Unknown network connection defined - how to delete?

[bkdickard]

After a recent spyware/malware attack, I have found a network connection defined on my system I know was not there before. This connection self-installs when I boot, but I cannot delete it or disabled it. It is interfering with several programs I run that need to establish secure connections. The name of the network connection is "Local Area Connection on Linux IGD". I am running Windows XP and have no known direct network connection to a Linux server. If anyone has seen this, please provide instructions for how to disable and delete this network connection definition.

 

[bkdickard]

Also, this connection only shows in "regular" boot mode. WHen I boot in safe mode, the rogue network connection is not installed.

 

[howard_hopkinso]

Go and read this thread HERE.

Then post a HJT log as an attachment into this thread, I`ll take a look and see if your system is clean or not.

Regards Howard

This thread is for the use of bkdickard only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[bkdickard]

hijack log attached

I tried a few of the fixes in the thread. The one that seemed the most promising was deleting the 010 entries. I tried running LSPFIX but did not recognize any of the dll's it suggested to remove. The rogue "internet gateway" network connection is still there on boot. My latest hijack log is attached. Thanks.

 

[howard_hopkinso]

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

neoteris\secure application manager

Close contol panel.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {4AA49065-61BA-E106-4AFA-CDCA7585AA1C} - C:\WINDOWS\qcxgu1.dll (file missing)

O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\samnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\samnsp.dll

O15 - Trusted Zone: remote.schwab.com

O15 - Trusted Zone: remote2.schwab.com

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://remote2.schwab.com/dana-cached/setup/JuniperSetupSP1.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{8CC13DA5-C870-43D9-8B34-3B142DC8E137}: NameServer = 205.171.3.65,205.171.2.65

O17 - HKLM\System\CCS\Services\Tcpip\..\{D85CCF9A-241E-4EDA-BFD0-09930A1AF524}: NameServer = 205.171.3.65,205.171.2.65

O17 - HKLM\System\CCS\Services\Tcpip\..\{DB34D527-0ABB-4680-939A-9524B90162E8}: NameServer = 205.171.3.65,205.171.2.65

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

c:\program files\neoteris Delete the entire folder.

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

Post a fresh HJT log and let me know how your system is running.

Regards Howard

This thread is for the use of bkdickard only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[bkdickard]

Please close this thread

Thanks for your input - I appreciate the help. After trying the suggested fixes, I am still having secure communications problems from several applications. At this point, my trust in my system configuration is very low, so rather than spend more time in debug mode, I'm going to reformat my drive and start over. Thanks for your help.

 

[TechNew]

I'm new and do understand that this is not forum to to post virus etc, but I don't think this is virus and just couldn't not respond. . After a quick read, I think I have exactly the same problem, my network connections now shows a Linux IGD Gateway to the Internet. And I don't have Linux. I felt such sympathy that I hope you don't reformat before trying this.
I spent hours and hours going through different test scenarios myself but finally just googled. and found answer(at least it seems to be working) on the site
tomshardware - the question is: where'd this :Linux IGD" connection come from.
There are 2 replies, the first didn't work consistently but the second seems to. Both seem to understand exactly where this did come from. A windows Messenger update. and not a virus.
BOTH are 1 minute no risk changes - go for it.