Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DCHP and DNS Issues after removing Trojan


  • Please log in to reply
5 replies to this topic

#1 Belwell

Belwell

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 05 January 2016 - 09:49 PM

Today I was determined to completely remove the awful Trojan:Win64/Patched.AZ.gen!dll that has been killing my computer lately. After booting into safe mode and running SFC /scannow I booted up and it looked like it was gone, but my internet wasn't working. I was still on the network, just no internet connection. 5 hours of trial, error, and reading posts on this forum, I have come to the conclusion that this is over my head and I must have communion with the PC gods to gain their blessings to heal my computer. 

 

The two big issues I can see are that the DHCP and DNS Client services are not running, and when I manually try to start them I get the Error Code: 5 Access Denied. At one point I was able to get the DNS  Service to work, but I couldn't replicate that after a reboot. 

 

Yes, I've tried Run as Admin, and adding permissions in the registry, no luck.  

 

Mircosoft Security Essentials had identified the dnsapi.dll file as corrupted, and while it tried to quarantine it many times it never could.

 

Here is my FarBar report:

Farbar Service Scanner Version: 03-01-2016
Ran by editor (administrator) on 05-01-2016 at 18:35:08
Running from "E:\"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.
 
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
 
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
 
NSI, TDX, AFD all seem to be in place and working, so I'm at a loss. 
 
Please help me PC gods, your my only hope. 

Edited by hamluis, 06 January 2016 - 07:55 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 hena

hena

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 06 January 2016 - 04:37 PM

I couldn't find anything wrong with this log, except the google IP. And I have a question. Why are you running FSS from E:/



#3 Belwell

Belwell
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 06 January 2016 - 06:29 PM

The computer wasn't able to get on the internet at the time, so I downloaded FSS on another computer and dropped it over the network to the E: drive. Does it matter? 



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:01 PM

Posted 06 January 2016 - 10:40 PM

Give this try.

http://answers.microsoft.com/en-us/ie/forum/ie8-windows_other/reconnect-to-the-internet-after-cleaned-trojan/afef9c7c-6051-4340-bf77-757791d2a19c?db=5&auth=1
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Belwell

Belwell
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 11 January 2016 - 09:05 PM

Thanks Boopme, but that didn't work. 

 

I finally found the correct Windows disc and ran the repair function. After booting back into Windows both the DNS service and DHCP client were correctly started and running. Yay! I am able to see and access the rest of my network, no problems at all. I open up a web browser, and I have no connectivity. Specifically Chrome has the DNS_Probe_Finished_NXDomain issue. I went through all of the suggested fixes on the first two pages of search results on Google, and still no luck. I can successfully ping google, but Firefox, Chrome, and even Internet Explorer will not connect. 

 

Any Ideas? 

 

Thanks



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:01 PM

Posted 12 January 2016 - 04:26 PM

Better to start a topic in Networking .. those guys probably have a fix., as its no malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users