Avast WEBforum
Other => Viruses and worms => Topic started by: aznsaiyan1029 on November 23, 2011, 08:42:49 PM
-
Recently I got AV protection 2011 malware, my avast av couldnt detect it some how. The malwares tends to block all programs' functions. These are my logs from Malwarebyte, OTL, and aswMBR on the attached files. I couldn't get the rougue killer because it crashes in the middle somehow. I ran those program in safe mode in order to run those programs. I would also like some recommendation on program that helps prevent malware/virus from the net in the future. Thanks.
my system is a XP 2002 sp3 on a laptop.
-
I see you have run Combofix, could I see the log please
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
O4 - HKLM..\Run: [ybDnGa66dW8fXCl8234A] C:\WINNT\system32\AV Protection 2011v121.exe („K„€„‚„„€„‚„p„ˆ„y„‘ „M„p„z„{„‚„€„ƒ„€„†„„)
[2011/11/22 13:02:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\NrlOBtxP0c1b3n
[2011/11/22 13:02:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WG5sQJ7dE8RqYwU
[2011/11/22 12:18:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WVeellOBtzP0
[2011/11/22 12:18:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\C6ddEKK8fRZhYwj
[2011/11/22 02:47:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\uŠJŽnvŒ÷”\•\\’öŽ®W\AV Protection 2011
[2011/11/22 02:47:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\zUVeB0SiDoGamsK
[2011/11/22 02:47:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\oaaQQ6ddEKfR9Yw
[2011/11/22 02:46:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AUUttzP0ycA1
[2011/11/22 02:46:12 | 002,841,088 | ---- | C] („K„€„‚„„€„‚„p„ˆ„y„‘ „M„p„z„{„‚„€„ƒ„€„†„„) -- C:\WINNT\System32\AV Protection 2011v121.exe
[2011/11/22 02:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\KOOBBtxx0ycSiGf
[2011/11/22 02:46:33 | 000,286,208 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\dwme.exe
[2011/11/22 02:46:13 | 002,841,088 | ---- | M] („K„€„‚„„€„‚„p„ˆ„y„‘ „M„p„z„{„‚„€„ƒ„€„†„„) -- C:\WINNT\System32\AV Protection 2011v121.exe
[2011/11/22 02:46:33 | 000,286,208 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\dwme.exe
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
here is the log. At the moment, I notice I logged in without having the av protection 2011 malware popping up at the start.
-
What are you current problems ?
Could you run a fresh OTL scan for me please to ensure that I missed nothing
-
also the Malwarebytes log you posted show that the program have not been updated for many days
always click the update button before you start a scan ;)
-
here is another scan from OTL. Thank you very much for your help.
Edited: I notice I don have access to internet while it still detects my wireless network. The window firewall system also cannot be turned back on somehow.
-
A couple of orphans to remove.. What are your current problems ?
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [xIVrrzONtxA0vSb] File not found
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
Here is the log. i guess the malware is gone now, bc I don't see the program itself anymore. Now I notice my internet and firewall functions are dead, even though it detects the wireless network.
-
OK here we go again - but at least I am getting a routine down for it
Open Services...
Start > Run > Type: services.msc > Click OK
Scroll down to and double click DNS Client
Set to Automatic under Startup type
Click the Apply button
Click the Start button
When it starts click OK
Repeat for DHCP Client.
And repeat for Remote Procedure Call (RPC).
When done, close Services.
Try the connection again
OK run OTL and run the following script as I need to check the dependency files
- Select All Users
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
afd.*
tcpip.*
netbt.*
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
C:\Windows\assembly\tmp\U /s
CREATERESTOREPOINT
-
i cant activiate the dns client, and it said error 1068 anyway here is the log.
-
OK - next area to look at
Click Start, Run and type DEVMGMT.MSC
In the View menu, click Show hidden devices
Double-click Non-Plug and Play drivers section
Double-click the entry AFD, and click the Driver tab
Set the Startup type to System.
