Zero Access

bigendian1

New Member
Thread author
Nov 16, 2012
10
Think I have a virus problem as indicated in the info I attached but as I'm now don't have internet access via the infected pc I can't load direct and I'm struggling to load some of the suggested software (or rather I can't get things like EZ_SireFix.exe to run via a stick.

Cant run OTL log
 

Attachments

  • bigendianlog1.txt
    1.6 KB · Views: 122

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Hi and welcome to the malwaretips.com forums!

I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:
  • I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
<hr />


Please run the following utility so that I can get a log of your system...
STEP 1 : Run a scan with Combofix
Please read and follow very carefully the below instructions

Download ComboFix from one of the following locations:

COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
----------------------------------------------------------------
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

<ul>
<li>Close any open browsers.</li>
<li>Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
<>Very Important!</> Temporarily <>disable</> your <>anti-virus</>, <>script blocking</> and any <>anti-malware</> real-time protection <em><>before</></em> performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause <em>"unpredictable results"</em>.</li>
<li><>WARNING: Combofix will disconnect your machine from the Internet as soon as it starts</>.Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.</li>
</ul>
-----------------------------------------------------------------

How to run the Combofix scan :
  1. Double click on ComboFix.exe & follow the prompts.
  2. Accept the disclaimer and allow to update if it asks
  3. When finished, it shall produce a log for you.
    [*]Please include the C:\ComboFix.txt in your next reply.

Additional notes:
<ol><li> Do not mouse-click Combofix's window while it is running. That may cause it to stall.</li>
<li> Do not "re-run" Combofix. If you have a problem, reply back for further instructions.</li>
<li> If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.</li></ol>



<hr />
STEP 2: Run the Complete Internet Repair utility.
<ol><li>Download <a title="External link" href="http://www.datum-forensics.com/down/comintrep.exe" rel="nofollow external" rel="nofollow">Complete Internet Repair utility</a>to your desktop</li>
<li>Unzip all the files to their own folder on the desktop</li>
<li>Within the folder double click <>CIntRep</></li>
<li>Select the following items,then press the GO button.
<ul><li>Reset Interent Protocol (TCP/IP)</li>
<li>Repair Winsock (Reset Catalog)</li>
<li>Renew Internet Connection</li>
<li>Flush DNS Resolver Cache</li>
<li>Reset Windows Firewall Configuration</li>
<li>Reset the default hosts fie</li></ul>
</li>
</ol>
<hr />

STEP 3: Run a scan with Farbar Service Scanner

<ol> <li>Download Farbar Service Scanner from the below link.
<><a title="External link" href="http://download.bleepingcomputer.com/farbar/FSS.exe" rel="external">FABAR SERVICE SCANNER</a></> <em> (This link will automatically download Farbar Service Scanner on your computer)</em></li>
<li>Run the ulity and checkmark all the boxes</li>
<li> Click on the Scan button.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/09/fabar.png" /></li>
<li>Add the log that will produce in your next reply.</li></ol>
What's next?

Please post in your next reply:
1.Combofix log
2.Let me know if you had any problems with the above instructions and also <>let me know how things are running now!</>
 
Last edited by a moderator:

bigendian1

New Member
Thread author
Nov 16, 2012
10
Kuttus
Thanks for the offer of help.

As I said in my post. I can't download the software you have directed me to. My infected lap top doesn't have internet access, it appears to be blocked. I'm using another laptop but try as I might (I've used a stick and I've tried burning on to a CD), when I try and transfer across my infected lap top comes up with a error message:

"Installer integrity check has failed. Common cause include incomplete download and damaged media"

Any ideas how I can transfer across?

Trevor
 

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Hi,

Are you using any third party download manager softwares to download files/softwares from Internet? If Yes Disable them first....

Please install Google Chrome on your laptop which have Internet Access and Download the software's using Google Chrome.

