Author Topic: Cannot connect to internet after running virus scan and even after uninstalling  (Read 49631 times)

0 Members and 1 Guest are viewing this topic.

Offline jeffce

  • Probably Not A Bot
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2460
  • Member of UNITE
    • Malware Removal
Ok...I will look over them when you get them attached. 

Offline megadude

  • Newbie
  • *
  • Posts: 5
hello,
I have the exact same problem here, only with a slight difference: lspfix did not find any problem.
I've done everything you suggested but just like the OP, nothing works.
additionally I overwrote winsock.dll and winsock32.dll with the files in dllcache folder but that didn't work either.
I will definitely follow this thread for a possible solution
« Last Edit: June 05, 2012, 10:43:06 PM by megadude »

Offline megadude

  • Newbie
  • *
  • Posts: 5
GREAT NEWS

I just fixed the problem using winsock fix
It is available for download here: http://files.snapfiles.com/localdl936/WinsockxpFix.exe
it repairs some corrupted or removed registry entries
just click on "fix", system will need to restart and BAM the problem is gone.

I surfed the net 24 hrs for this.

p.s.
i know the file extension in exe and seems unsafe, I too risked of getting infected but I ran it anyway and it was totally worth the risk.
« Last Edit: June 05, 2012, 10:43:50 PM by megadude »

Offline Jroffman

  • Jr. Member
  • **
  • Posts: 53
What operating system were you using?

Offline Jroffman

  • Jr. Member
  • **
  • Posts: 53
I was successful at running aswMBR...

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-06 23:13:53
-----------------------------
23:13:53.660    OS Version: Windows 6.1.7601 Service Pack 1
23:13:53.660    Number of processors: 2 586 0xF0D
23:13:53.660    ComputerName: KITCHEN-PC  UserName: Kitchen
23:14:14.626    Initialize success
23:14:25.186    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:14:25.186    Disk 0 Vendor: WDC_WD800JD-75MSA3 10.01E04 Size: 76293MB BusType: 3
23:14:25.201    Disk 0 MBR read successfully
23:14:25.201    Disk 0 MBR scan
23:14:25.217    Disk 0 Windows 7 default MBR code
23:14:25.217    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       47 MB offset 63
23:14:25.232    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        10240 MB offset 98304
23:14:25.232    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS        66004 MB offset 21069824
23:14:25.248    Disk 0 scanning sectors +156246016
23:14:25.310    Disk 0 scanning C:\Windows\system32\drivers
23:14:32.814    Service scanning
23:14:59.771    Modules scanning
23:15:11.986    Disk 0 trace - called modules:
23:15:12.017    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
23:15:12.032    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865b5548]
23:15:12.032    3 CLASSPNP.SYS[8a78559e] -> nt!IofCallDriver -> [0x860f4918]
23:15:12.048    5 ACPI.sys[83ebc3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8582c908]
23:15:12.048    Scan finished successfully
23:20:10.336    Disk 0 MBR has been saved successfully to "F:\MBR.dat"
23:20:10.352    The log file has been saved successfully to "F:\aswMBR_log1.txt"


Offline Jroffman

  • Jr. Member
  • **
  • Posts: 53
When trying to run OTL...it looks like it runs fine beyond the point where it creates a restore point and then it stops responding with the last status message at the bottom of the UI reading...Manual File Scan - Getting Folder Structure.

Please advise.

Offline Jroffman

  • Jr. Member
  • **
  • Posts: 53
I got the OTL log file but it is huge and would probably require me to break it into 5 to 10 parts...is there a section of interest?

Offline jeffce

  • Probably Not A Bot
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2460
  • Member of UNITE
    • Malware Removal
Just attach the log if you are able to.  If you need to break the attachment into two or more that is fine.  :)  Be sure to get all of it though.

Offline megadude

  • Newbie
  • *
  • Posts: 5
What operating system were you using?

Have you tried it?

Offline Jim1cor13

  • Jr. Member
  • **
  • Posts: 31
Hi Josh  :)

Perhaps the following will also be of assistance for you...at least I hope so.

http://www.tweaking.com/content/page/repair_windows_firewall.html

Also this: http://www.tweaking.com/content/page/repair_winsock_dns_cache.html

They have utilities that are fairly effective and thought I would pass the info to you.

All my best!
Jim
---

Offline Jroffman

  • Jr. Member
  • **
  • Posts: 53
Megadude...I only want to try if I know it applies to Windows 7

Offline jeffce

  • Probably Not A Bot
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2460
  • Member of UNITE
    • Malware Removal
Are you going to attach the OTL logs?

Offline Jroffman

  • Jr. Member
  • **
  • Posts: 53
OTL log attached in 2 parts...

Offline Jroffman

  • Jr. Member
  • **
  • Posts: 53

Offline jeffce

  • Probably Not A Bot
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2460
  • Member of UNITE
    • Malware Removal
Hi,

Ok we definitely have some work to do...You have some infections that need to go and we may have parts of the ZeroAccess rootkit that failed to install completely on your system.


Download Combofix from either of the links below, and save it to your desktop. 
Link 1
Link 2

**Note:  It is important that it is saved directly to your desktop**
 If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
    When finished, it will produce a report for you. 
  • Please post the C:\ComboFix.txt for further review.