Start the service. Note down the error message if any.
Similarly start the two other drivers namely:
TCP/IP Protocol Driver
NetBios over Tcpip
Close Device Manager and restart Windows.
-
the TCP/IP Protocol Driver doesn't seem to function
i got code 22 i think.
-
Could you go to start > run and enter the following commands pressing enter after each line
IPCONFIG /RELEASE
IPCONFIG /RENEW
IPCONFIG /ALL
-
when i type in ipconfigure in run. the black window pops up n disappear right away. very wierd.
-
It will as it opens a command window (black window) and runs the command and closes the window.
Could you go to start > run and enter cmd, this will open a command window, which will stay open. Then you can type the commands into the command window and get the results, make sure you have a space after the IPCONFIG before the /RELEASE etc.
-
ok when i hit the command "ipconfig/ release" on cmd, an internal error occurred, "please contact microsoft product support services for further help. additional information: unable to query host name."
-
Are you using the quotes in the command or just using them for emphasis ?
If just for emphasis, then you could try a google search, etc. for "unable to query host name" (with or without quotes), if that doesn't return anything related to the IPCONFIG command try adding the IPCONFIG to the search string before the "unable to query host name"
Otherwise it will need the services of essexboy when he is next back on the forum as it is now almost 12:25am in the UK.
-
whenever i type ipconfig or anything liek that in cmd, it gives the message: "an internal error occurred,please contact microsoft product support services for further help. additional information: unable to query host name." Right now I assume my laptop cant even reach the ip address, I'll try a number of method from google search right now.
-
atm , i did the following:
Go to Start->Run->cmd
netsh int ip reset resetlog.txt
netsh Winsock reset
I tried to reinstall network card, but have no clue how to do that.
-
I can't really help practically, but they aren't the commands that essexboy suggested that you try.
-
ok i tried system restore to restore the laptop back to 4 days ago. everything seems fine now. The virus av protection 2011 (or 2012) instantly disables my internet connection also n creates all this trouble. My other pc (that i used to post my previous posts) however got it again (facepalms*). The virus hides in the window folder in c drive in the form of exe file.
I got this virus from an usual site where I read manga (@ mangafox.com). I believe the site just got infected recently, and i simply got infected from reading online manga? I will try to fix my other pc now with the best I can first. Thank you for the help both of you.
-
Ok I tried on my window 7 desktop. I believe I removed the virus (i delete the exe file in c drive and run malwarebyte), but I can never repair the internet connection problem from the av protection aftermath effect. I checked my TCP/IP protocol driver and it works fine, but the NetIO Legacy TDI Support Driver is not functioning, with error code 24 on the status. When I do the window network diagnostics, it said one or more network protocols are missing on the computer maybe the problem. Please walk me through on how to get the internet back, thanks.
my desktop is a window 7 ultimate, 32 bit os
-
Download Windows Repair (all in one) from this site (http://www.tweaking.com/content/page/windows_repair_all_in_one.html)
Install the programme then run
Go to step 2 and allow it to run Disc check
(http://i1224.photobucket.com/albums/ee362/Essexboy3/Capture3.gif)
Once that is done then go to step 3 and allow it to run SFC
(http://i1224.photobucket.com/albums/ee362/Essexboy3/Capture.gif)
On the start repairs tab select advanced mode and click start
(http://i1224.photobucket.com/albums/ee362/Essexboy3/Capture1.gif)
Select the items ticked(remove the ticks from the rest ) and tick restart system when finished
-
when i run start repair on the last step and the drive check on the first one. The message "execute processes remotely" keep popping up nonstop saying the processes has stopped working correctly.
I then try the OTL scan, and i start getting some no disk error message in the middle of the scan.
-
OK it is respawning time for a bigger hammer
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216)
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
(http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png)
(http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png)
- When finished, it shall produce a log for you.
- Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
-
I think it said some of my internet drives are infected. Here is the log.
