I got a virus. All sorts of programs suddenly installed themselves or opened websites like trovi on a browser mybrowser that had just installed itself. Along with pc speed up and cinemaplus and a dozen more. I tried to open the task manager and it failed. I downloaded malwarebytes but so many programs were opening at once I had to turn it off before using it. Turned it back on and it was a mess. Went into safe mode. Fixed taskmgr with scn /scannow ran rkill tdsskiller and malwarebytes. This took a few reboots. It found a backdoor and a rootkit (ten red items I removed). Then I went about asking all the malware to uninstall itself. Then I had malwarebytes run a full scan and removed hundreds of yellow items (pup).
I thought I'd won but my Windows now cannot connect to my router or internet. I am not sure this is all of why but in services.msc dhcp and dns services will not start. They say error 5 access denied. I tried editing the permissions as per another forum thread but I couldn't get either service to start. Apparently that first time I turned off my computer my virus disabled them (or maybe when malwarebytes killed the virus).
Trying to diagnose the conncection and let windows fix it results in a general troubleshooting error.
I thought someone might ask me to run combofix... So I did. The log file contains only a single "I". The system seems fine otherwise. Except the ncidia display driver service also won't start possibly unrelated.
Pinging 127.0.0.1 works. Lunging 126.96.36.199 does not. I uninstalled a winpk filter from my connection connection properties because it sounded suspicious when googled.
The network sharing center lists the connection as endlessly identifying. If I set an up for my computer (it is usually dhcp'd) I can get the connection to show instead as unidentified public network but it still won't connect to anything.
It is hard to look for help without the internet working... So I'd be willing to find a bandaid fix to connect without fixing the underlying windows service problems... If such a thing is even possible. I've never had a virus disable my internet before. What is the point of a backdoor that disabled the targets internet?
I do not have any restore points they wouldnt for on my old sad...which I now regret. Below are upcoming /all farbar service scanner logs
indows IP Configuration
Host Name . . . . . . . . . . . . : Win7-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home
thernet adapter Local Area Connection 3:
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : B8-97-5A-18-71-9E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::15b9:516b:8cde:3cd0%29(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.60.208(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 2001:4860:4860::8888
NetBIOS over Tcpip. . . . . . . . : Enabled
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
Edited by hamluis, 26 October 2015 - 05:57 PM.
Moved from Win 7 to Am I Infected - Hamluis.