After that please transfer those files using a Flash Drive or a USB Drive to the infected computer and Run it...

Try this following steps to fix the Issues with Internet access in the infected laptop.

<ol>
<li>Press the "Windows" and "R" keys. Type "Ncpa.cpl" in Run and click "OK." This runs the Network Connections component within a new window on the screen.
</li><li>Locate the "Local Area Connection" icon. Right-click the icon and click "Enable." The adapter is now enabled. Continue reading if you do not see this icon.</li>
<li>Press the "Windows" and "R" keys. Type "Devmgmt.msc" in Run and click "OK" to open the Device Manager component.</li>
<li>Click the arrow next to "Network adapters." This will expand all network devices installed on the computer.</li>
<li>Right-click the adapter and click "Enable."</li></ol>
 

bigendian1

New Member
Thread author
Nov 16, 2012
10
Kuttus
I've attached the logs as requested. Still cannot get internet access even though the local area connection states that it is enabled and I appear to be connected to my hub. Did have the provider check things from their end but no problem.

Trevor
 

Attachments

  • ComboFix.txt
    27.3 KB · Views: 156
  • FSS log_bigendian1.txt
    2.2 KB · Views: 118

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Hi bigendian,

Welcome back to MT..

How was your week?

Please try the following steps.


STEP-1

Please do one thing. Download Mozilla Firefox in your computer which have Internet and transfer the installation file to the computer which have problems and install it..

Download Mozilla Firefox from here...

STEP -2
Start your computer in Safe Mode with Networking.


  1. Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.
  2. Press and hold the F8 key as your computer restarts.Please keep in mind that you need to press the F8 key before the Windows start-up logo appears.
    Note: With some computers, if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", tap the "F8 key" continuously until you get the Advanced Boot Options screen.
  3. On the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking , and then press ENTER.
    safemode.jpg

Now you need to try to access the Internet in Safe Mode with Networking. Try both the Mozilla Firefox and Internet Explorer to access the Internet...

Let me if you are able to access the Internet in Safe Mode with Networking
 

bigendian1

New Member
Thread author
Nov 16, 2012
10
Hi Kattus. Yep back to work.

I'm afraid no joy. Went into safe mode but couldn't access the internet using either browser.

I've attached the network map showing my current situation. Don't understand what's up. All I know is I couldn't get internet access even though things look okay and McAfee started playing up switching itself off within seconds of me enabling it and warnings that the firewall wasn't working. Is this a virus? If so, it seems a real pig!

Trevor
 

Attachments

  • Network info_Bigendian1.docx
    46.3 KB · Views: 120

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Hi,

Please press the Windows Key and R key on your keyboard together. Now you will get a Run window. Inside that Run Window type NCPA.CPL and press on ok.

Now you will get a Network Connections Window. If possible send me a screenshots of that page..

Is it possible for you to connect the Internet using a Cable? Disconnect the Wireless completely and try to connect the Internet using a Cable and try to access the Internet in Both Normal mode and Safe Mode with Networking...
 

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Hello bigendian1,
I'm Jack... While your computer is running in Normal mode,can you please disable the McAfee firewall and check if you got your internet back??
Then please do this scan:
STEP 1: Run the Complete Internet Repair utility.
<ol><li>Download <a title="External link" href="http://www.datum-forensics.com/down/comintrep.exe" rel="nofollow external" rel="nofollow">Complete Internet Repair utility</a>to your desktop</li>
<li>Unzip all the files to their own folder on the desktop</li>
<li>Within the folder double click <>CIntRep</></li>
<li>Select the following items,then press the GO button.
<ul><li>Reset Interent Protocol (TCP/IP)</li>
<li>Repair Winsock (Reset Catalog)</li>
<li>Renew Internet Connection</li>
<li>Flush DNS Resolver Cache</li>
<li>Reset Windows Firewall Configuration</li>
<li>Reset the default hosts fie</li></ul>
</li>
</ol>
 
Last edited:

bigendian1

New Member
Thread author
Nov 16, 2012
10
Kuttus/Jack
Should confess to uninstalling McAfee in a fit of pique!