-
A few more to remove, can you let me know what problems remain on completion of this
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
Folder::
c:\users\Jenny\AppData\Roaming\dddEK8gRZ
c:\users\Jenny\AppData\Roaming\jD3onG4aQ6W7R9T
c:\users\Jenny\AppData\Roaming\JwkUVelOBx0c1b3
c:\users\Jenny\AppData\Roaming\OaammH6sWK
c:\users\Jenny\AppData\Roaming\YUUUVeelIBtP0
c:\users\Jenny\AppData\Roaming\jbbbD33onG4QHsW
c:\users\Jenny\AppData\Roaming\90D2F
c:\users\Jenny\AppData\Roaming\rbbFF3pmG
c:\users\Jenny\AppData\Roaming\UbbDD3pnn5aQHdK
c:\users\Jenny\AppData\Roaming\mKK77fRL9gTXjUe
Save this as CFScript.txt, in the same location as ComboFix.exe
(http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif)
Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
-
The note pad file freezes when I try to do "save as" in the c drive, but it works fine else where like in desktop. The internet is still not working. Here is the log.
-
OK lets check some bits and bobs out now with OTL. Whatr error do you get when you try to connect to the net ?
- Run OTL.
- Select All Users
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
tcpip.sys
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
CREATERESTOREPOINT
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open one notepad windows.
- Attach that log
-
At the moment, it just seems to unable to detect any wireless connection around the area. When I click on the status on "local area connection", it said "IPv4 connectivity: no internet access" and "IPv6 Connectivity: No network access", does that mean it couldn't detect the proxy setting?
From ipconfig from cmd, the media state of both tunnel adapter isatap.Belkin and tunnel adapter local area connection* 9 are disconnected.
The log is attached.
-
OK lets run some commands from an elevated prompt
Go to Start > All Programs > Accessories
Right click the Command Prompt and select Run as Administrator
Type the following commands in the black box that appears pressing enter after each line :
netsh winsock reset catalog
netsh int ipv4 reset reset.log
netsh int ipv6 reset reset.log
IPCONFIG /ALL
Reboot and let me know of any connection errors
-
When I enter the "netsh int ipv6 reset reset.log" prompt, it said there's no user specified setting to be reset. There is still no internet. :(
-
OK to continue the search
Now do the following
Click Start, Run and type DEVMGMT.MSC
In the View menu, click Show hidden devices
Double-click Non-Plug and Play drivers section
Double-click the entry AFD, and click the Driver tab
Set the Startup type to System.
Start the service. Note down the error message if any.
Similarly start the two other drivers namely:
TCP/IP Protocol Driver
NetBios over Tcpip
Close Device Manager and restart Windows.
THEN
Re-run Combofix and allow it to update if it asks
-
There are no AFD and NetBios over Tcpip , but AFS and NETBT. I also there is an error icon on PCI Simple Communications Controller saying the driver is not installed, will that be the case of the problem?
-
Go to Start > All Programs > Accessories
Right click the Command Prompt and select Run as Administrator
Enter the following command
sfc /scannow
Let me know if that finds any errors
-
"Windows Resource Protection did not find any integrity violations", so nothing is wrong from the scan.
-
What make is your computer ? HP ?
-
Gateway
-
Could you follow the steps on this page please http://support.gateway.com/s/issues/2-2408194883.shtml
-
My computer is in window 7 ultimate version atm, so I don have the hardware recovery option, and when I just try regular system recovery I get some error. My hard drive is a gateway gt5628 series.
The error:
System restore failed to extract the file
(C:\\Windows\$NtUninstallKB46766$\2037197674)from the restore point.
The restore point was damaged or was deleted during the restore.
-
OK let me check that out
-
Do you think there is any specific drive that I need to download from here to fix the problem? Just wondering.
http://support.gateway.com/us/en/product/default.aspx?tab=1&modelId=2995
-
Do you think there is any specific drive that I need to download from here to fix the problem? Just wondering.
http://support.gateway.com/us/en/product/default.aspx?tab=1&modelId=2995
The Intel Pro NIC driver referenced in this link is for Vista x86. You stated that you have WIN Ultimate x64? installed.
