by Nikhil_CV, 06 March 2015 - 05:37 AM.

Regards : CV                                                                                                    There is no ONE TOUCH key to security!
                                                                                                                                       Be alert and vigilant....!
                                                                                                                                  Always have a Backup Plan!!! Because human idiotism doesn't have a cure! Stop highlighting!
                                                     Questions are to be asked, it helps you, me and others.  Knowledge is power, only when its shared to others.            :radioactive: signature contents © cv and Someone....... :wink:

#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:37 PM

Posted 06 March 2015 - 05:40 AM

Hello there,

Hi twagoner :) ,
I see that a lot of entries in your HOSTS file. Did you do it? Are  you a user  of custom hostfie entries ?

Nikhil, those entries are written by SpywareBlaster. They are beneficial and can be ignored.
 

Error: (03/05/2015 05:15:29 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk8\DR8.

twagoner, have you been experiencing any hardware issues recently?
 

allday savings (HKLM\...\C464B0D7-294A-4204-89DA-9FB9B010FDB9) (Version: 2.0.1 - allday savings)
AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.380 - AVG) Hidden
DriverMax 5 (HKLM-x32\...\DMX5_is1) (Version: 5.94.0.830 - Innovative Solutions)
Free Window Registry Repair (HKLM-x32\...\Free Window Registry Repair) (Version: - )

IMO it's best to uninstall those as they are unnecessary - and some can break your system if used.
 

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)

Spybot S&D is no longer recommended for average users... I see that you have MBAM installed, it's best to stick with it.

I am seeing no evidence of any resident antivirus (AV) apps... do you have one installed?

Can you follow JohnC_21's instructions and then inform us of the results.

Regards,
Alex

#7 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:37 PM

Posted 06 March 2015 - 06:53 AM

My bad, that Hosts file is from Spybot S&D Immunization.

It can cause Internet slowdown, so you can reset it after uninstalling Spybot S&D.

Alex

#8 twagoner

twagoner
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Illinois, USA
  • Local time:06:37 AM

Posted 06 March 2015 - 07:46 AM

Thanks for all your help.
I reset Winsock as JohnC_21 suggested and I'm connected!  What a relief.  I will use the computer normally today and make sure all is working.
Alex, I have not been aware of any recent hardware issues.  And I will remove the programs that you have suggested.  You suggested that I reset the host file after uninstalling Spybot S&D.  How do I do that?
I use MicroSoft Security Essentials as my virus protection.  Is that adequate or should I look for a 3rd party program?  To remove the original virus I used MalwareByte and AdwCleaner.  As far as I can tell, I'm uninfected now.
I probably won't be able to post for 24 hours, but I will continue applying your additional suggestions and get back to you.
Again, thanks so much for your help.  
Tom


#9 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:37 PM

Posted 06 March 2015 - 08:06 AM

I reset Winsock as JohnC_21 suggested and I'm connected!  What a relief.  I will use the computer normally today and make sure all is working.

Glad to hear :)
 

You suggested that I reset the host file after uninstalling Spybot S&D.  How do I do that?

You can follow Nikhil_CV's instructions to reset the Hosts file.
 

As far as I can tell, I'm uninfected now.

If you need a check up to make sure that you are clean, please follow the instructions in here and then post in the Malware Removal Logs forum. A helper will walk you step by step through the clean up process.
 

I use MicroSoft Security Essentials as my virus protection.  Is that adequate or should I look for a 3rd party program?

Please read this: Simple ways to keep your computer safe and secure online by Lawrence Abrams aka Grinler (founder of Bleeping Computer)

Microsoft Security Essentials combined with Malwarebytes Anti-Malware, the Windows Firewall and common sense (as outlined by Grinler) is enough for most people.

Since you have Malwarebytes, the AM department should be covered. Just remember to do regular scans if you use the Free version.

Regards,
Alex

#10 Nikhil_CV

Nikhil_CV

    Vestibulum Bleep


  • Members
  • 1,145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:err: Destination unreachable! bash!
  • Local time:05:07 PM

Posted 06 March 2015 - 12:25 PM

Hello twagoner,
Glad to hear things are getting back normal.
About the HOSTS file entries, its just to suppress the annoying ads and popups. It wont prevent any infection nor remove them. What I would suggest is that, you may reset the HOSTS file, go through links provided by Alex, download and install addons like adblockplus, noscript, ghostery in your chrome/firefox (some are available for IE too),
remove the 'Allday' programs from control panel> programs and features.
I also notice you use multiple programs for same purpose like :
for optical drive management, you got Nero, Imgburn etc
for password management, you have lastpass, Passwordagent
for image processing, you have Presto Imagefolio, Picasa,
for pdf , you have adobe acrobat and reader, pdf factory, pdfill etc.
Are you sure you make use of all these redundant software facilities? Else, if you are interested, I or some members can help you retain the right ones for your use and remove others.
I still wonder whats Rinse from rinsebyreal for?
Regards : CV                                                                                                    There is no ONE TOUCH key to security!
                                                                                                                                       Be alert and vigilant....!
                                                                                                                                  Always have a Backup Plan!!! Because human idiotism doesn't have a cure! Stop highlighting!
                                                     Questions are to be asked, it helps you, me and others.  Knowledge is power, only when its shared to others.            :radioactive: signature contents © cv and Someone....... :wink:

#11 JohnC_21

JohnC_21

  • Members
  • 23,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:37 AM

Posted 06 March 2015 - 12:34 PM

The only thing I found regarding Rinse from rinsebyreal was software that cleans up itunes.



#12 twagoner

twagoner
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Illinois, USA
  • Local time:06:37 AM

Posted 06 March 2015 - 01:12 PM

Thats's right, JohnC_21, Rinse is to clean up iTunes.

I never realized I had so many redundant programs.  I'll get rid of the ones I no longer need.  Then I will go through the links Alex provided and post any problems on the malware removal forum.  All of you have been very helpful and fast!

Thanks

Tom



#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:37 AM

Posted 06 March 2015 - 01:45 PM

This topic title most likely will receive a lot of hits during Google searches in the coming days. For others making their way here, read on.

Internet connectivity problems can occur for a variety of reasons to include corrupted networking software installation, third-party software inserting itself into the network adapter settings, misconfiguration or corruption issues with TCP/IP protocol stack and Winsock due to malformed LSP, deletion or incorrect removal of networking software and removal of a malware component which had inserted itself into the winsock. There are some common (but simple) solutions which can help resolve connectivity issues...just follow these instructions.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 hmdeutsch

hmdeutsch

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 01 April 2015 - 04:06 PM

JohnC_21:

 

I created the hidden Administrator Account: net user administrator /active:yes

 

I then logged out and logged in sucessfully into the new Administrator account. I ran CMD as Administrator and reset Winsock: netsh winsock reset:

However I again got the message "access denied"

 

Thanks again for you continued help

 

hmdeutsch



#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:37 AM

Posted 01 April 2015 - 04:18 PM

You have another open topic here.

Please continue in that topic to avoid the confusion that often occurs when trying to help two or more members at the same time in the same thread. Even if your problem is similar to the original poster's problem, the solution could be different based on the kind of hardware, software, system requirements, etc. you are using and the presence of other malware. Further, posting for assistance in someone else's topic is not considered proper forum etiquette.

Thanks for your cooperation.
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users