Have run the complete internet repair utility - no joy

Have tried to access the internet wireless or cable in both normal and safe mode. Result of internet connection page attached.

Checked cable connection with lap top that worked and all okay plus wireless access fine. So has to be my other machine, either infected or something inside has failed although why did my McAfee play up?

So I'm at a loss short of rebuilding from scratch.
 

Attachments

  • bigendian1_network connections screen shot.docx
    64.8 KB · Views: 114

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Okay.

Please press the Windows Key and R key on your keyboard together. Now you will get a Run window. Inside that Run Window type NCPA.CPL and press on ok.

Now you will get a Network Connections Window.

Just right click on the Wireless network Connection and Enable the connection... After that just restart the computer and try to connect to the Internet..
 

bigendian1

New Member
Thread author
Nov 16, 2012
10
Kuttus
No joy. I've attached another screen shot. You'll see that even with the wireless enabled I have no IPv4 or IPv6 connectivity
 

Attachments

  • bigendian1_network connections screen shot_ver1.docx
    78.3 KB · Views: 112

kuttus

Level 2
Verified
Oct 5, 2012
2,697
For how long you are facing this issue? Do you remember the exact date this issue started?
 

bigendian1

New Member
Thread author
Nov 16, 2012
10
Around this time last week. Out of the blue, lost connectivity and at same time McAfee started playing up and switching itself off.
 

kuttus

Level 2
Verified
Oct 5, 2012
2,697
In this case shall we try to do one System Restore on your computer.

System Restore helps you restore your computer's system files to an earlier point in time. It's a way to undo system changes to your computer without affecting your personal files, such as e‑mail, documents, or photos.

Before you start System Restore, save any open files and close all programs. System Restore will restart your PC.

  1. Open System Restore by clicking the Start button
    k3ap3b.jpg
    Picture of the Start button. In the search box, type System Restore, and then, in the list of results, click System Restore.
    bfl1lh.jpg
    Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  2. If You Have Not Done a System Restore Before.
    Click on the Next button. (see screenshot below)
    34ytxz8.jpg
  3. If You Have Not Done a System Restore Before
    Select (dot) Choose a different restore point, and click on the Next buton. (see screenshot below)
    29dtudv.jpg
  4. Select a restore point where your computer was working fine before.
    NOTE: Check the Show other restore points box to see any restore points (older) that may not be listed here.
    kanx43.jpg


    Click on the Next button.
  5. Click on the Finish button. (see screenshot below)
    NOTE: The listed drives here will be restored back to how they were for the selected restore point.
    iqxxdz.jpg


    Click on the Next button.
  6. Click on Yes to confirm.
    29yrwo7.jpg

Now your compute will restart automatically. It will take some time to complete the system restore point . After completing the restore point successfully you will get a confirmation message as below.
10msn09.jpg


After completing the system restore please try to work on your computer. Check if you are able to access the Internet now.
 

bigendian1

New Member
Thread author
Nov 16, 2012
10
Hi Kuttus. Decided to rebuild the system from my restore discs. Some stuff didn't transfer but at least my lap top can now access the internet.

Not sure what happened but it doesn't appear that I've got a virus.

Wonder if the windows updates that took place last Friday corrupted some of the files/registry. Who knows!

Thanks for your help
 

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Hi Bigendian,

Before doing the system recovery try to do the system restore also...

I wish you good luck with your computer. Please do feel free to get back to us if you have any issues in future and we would be glad to help you out with it.
<hr />

What's next?
  1. Bulild up your malware defenses by starting a new thread in Security Configuration Wizard forum.
  2. Learn how to avoid malware by reading this article <a href="http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/">How to easily avoid malware</a>
  3. Be an active member in the MalwareTips community! :)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top