Did you upgrade your OS from Vista x86 to Win 7 Ultimate x64?
-
yea, I believe so. I got it from some1 else, and its already window 7 ultimate version.
-
If you want to fix your NIC driver, try this.
Right click on your NIC entry in Device Manager and then select "Search Automatically For Updated Driver." See my attached screen shot. If that doesn't find anything, then try the other option.
-
I tried that option already, but on the PCI simple communications controller, it said the driver is missing, and I have trouble finding/knowing the correct drive to fix the error icon on it.
-
You can try the Intel web site: http://www.intel.com/p/en_US/support/detect/network (http://www.intel.com/p/en_US/support/detect/network)
Note: Many OEMS use modified hardware. The Intel drivers might or might not work.
It is entirely possible that a Win 7 driver does not exist for that NIC. In that case, I suspect whomever install Win 7 on that PC used the Vista x86 or x64 driver from the Gateway site. Some of the Vista drivers do work under Win 7. I use a Vista x64 driver on WIN 7 x64 for my old HP printer since HP does not offer a WIN 7 driver for it. Works with about 90% functionality.
Your pretty much in a "try it and see if it works" mode here.
-
Lets check all the services - I have found a batch file that will do it for me
Please copy all in the below quote box:
@echo off
echo Please post back the %SystemDrive%\MyNICDetails.txt on your next reply
echo.
echo CheckMyNIC by AdvancedSetup >%SystemDrive%\MyNICDetails.txt
echo ... >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc dhcp >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex dhcp >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc TCPIP >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex TCPIP >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc Afd >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex Afd >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc NetBT >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex NetBT >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc NetBIOS >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex NetBIOS >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc Lmhosts >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex Lmhosts >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc Dnscache >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex Dnscache >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc PolicyAgent >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex PolicyAgent >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc Nla >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex Nla >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc lanmanserver >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex lanmanserver >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc IPSEC >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex IPSEC >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc RPCSS >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex RPCSS >>%SystemDrive%\MyNICDetails.txt
pause
Save in Notepad as "MyNICDetails.bat" with the quote marks.
Save as type All Files to Desktop.
Once saved transfer to the infected computer's Desktop.
Click the file and post back the text file it produces please.
The text file will be located here: C:\MyNICDetails.txt
-
After I transfer the file and click on it, only the cmd window pops up awaiting for commands.
-
Could you replace pause with exit
-
Having said that I have just run it on my system again and it works - could you confirm that you run it as admin ?
Also could you check the c drive for the text file
-
I just ran it in XP Pro and it also worked as expected
@ aznsaiyan1029 - I believe that is the Pause at the end of the batch file, that places the waiting, etc.
when you press any key it closes the command window and should generate the c:\MyNICDetails.txt file.
Did you press any key to close the window ?
If so check the C:\ drive for the MyNICDetails.txt file.
-
I tried replacing with "end" and ran it as administrator, but its still the same.
The cmd stays up, awaiting for commands with some text before it.
"Please post back the C:MyNICDetails.txt on your next reply
CheckMyNIC by AdvancedSetup C:MyNICDetails.txt
... C:MyNICDatails.txt
Microsoft Windows -Version 6.1.7600]
Copy right <c> 2009 Microsoft Corporation. All right reserved.
C:\User\Jenny\Desktop>"
-
Never mind. Somehow my copy function omitted all the ">" sign. Here is the file. Sorry for the trouble.
-
I just found this thread where people discussed how they fixed their PCI Simple Communication Controller issues: http://social.microsoft.com/Forums/en-US/whssoftware/thread/9adcf4df-0dfd-47f0-a955-2dd1cb56e151/
Appears to me this is just a modem driver. If your connected via broadband, you don't even need it.
