Author Topic: HAVE AN ERROR had a virus now no internet Please, Please help  (Read 18470 times)

0 Members and 1 Guest are viewing this topic.

Donjuan

  • Guest
HAVE AN ERROR had a virus now no internet Please, Please help
« on: January 09, 2012, 05:38:28 PM »
Woke up this morning with no Internet. Avast said I had a virus, and shut down the Internet. Also my web shield was turned off and will not turn back on. Seems I had an error also something about mail. 10010 I think it was. I did a boot scan last night before bed.  I seen one virus. It was quarantined then went to sleep, woke up with this.  I am using xp home. So after reading many blogs and trying a lot of stuff I removed avast from add/remove, I also tried repairing here also. I still have no Internet.  Please help
« Last Edit: January 11, 2012, 05:59:44 AM by Donjuan »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37527
  • Not a avast user
Re: had a virus now no internet Please, Please help
« Reply #1 on: January 09, 2012, 06:08:02 PM »
Quote
Woke up this morning with no Internet
hmmmm....sounds like a Blues song   ;D



Quote
Avast said I had a virus, and shut down the Internet
do you remember the name avast gave ?



OK follow this guide and attach the logs
http://forum.avast.com/index.php?topic=53253.0


since you have no net...download from another computer and move the tools over using a USB stick


Essexboy is notified and should be here in 2-3 hours


Donjuan

  • Guest
Re: had a virus now no internet Please, Please help
« Reply #2 on: January 09, 2012, 06:35:22 PM »
Iam currently looking for a stick, and the fact that i took some advice from a blog that said to delete Avast, might come into play?

And thank you so very much in getting back to me:):):)

Donjuan

  • Guest
Re: had a virus now no internet Please, Please help
« Reply #3 on: January 09, 2012, 06:51:45 PM »
the virus was something java

Donjuan

  • Guest
Re: had a virus now no internet Please, Please help
« Reply #4 on: January 09, 2012, 07:35:59 PM »
i am tying to get into my modem at 192.168.2.1  and con not even connect to my modem

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: had a virus now no internet Please, Please help
« Reply #5 on: January 09, 2012, 08:37:34 PM »
The latest trick of some malware is to delete some registry service keys

run farbar service scanner


Tick "Internet services" and "Windows Firewall" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Donjuan

  • Guest
Re: had a virus now no internet Please, Please help
« Reply #6 on: January 09, 2012, 09:43:33 PM »
ok ty for getting back to me, I am currently waiting for a stick so i can put this program on my computer, as i have no internet on my computer

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: had a virus now no internet Please, Please help
« Reply #7 on: January 09, 2012, 10:53:06 PM »
Do you have access to another computer with the same version of windows - as we may need to export some registry data

Donjuan

  • Guest
Re: had a virus now no internet Please, Please help
« Reply #8 on: January 09, 2012, 10:55:09 PM »
Farbar Service Scanner
Ran by User (administrator) on 09-01-2012 at 16:52:10
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open IpSec registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open IpSec registry key. The service key does not exist.


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled. The default start type is Auto.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(8) Gpc(3) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
Attention! IpSec Tag value is missing and it should be 5

**** End of log ****

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: (REPLIED WITH SCAN LOG) had a virus now no internet Please, Please help
« Reply #9 on: January 09, 2012, 11:42:22 PM »
Quote
IpSec Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open IpSec registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open IpSec registry key. The service key does not exist.
Attention! IpSec Tag value is missing and it should be 5

Would you be happy going into regedit and exporting the following key and posting the data here ?

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IpSec]

Donjuan

  • Guest
Re: (REPLIED WITH SCAN LOG) had a virus now no internet Please, Please help
« Reply #10 on: January 09, 2012, 11:48:17 PM »
I would be very happy to do whatever you ask:) trouble is I am a computer novice. 

PS  thank you for replying

Donjuan

  • Guest
Re: (REPLIED WITH SCAN LOG) had a virus now no internet Please, Please help
« Reply #11 on: January 09, 2012, 11:58:20 PM »
basically i am sorry to say i don't know  how to  do that.  But I aM  GOOGLING IT, AND TRYING TO FIGURE IT OUT.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: (REPLIED WITH SCAN LOG) had a virus now no internet Please, Please help
« Reply #12 on: January 10, 2012, 12:04:10 AM »
OK a step by step guide with pictures  ;D

Go Start > Run
In the box type regedit  and press enter
A window will open with a tree structure
Open the tree by pressing the little arrows unitl you reach the stage in my first picture
Then using the slider go down to IpSec (I do not have that on windows 7)
Right click the key and select export
Save it to your desktop
Right click the reg file on the desktop and select Edit
Copy and paste the data to your next reply
« Last Edit: January 10, 2012, 12:05:59 AM by essexboy »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: (REPLIED WITH SCAN LOG) had a virus now no internet Please, Please help
« Reply #13 on: January 10, 2012, 12:05:15 AM »
Second screenshot  If you cannot find run then press the windows and R key together



Donjuan

  • Guest
Re: (REPLIED WITH REGEDIT LOG) had a virus now no internet Please, Please help
« Reply #14 on: January 10, 2012, 12:19:05 AM »
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpInIp]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
  52,00,49,00,56,00,45,00,52,00,53,00,5c,00,69,00,70,00,69,00,6e,00,69,00,70,\
  00,2e,00,73,00,79,00,73,00,00,00
"DisplayName"="IP in IP Tunnel Driver"
"DependOnService"=hex(7):54,00,63,00,70,00,69,00,70,00,00,00,00,00
"DependOnGroup"=hex(7):00,00
"Description"="IP in IP Tunnel Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpInIp\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
  05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
  00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00