Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winsock Corruption


  • Please log in to reply
7 replies to this topic

#1 crescent222

crescent222

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Location:New York
  • Local time:06:45 PM

Posted 27 November 2006 - 10:36 PM

Problem: No network/Internet connection

Known: ipconfig comes up with 0.0.0.0; ipconfig /renew or ipconfig /release don't help
ping command : Unable to initialize Windows Sockets Interface, error code 0
netsh command : Initialization function INITHELPERDLL in IPMONTR.DLL failed to start with error code 10107

msinfo32/Components/Network/Protocol has only 2 categories, not the 10 it is supposed to, according to Microsoft page http://support.microsoft.com/kb/811259 (How to recover from Winsock2 corruption)

Attempts to delete Winsock and Winsock2 in registry fail. Winsock goes away, but winsock2 hangs the regedit applicaton. It cannot be renamed either.

Reinitialized ipmontr.dll from copy on c:\i386, but that did not help to run netsh command again.

Running WinSockXPFix did not work.
Running sfc /scannow did not work- it did not ask for any installation CD
Made sure RPC and RPC Locator were running; that did not help sfc /scannow

Still have logo1_.exe roaming my system and it keeps coming back with some registry entry in HKLM/Software on reboot.

Computer is slow on booting; user's name does not come up on Task Manager for a while.

Computer OS: Microsoft Windows XP Service Pack 1

Antivirus scans found all kinds of stuff:
cpush.dll adware.sogou from web.sogou.com
ntfis.exe
df5fe689.exe
quartz32.dll
rundl132.exe - w32/Looked-AX
qproecss.exe - alexa
smtpconfs.dll - 8NASCAR
richdll.dll - HLLP.philis.dll
Downloaders
VB.AON
VB.AOL
Hijacker.Agent.A
Istbar.ai
Psyme.cm
Adware.Agent.m
Small.cl
VB.eu
Trojan.Delf.mc
Hijacker.StartPage.amb
Downloader.Agent.yd
c:\windows\system32\drivers\rgwatch.sys
c:\windows\system32\quartz32.dll
downloader.vb.eu
trojan.delf.mc
rundl132.exe

Any suggestions? I am close to saying Windows has to be reinstalled.

BC AdBot (Login to Remove)

 


#2 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:12:45 AM

Posted 28 November 2006 - 03:02 AM

Is there a particular reason why you still are on SP1? Your PC is now elligable to be infected by all kinds of ......

#3 mommabear

mommabear

  • Members
  • 492 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 28 November 2006 - 08:00 AM

Information about winsock repair and these two tools are at:

http://www.cit.cornell.edu/computer/security/spyware/WinFix/
http://www.cit.cornell.edu/computer/securi...are/repair.html

Tools:

http://www.spychecker.com/program/winsockxpfix.html

http://www.cit.cornell.edu/computer/securi...ctures.html#fix

I've used winsockxpfix (the first one). Sorry it didn't work for you. Maybe the second one will work.

#4 nlinecomputers

nlinecomputers

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 28 November 2006 - 08:06 AM

Your system is badly infected. Go to Hijackthis forum follow the instructions at the top of the page on how to post a hijack this log and let one of the people there walk you through a proper fix.
How to kill a programmer: Give him a shampoo bottle.
Lather, Rinse, and Repeat

http://www.wtc7.net

#5 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:07:45 PM

Posted 28 November 2006 - 09:52 AM

Do not try to install SP2 at this point, it will not install on an infected computer.

I agree with the earlier advice to go to the HJT forum here at BC. Read the Preparation Guide found HERE.
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#6 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:07:45 PM

Posted 28 November 2006 - 10:56 AM

With that level of infection you'll need the expert help mentioned above. Also, with that level of infection it may break stuff that the HJT Team can't fix - just post back here when the log is done and we'll help to fix the problems.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:45 PM

Posted 28 November 2006 - 09:48 PM

Most Internet connectivity problems arise out of corrupt Winsock settings due to the installation of a networking software or Malware infestation. Broken Internet access can be caused by various types of Layered Service Provider (LSP) software installed on a system. LSPs are designed to integrate directly into the computer's TCP/IP layer - the protocol used to communicate on the Internet. LSPs are installed in such a way that each LSP in the TCP/IP handler are chained together. However, due to Winsock Hijackers, bugs in some LSPs, deletion of the software or incorrect removal, this chain can become broken resulting in loss of ability to connect to the Internet. Posting a hijackthis log as directed will help to identify the responsible file.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:07:45 PM

Posted 29 November 2006 - 08:51 AM

Visitor has posted a log and is being helped by D-Trojanator.

LINK
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users