-
if the pci driver is not the case, then I have no idea what is preventing me from accessing to internet.
-
Follow the procedure given in that Microsoft link on how to id your controller. Then go to the PCIDatabase site that is referenced to see if it has a driver for your controller. Note that it should have instructions on how to install the driver which I suspect would be the manually method.
I know from experience that Intel modem and NIC drivers are a bear to install at times.
-
I may let essexboy to handle this first. :p
-
Well the log states that all services are running (I ran a comparison on my system to be sure)
But by scouring my system there is one file that you should have - but I will need to locate all copies using OTL to confirm it is in the right place
Copy/paste the following into the custom scan fixes box and then press quick scan
/md5start
ipsecsvc.*
ipsec.*
/md5stop
-
Here is the log.
-
Procedure seems straightforward to me:
Hi, I have found the solution. If you go in device manager, click on the pci simple communications controller, go in property and then go in details. You will see a code like per example PCI/VEN_8086&DEV_27D8&SUBSYS...
The VEN code means vendor and the DEV code means device: in my case the vendor is 8086 and the device is 27D8.
Once you have the two codes, go to www.pcidatabase.com. Enter the two codes and you should get the name of your
hardware. From there you can search for a driver download for your hardware.
In my case the pci simple communications controller was a Microsoft UAA Bus HD audio. I also had another pci
device that didn't work properly, using the same method I found out that my pci device was an HSF PCI internal modem with code number CX11252-11. I had a hard time downloading one of the drivers, after 6 or 7 times the download started so be patient if you have the same hardware
.
NOTE: to access the device manager, go in control panel, then performance and maintenance, system, hardware and finally device manager.
-
Yea i found that in device manager, but it has nothing on the detail tab. The Device status gives code 28.
-
Under the Property setting, you have to select Hardware IDs.
-
System Information show also show the device id:
-
I see, mine is 8096 and 29c4 respectively. It belongs to intel, i may take a look in the intel site now.
-
I downloaded a drive from (http://downloadcenter.intel.com/confirm.aspx?httpDown=http://downloadmirror.intel.com/13477/eng/MEI_AMT_allOS_3.0.30.1086_PV.zip&lang=eng&Dwnldid=13477)
After the installation the PCI error on the drive is gone, but the internet is still not fixed. Maybe it is not related to my internet problem on the pc.
-
Try this again from the command prompt in a command window:
IPCONFIG /RELEASE
IPCONFIG /FLUSHDNS
IPCONFIG /RENEW
IPCONFIG /ALL
Copy the output from the ipconfig /all to a text file in Notepad. Then blank out your MAC address for the NIC. Then copy and post the modified output.
-
Here is the ipconfigall i copied from the output.
-
But all the rest appears functional
-
Am I using any incompatible drive somehow? Because my laptop detects the wireless with no problems, my desktop however detects nothing, not even the wifi from next doors.
Using window network diagnostics, it said the network's proxy setting is the case. how do i check if the proxy i use is right or wrong?
-
Open a command prompt window and enter:
ping 192.168.2.1
You should not receive any timeouts. If you can ping the router, I have to assume the router is the problem.
I agree router lease info looks hosed to me. This could be the problem. The clock for the router has to sync just like the PC clock has to.
-
Whar date is shown in current time setting for you desktop; the PC you can't connect to the Internet? Is the date November 29?
-
this is what i got after the ping command. I don understand, because the desktop is perfectly fine until the malware attack av protection 2011. I believe my router should be fine. Will the file deletion of some sort from malwarebyte I used back then be the cause of all this mess?
Yes the date is shown correctly as 11/29/2011.
-
It is curious as you can ping the computer
I am running another one similar to this at G2G at the moment and that is just as baffling
Could you go to Start > All programs > Accessories
Right click Command prompt and select run as administrator
In the black box that opens type the following bolded command
IPCONFIG /ALL
Right click in the command window and choose Select All, then hit Enter.
