TechSpot

Layered Service provider waylays IE connectn

By carl777
Apr 23, 2007
  1. My computer connects successfuly for a while to the Internet (with IE7), but I just slaved my HD to another computer, and using PC-cillin Internet Security 2007 found I had 7 files infected by 4 virusues, all of which were successfully quarantined. Now (and for the last few weeks) I've been losing my Internet connection after 10 or 15 minutes with IE7 messages like "Windows has discovered a problem with the following layered serveice provider (LSP): MS Netbios. Would you like Windows to remove this LSP?" After removing it and rebooting, the same problem eventually occurs all over again. I've included my HJT file, and hope someone can shed some light on this. I'm new to this site, so if I haven't followed some protocol correctly please let me know.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Your system is badly infected with a variety of malware.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :wave: :wave:

    This thread is for the use of carl777 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. carl777

    carl777 TS Rookie Topic Starter

    I've read those papers. Thank you. I was hoping you would take a look at the attached HJT and tell me what files to delete.
     
  4. momok

    momok TS Rookie Posts: 2,265

    Hi,

    Often times, HijackThis is not sufficient to fully clean an infected system. This is because it does not detect several other types of files and folders or processes which may be running.

    If you had followed the instructions as requested then please post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste if not it will be ignored and/or removed by the moderators.
    The logs will enable us to understand more about the problems on your system.


    Regards,
    Your friendly Momok =)
     
  5. carl777

    carl777 TS Rookie Topic Starter

    I'm already using Trend Micro PC-cillin 2007 Internet Security 2007 for which I've paid $50. Can I use that instead of AVG along with Combofix?
     
  6. momok

    momok TS Rookie Posts: 2,265

    Hi,

    I would still recommend going through the process as it would clean most basic infections and leave the tougher nasties for us to deal with.
    We would definitely need a ComboFix log. It detects several running processes including hidden ones, and also files created in the past month in your system.
    Also, please run the AVG antirootkit and let us know the results.

    Regards,
    Your friendly Momok =)
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Please follow the instructions in full and post all the requested logfiles. Otherwise, it`s just going to make it that much more difficult for us to help you.

    Regards Howard :)

    This thread is for the use of carl777 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  8. carl777

    carl777 TS Rookie Topic Starter

    Howard and Momok,

    Thank you for all your help so far. One last question before I follow your cleaning advice. This computer is a friend's used for stocks, investments, and advising business clients, but he no longer has the Win XP Pro disk that came with it. I am recommending that he change all his passwords as per your advice under "CLEAN or REFORMAT," but reformatting would necessitate his buying the Win XP Pro CD and my hunting down the drivers--so how bad is it in this case to clean rather than to reformat? Will his computer still be at risk or suspect after cleaning?
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your friends system is infected with the following.

    Ntos.exe is a Backdoor trojan that allows an attacker to steal information etc.

    rpcc.exe is Added by the Troj/Dloadr-AEL downloader Trojan. Again this trojan can download other malware which can be used for various purposes.

    Whilst it is possible to clean these infections from the system, it isn`t possible to guarantee 100% that the system would be safe for the storing of sensitive information.

    Given the above, I strongly recommend the system is formatted. If this means the purchase of a new Windows cd, then so be it. The risks of not doing so could be immense.

    I recently heard from one of our members, who had the misfortune to lose $10,000 due to a malware infection.

    I hope this helps your friend to make the correct decision.

    Regards Howard :)

    This thread is for the use of carl777 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  10. carl777

    carl777 TS Rookie Topic Starter

    Howard,

    Thanks again. I will reformat his HD. Is there a way to reformat the Master Boot record (to be sure to expunge all the virus traces) using the Win XP Pro install disk, or is that taken care of by NOT choosing the "Quick Format" option? Also, can these Trojans be responsible for his repeatedly losing his Internet connection?

    Sincerely,

    CW
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Yes there is.

    Download the Powermax ISO programme and burn it to cd as an image.

    Boot from the cd and run a low level format, this will completely wipe the hard drive including the boot sector.

    Regards Howard :)

    This thread is for the use of carl777 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  12. jobeard

    jobeard TS Ambassador Posts: 9,315   +618

    Using the QUICK format just moves all the allocated disk bocks on to the free list,
    making all the space available to be overwritten. This implies that you TRUST
    the existing blocks to be correctly formated.

    If you really wish to ERASE the disk, then ALWAYS use the full, time consuming
    scan an reformat.


    Yes, this mode reformats EVERY block on the HD, including the MBR and the label.
     
  13. carl777

    carl777 TS Rookie Topic Starter

    Jobeard and Howard,

    Is there any difference in thoroughness between the Powermax ISO format and the full, time consuming format provided on the Win XP CD?

    carl777
     
  14. jobeard

    jobeard TS Ambassador Posts: 9,315   +618

    "SeaTools for Windows has replaced SeaTools Online and PowerMax."

    SeaTools and PowerMax are software offerings.

    A 'format' is specific to the media AND the intent.
    For example, ISO 9960 is the 8.3 name format for DOS FAT files
    Then there's the Rockridge extensions that give long-file-names and allow
    dir.names.with.dots :)

    btw: ISO is the International Standards Organization, but there is also
    an xyz.iso file format for mounting a CD filesystem onto the desktop.

    SO, imo, you want to FORMAT your media for the intended use, eg
    Windows/XP --> NTFS and it's performed using the command
    FORMAT /fs:ntfs $driveletter

    see this reference
     
  15. carl777

    carl777 TS Rookie Topic Starter

    formatting

    Jobeard,

    Apparently you use the format command (with or without switches) from the Recovery Console. I'm not sure how to get to the Recovery Console during an installation, which is where I'll be when I want to format the HD. Can't I just fully format (to destroy all previous virus traces) during an XP install by choosing format and avoiding the quick format option?
     
  16. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Yes there is. The powermax low level format(zero fill), will wipe everything from the hard drive, whereas a normal format wouldn`t do that.

    Regards Howard :)
     
  17. jobeard

    jobeard TS Ambassador Posts: 9,315   +618

    if you are going to just start over, forget the Recovery Console.

    During the CD boot, you get to select the partition and the option to
    empty/format it. You don't need to worry about rewriting over every block,
    as that will occur naturally as the install progresses and files get created.
    Any existing virus will be obliterated nicely by the above.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...