AV protection 2011 malware

[aznsaiyan1029]

ok when i hit the command "ipconfig/ release" on cmd, an internal error occurred, "please contact microsoft product support services for further help. additional information: unable to query host name."

[DavidR]

Are you using the quotes in the command or just using them for emphasis ?

If just for emphasis, then you could try a google search, etc. for "unable to query host name" (with or without quotes), if that doesn't return anything related to the IPCONFIG command try adding the IPCONFIG to the search string before the "unable to query host name"

Otherwise it will need the services of essexboy when he is next back on the forum as it is now almost 12:25am in the UK.

[aznsaiyan1029]

whenever i type ipconfig or anything liek that in cmd, it gives the message: "an internal error occurred,please contact microsoft product support services for further help. additional information: unable to query host name." Right now I assume my laptop cant even reach the ip address, I'll try a number of method from google search right now.

[aznsaiyan1029]

atm , i did the following:

Go to Start->Run->cmd

netsh int ip reset resetlog.txt
netsh Winsock reset



I tried to reinstall network card, but have no clue how to do that.

[DavidR]

I can't really help practically, but they aren't the commands that essexboy suggested that you try.

[aznsaiyan1029]

ok i tried system restore to restore the laptop back to 4 days ago. everything seems fine now. The virus av protection 2011 (or 2012) instantly disables my internet connection also n creates all this trouble. My other pc (that i used to post my previous posts) however got it again (facepalms*). The virus hides in the window folder in c drive in the form of exe file.

I got this virus from an usual site where I read manga (@ mangafox.com). I believe the site just got infected recently, and i simply got infected from reading online manga? I will try to fix my other pc now with the best I can first. Thank you for the help both of you.

[aznsaiyan1029]

Ok I tried on my window 7 desktop. I believe I removed the virus (i delete the exe file in c drive and run malwarebyte), but I can never repair the internet connection problem from the av protection aftermath effect. I checked my TCP/IP protocol driver and it works fine, but the NetIO Legacy TDI Support Driver is not functioning, with error code 24 on the status. When I do the window network diagnostics, it said one or more network protocols are missing on the computer maybe the problem. Please walk me through on how to get the internet back, thanks.

my desktop is a window 7 ultimate, 32 bit os

[essexboy]

Download  Windows Repair (all in one)  from this site

Install the programme then run

Go to step 2 and allow it to run Disc check


Once that is done then go to step 3 and allow it to run SFC



On the start repairs tab select advanced mode and click start


Select the items ticked(remove the ticks from the rest ) and tick restart system when finished

[aznsaiyan1029]

when i run start repair on the last step and the drive check on the first one. The message "execute processes remotely" keep popping up nonstop saying the processes has stopped working correctly.

I then try the OTL scan, and i start getting some no disk error message in the middle of the scan.

[essexboy]

OK it is respawning time for a bigger hammer

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
  
• Accept the disclaimer and allow to update if it asks

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.[/b]
  

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[aznsaiyan1029]

I think it said some of my internet drives are infected. Here is the log.

[essexboy]

A few more to remove, can you let me know what problems remain on completion of this

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\users\Jenny\AppData\Roaming\dddEK8gRZ
c:\users\Jenny\AppData\Roaming\jD3onG4aQ6W7R9T
c:\users\Jenny\AppData\Roaming\JwkUVelOBx0c1b3
c:\users\Jenny\AppData\Roaming\OaammH6sWK
c:\users\Jenny\AppData\Roaming\YUUUVeelIBtP0
c:\users\Jenny\AppData\Roaming\jbbbD33onG4QHsW
c:\users\Jenny\AppData\Roaming\90D2F
c:\users\Jenny\AppData\Roaming\rbbFF3pmG
c:\users\Jenny\AppData\Roaming\UbbDD3pnn5aQHdK
c:\users\Jenny\AppData\Roaming\mKK77fRL9gTXjUe

Save this as CFScript.txt, in the same location as ComboFix.exe


Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[aznsaiyan1029]

The note pad file freezes when I try to do "save as" in the c drive, but it works fine else where like in desktop. The internet is still not working. Here is the log.

[essexboy]

OK lets check some bits and bobs out now with OTL.  Whatr error do you get when you try to connect to the net ? 

• Run OTL.
• Select All Users
  
• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
tcpip.sys
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open one notepad windows.
  • Attach that log

[aznsaiyan1029]

At the moment, it just seems to unable to detect any wireless connection around the area. When I click on the status on "local area connection", it said "IPv4 connectivity: no internet access" and "IPv6 Connectivity: No network access", does that mean it couldn't detect the proxy setting?
From ipconfig from cmd, the media state of both tunnel adapter isatap.Belkin and tunnel adapter local area connection* 9 are disconnected.
The log is attached.