Paste the results in a message here.
-
Well, you have connectivity to the router. However the lease obtained via DHCP is not right.
I did note this from the ipconfig output:
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Intel(R) 82562V-2 10/100 Network Connecti
on
Notice the DNS suffix says Belkin but the LAN chipset referenced is Intel. My PC is blank after Connection-specific DNS Suffix . :
-
essexboy, I posted the log on reply 72 about the ipconfig/all there. Thanks.
-
Windows IP Configuration
Host Name . . . . . . . . . . . . : Jenny-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Intel(R) 82562V-2 10/100 Network Connecti
on
Physical Address. . . . . . . . . : 00-19-D1-E6-52-74
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f95f:680b:e827:25c%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, November 29, 2011 3:39:35 PM
Lease Expires . . . . . . . . . . : Wednesday, November 28, 2012 3:39:35 PM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 234887633
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-AD-79-61-00-19-D1-E6-52-74
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.Belkin:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
-
First, Connection-specific DNS Suffix : should not be your router name which I assume is a Belkin? There should be only an entry there if your ISP requires it and it would take the form of xxxxxxx.com etc.
I have seen enough to say a "hard reset" of the router is required. If you don't know what I am talking about or don't know how to do it, call your ISP provider and they will walk you through it. This is extremely important since it will reset the router to the default manufacturer setting or those set by your ISP if they provided the router/DSL modem. Again, all settings will be wiped on the router including the wireless settings you are now using connect with on your notebook.
Lets see what Essexboy says.
-
Let say my router has problem, but how come my desktop cant detect the other wifi from my neighbors while my laptop can?
-
One other point.
If your router is a Belkin Model F5D7230-4, Hardware ver. 2000, Firmware ver. 4.05.03, the firmware should upgraded or the router replaced.
This router can be hacked via a DNS rebind attack.
-
I assume your router is a combo ethernet and wireless. The wireless connection is a separate connection from the ethernet connection. Luckily, your wireless connection appears to be OK.
-
I can connect to my router on this desktop with no problem, and it even said the internet status in connected. There is just an annoying little yellow sign on the icon saying no internet access. My firmware is up to date. Before the malware problem, both laptop and desktop worked fine. I believe there maybe some wrong setting of my network or corrupted file like registry. I remember I deleted some registry through malware byte last week.
-
Are you now saying that your have no Internet issues on the desktop PC that was infected other than "this annoying little yellow sign" inside your network connectivity icon located on the right side of your lower task bar?
-
When I connected to the router ping's address (the router setting page 192.168.2.1), it said the internet status is connected. there is the yellow warning icon on the internet icon saying no internet access when I move my cursor over.
-
Try this.
Go into the Avast GUI. Select Real Time Shields. Then Web Shield, then Expert Settings. Place a checkmark in the Scan traffic from well-known browsers only. Leave the checkmark for Enable Web Scanning in place. Click on the OK button button.
Then shut down the Avast GUI and reboot your PC. After the boot completes. the yellow icon in the Network Connectivity icon on the lower task bar should be gone.
Now try to connect to the Internet.
I told Avast about this issue in the 6.0.1289 release and they never fixed it. Only applies to WIN 7 as far as I am aware off. Don't know if they fixed it in the new version. I will have to test that.
-
i removed all the anti virus program including avast, should i redl it apply the setting?
-
Lets see if windows can determine the problem
1. Click Start, and then click Help and Support.
2. Under Pick a task, click the link to Use Tools to view your computer information and diagnose problems, and then click Network Diagnostics in the list on the left.
3. Click Scan your system. The Network Diagnostics tool collects configuration information and performs automated troubleshooting of the network connection.
4. When the process is complete, look for any items that are marked "FAILED" in red.
-
I don have internet access on it, so after I click windows help and support, it only tell me to put in key word in the search bar. When I go the window network diagnostics, all it said is " windows could not automatically detect this network's proxy settings" like i mentioned in earlier posts.
