TechSpot

Unknown network connection defined - how to delete?

By bkdickard
Sep 25, 2006
  1. After a recent spyware/malware attack, I have found a network connection defined on my system I know was not there before. This connection self-installs when I boot, but I cannot delete it or disabled it. It is interfering with several programs I run that need to establish secure connections. The name of the network connection is "Local Area Connection on Linux IGD". I am running Windows XP and have no known direct network connection to a Linux server. If anyone has seen this, please provide instructions for how to disable and delete this network connection definition.
     
  2. bkdickard

    bkdickard TS Rookie Topic Starter

    Also, this connection only shows in "regular" boot mode. WHen I boot in safe mode, the rogue network connection is not installed.
     
  3. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Go and read this thread HERE.

    Then post a HJT log as an attachment into this thread, I`ll take a look and see if your system is clean or not.

    Regards Howard :)

    This thread is for the use of bkdickard only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  4. bkdickard

    bkdickard TS Rookie Topic Starter

    hijack log attached

    I tried a few of the fixes in the thread. The one that seemed the most promising was deleting the 010 entries. I tried running LSPFIX but did not recognize any of the dll's it suggested to remove. The rogue "internet gateway" network connection is still there on boot. My latest hijack log is attached. Thanks.
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    neoteris\secure application manager

    Close contol panel.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R3 - Default URLSearchHook is missing

    O2 - BHO: Class - {4AA49065-61BA-E106-4AFA-CDCA7585AA1C} - C:\WINDOWS\qcxgu1.dll (file missing)

    O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\samnsp.dll

    O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\samnsp.dll

    O15 - Trusted Zone: remote.schwab.com

    O15 - Trusted Zone: remote2.schwab.com

    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://remote2.schwab.com/dana-cached/setup/JuniperSetupSP1.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{8CC13DA5-C870-43D9-8B34-3B142DC8E137}: NameServer = 205.171.3.65,205.171.2.65

    O17 - HKLM\System\CCS\Services\Tcpip\..\{D85CCF9A-241E-4EDA-BFD0-09930A1AF524}: NameServer = 205.171.3.65,205.171.2.65

    O17 - HKLM\System\CCS\Services\Tcpip\..\{DB34D527-0ABB-4680-939A-9524B90162E8}: NameServer = 205.171.3.65,205.171.2.65

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    c:\program files\neoteris Delete the entire folder.

    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    Post a fresh HJT log and let me know how your system is running.

    Regards Howard :)

    This thread is for the use of bkdickard only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  6. bkdickard

    bkdickard TS Rookie Topic Starter

    Please close this thread

    Thanks for your input - I appreciate the help. After trying the suggested fixes, I am still having secure communications problems from several applications. At this point, my trust in my system configuration is very low, so rather than spend more time in debug mode, I'm going to reformat my drive and start over. Thanks for your help.
     
  7. TechNew

    TechNew TS Rookie

    I'm new and do understand that this is not forum to to post virus etc, but I don't think this is virus and just couldn't not respond. . After a quick read, I think I have exactly the same problem, my network connections now shows a Linux IGD Gateway to the Internet. And I don't have Linux. I felt such sympathy that I hope you don't reformat before trying this.
    I spent hours and hours going through different test scenarios myself but finally just googled. and found answer(at least it seems to be working) on the site
    tomshardware - the question is: where'd this :Linux IGD" connection come from.
    There are 2 replies, the first didn't work consistently but the second seems to. Both seem to understand exactly where this did come from. A windows Messenger update. and not a virus.
    BOTH are 1 minute no risk changes - go for it.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...