Internet connection disabled after removing worms and viruses

Status
Not open for further replies.
D

dangawd

Posts: 8   +0
Hi,

I was originally getting recurring worms that never seemed to go away no matter how many times I deleted it. I then found this board and followed all of the instructions listed here for removing them. While it strangely never identified my computer as having any viruses or worms, it was still ultimately effective (apparently) because I'm no longer getting the Avast message saying that it found a worm.

Unfortunately, at some point before I found your board and the solutions, I had lost internet connectivity to that laptop (I did most downloading to a thumb drive from another computer to get the programs onto the infected computer). I can only assume that this was caused by whatever mystery virus afflicted the computer in the first place. I was hoping that the internet connection would be restored after scanning clean, but that's not the case. Even though the internet connection (both wireless and LAN) SAYS it's connected, and even shows some packet traffic, I can't actually get to ANY websites. I get a "page cannot be displayed" error message for every site I visit.

Any ideas what this is or how to repair it?

Thanks!
 
you said you followed the malware removal guide? Can you post the following 3 logs

ComboFix
HijackThis
MBAM or SuperantiSpyware
 
Ok, here are the attachments. let me know if you need anything else.
 

Attachments

  • hijackthis.log
    10.8 KB · Views: 11
  • ComboFix.txt
    12.7 KB · Views: 6
Nothing bad Just a little cleaning

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Please re-open HiJackThis and scan.**Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - rsion - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O16 - DPF: {7D5DD829-6C90-42C5-B54C-2AFA82F988BA} - http://www.antivirusxp2008.com/tools/virusremover.dll

Now close all windows other than HiJackThis, then click Fix Checked.**Close HiJackThis.**Reboot

What is your internet doing does it show it picks up an IP or does it say limited or no connectivity

------------------------------------------------------------------------------------------------------------------------
But just to make sure

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
 
Thanks for your help on this. To answer your question, an IP address is picked up with no problem, and it LOOKS like everything is fine with the internet connection. There is even packet activity (albeit not that much) But when I attempt to actually go to any websites - it never connects. This is true when I connect wirelessly to my own network, when I connect using the wire to my network, or even when I connect to another network. My other laptop that I'm using to type this, as you can see, uses those networks just fine.

THe log is forthcoming.

Thanks again
 
Here is the logfile. it seems it found a few more items the other missed. Interesting. Not sure if it relates to the internet connection, but let's take it from here. Thanks!
 
No, ping always times out when I try it. But to be fair, ping also times out when I use it from my other computer that does have a working internet connection.

What was that virus that it found? And what should I try next to get the internet connection restored?
 
Are you referring to the "Rogue.Installer"? Perhaps that's a trojan that is finally removed (for good).

The "Page cannot be displayed" message is coming from IE alone or have you tried another browser such as FireFox?

If that message is appearing in all browsers and once they help you verify that your system is clean of viruses/malware, the only other thing that I can think of for you to try would be to repair your TCP/IP stack.

Although, I'm not sure that is even the problem.

So why am I suggesting it?

Well, if you're system has a clean bill of health...perhaps the TCP/IP stack became corrupted somehow. However, I would like to hear other people's take on this though.

This should probably be considered before the TCP/IP Stack repair:

http://support.microsoft.com/kb/936211/

I found the following article about how to repair the stack.

http://support.microsoft.com/?kbid=811259
 
Uninstall Zone Alarm. Install every thing, then reinstall Zone Alarm. This is a common problem with Zone Alarm setups lately. Don't just turn it offf, remove it. And jot down all your codes before you do so you can reinstall it.
 
if we have not ruled out malware yet why are you guys telling him to do other things? One thing at a time. Sorry I have not replied back my modem blew up and I am waiting fort new one to get here as soon as it gets here I will reply I am typing from my phone if you were wondering how I posted
 
ITGuy702 said:
... and once they help you verify that your system is clean of viruses/malware, the only other thing that I can think of for you to try would be to repair your TCP/IP stack.
Click to expand...

Hey, sorry.

I'm trying to throw other possibilities out there to check for once the system has been cleaned up. Especially since viruses and malware aren't the only problems out there.

I understand what you're saying though. I apologize if I have stepped on any toes. :eek:
 
Open MBAM and go to the Quarantined and delete everything there.

ComboFix

  • Download ComboFix to your desktop.
  • Double click combofix.exe & follow the prompts.
  • A window will open with a warning.
  • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt
 
Thanks for your help so far, guys.

To answers your questions, I ran an application earlier todady called winSocks XP fix 1.2 (http://www.majorgeeks.com/download4372.html) as suggested on another board. Looking over the link you posted, the app appears to automate the instructions in your link. I tried it, but I still couldn't get an internet connection going.

The other laptop belongs to my non-techie girlfriend, so she doesn't have firefox installed. And without an internet connection, we won't be able to download it to her machine easily, unless you think it's worth downloading it to my laptop, transferring to a thumb drive and transferring it to her computer to test it. If you think it's a worthwhile thing to pursue, then I'll do it.

At what point can we rule out malware? The logs seem to be coming back clean now. Unfortunately, without an internet connection, I'm at the mercy of the version of the software without the latest updates. Is there a way to get the updates on that laptop without an internet connection?

xxdanielxx, I ran combofix and posted the log file in the beginning of the thread. Do you want me to run it again?
 
ah ok Just saw it I will go over it did you remove the items from MBAM can you post a fresh hijackthis log for the final thing to check
 
Been Having the same Problem

I read the whole thread, I tried connecting via internet explorer and firefox, no love. I do understand taking care of one problem at a time..

But I took the suggestion of raybay and deleted Zonealarm.

Internet is working fine now, all the problems I was having are gone.
I like Zonealarm, I just wish it didn't bug the system up.

Anyhow. It is a quick and unintrusive process, and it may help.

Good Luck.
 
Thanks for the update. Zone Labs and Microsoft both affirm this problem is a conflict between Microsoft Updates and MANY firewall products. They claim to be working on a fix. The one released still isn't quite right.
 
very true - after a couple of weeks of posting logs and WinSOCKS fixes and this and that, in the end, all I needed to do was uninstall ZoneAlarm and everything started working.

does anybody have more detail about what specifically causes the internet block from ZoneAlarm?

Thanks for all your help on this!
 
The Zone Alarm issue was a conflict between Zone Alarm and Microsoft Updates, mostly. Microsoft and Zone Labs both have mea culpae on their websites.
 
Status
Not open for further replies.

Similar threads

Cal Jeffrey
Researchers prove they can exploit chatbots to spread AI worms
Replies
3
Views
162
Cal Jeffrey
Cal Jeffrey
A
Russian USB malware spreads worldwide, beyond its Ukraine targets
Replies
8
Views
322
OortCloud
O
Cal Jeffrey
Wendy's says surge pricing reports were "misconstrued" after internet turns Frosty
2
Replies
29
Views
395
hahahanoobs
hahahanoobs

Latest posts

Back