-
Try this. Click on Troubleshoot problems from this screen.
-
BTW - Is your firewall on? Are you using the WIN 7 firewall in it's default configuration?
You should not be connecting to the Internet without at least an operational firewall with inbound protection. More so without any AV installed.
-
Go to this site https://skydrive.live.com/?cid=32D8666F4048075B&id=32D8666F4048075B%21117&sc=documents and download Microsoft Fix it 50566
Copy to the affected system
And run
-
Ok I did the trouble shooting. Netwrok adapter is working fine. I have no clue how to do the shared folders one and incoming connections one.
The internet connections trouble shooting gives me the same message as I said on the previous post.
homegroup - window firewall incorrectly configured - fixed
- homegroup needs to be refreshed- fixed
incoming connection - window needs more info to diagnose the problem - error sign
i ran the microsoftfixit50566 and did not fix the problem.
-
(http://www.keepandshare.com/userpics/a/z/n/s/aiyan1029/2011-11/sm/php1jmgajpm-57908252.jpg?ts=1322692928)
(http://www.keepandshare.com/userpics/a/z/n/s/aiyan1029/2011-11/sb/phpexkp3wpm-65987771.jpg?ts=1322692928)
(http://www.keepandshare.com/userpics/a/z/n/s/aiyan1029/2011-11/sb/phpw7h5xnpm-53682163.jpg?ts=1322692929)
-
Could you try to set up a new wireless connection please
-
Let me ask some basic questions. Please bear with me.
Have you checked all your ethernet connections? At the PC and at the router. Are all your router idiot lights lit indicating all connections are active?
Finally did your ISP give your directions on how to set up your broadband connection? Did you check those all out? For example, your ipconfig output indicates that DNS is being provided by the a DNS server on the router. Some ISPs require this be overridden by specifying you enter IP addresses for their servers into TCP/IP settings. Finally, did your ISP assign you a static IP address versus having it dynamically assigned?
-
I also would like to check out this proxy server business.
Open up your browser and post a screen shot of your LAN settings. There should be no info in the proxy server settings. Below is where you do it in IE and what the settings should be.
-
yea the ethernet is connected, because if i unplug them the yellow icon on the bottom bar will turn into an error red cross instead. The lights are all blinking fine. When I check the status from local area connection status, there are activity going on except it shows no internet access on ipv4 connectivity and ipv6connectivity. I also make sure the proxy server box is unchecked on IE and with automatically detect settings checked only.
-
My wlan setting is dynamic, because back then the internet just worked without myself knowing what the isp username and the password are. Therefore I have no idea how to set up a new wireless.
-
I am looking at services tab on system config and I see something maybe related to all this internet chaos. The status of wired autoconfig, PnP- X IP Bus Enumerator, Mircrosoft iSCSI Initiator Service, WLAN AutoConfig, WWAN AutoConfig are all stopped. When I was messing around in the device manager n try to update drivers like WAN Miniports, it said "windows found driver software for your device but encountered an error while attempting to install it". Will any of this be the cause of the problem? Thanks.
(http://www.keepandshare.com/userpics/a/z/n/s/aiyan1029/2011-11/sb/untitled-27852712.jpg?ts=1322724729)
-
Wow I don't know what happened, but after I use window update with the new service pack. The internet works now. Thank you very much for the help and your time everyone. I will go make a restore point now while I can.
-
I somewhat assumed you were on SP1 for WIN 7. I guess that should have been asked.
Yes, a service pack update will replace many existing OS files including those dealing with networking.
BTW - make sure you install at least an anti-virus before you start connecting to the Internet again. Otherwise, you could be infected within minutes.
-
I am glad there was a resolution as there are so many elements that affect networking we could end up going aroun in circles. This malware appears to break bits at random, normally a check of netbt or netbios resolves it
Thank you for the update it is another avenue that I could try