1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Acquiring Network Address

Discussion in 'Virus & Other Malware Removal' started by oneeighty, Jun 17, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. oneeighty

    oneeighty Thread Starter

    Joined:
    May 20, 2012
    Messages:
    20
    Hey all,

    So my internet connection appears to be working fine [other housemates continue to use it without problems] but for some reason I'm finding that my own connection seems to be okay but is "acquiring network address" continuously, meaning I am unable to access the internet.

    Currently my network connections set it to acquire an IP address automatically. Previously I manually input an IP address and whilst that told me that the connection was "very good" and "connected", I was still failing to access the internet [opening IE would lead to the "This page cannot be displayed..." message and repairing didn't help].

    CMD'ing it shows that the IP address is currently 0.0.0.0 which is not ideal, so I wonder if I could manually input another IP address that may have more success?

    Any suggestions would be much appreciated.
     
  2. TerryNet

    TerryNet Terry Moderator

    Joined:
    Mar 23, 2005
    Messages:
    69,538
    IP addresses of 0.0.0.0 are normally caused by one of the following.

    Diagnosis:
    1. DHCP Service not running.
    2. Duplicate IP address on the network.
    3. Bad NIC card drivers.
    4. Defective NIC hardware.

    Resolution:
    1. Check Control Panel, Administrative Tools, Services. The DHCP Client service should be Started and its Startup Type should be Automatic.
    2. Turn off ALL of the computers and other network connected devices, reboot the router, then restart all the computers and other network devices.
    3. Check for upgraded drivers and/or reload the Network drivers.
    4. Replace the Network Interface Card.

    There has also been at least one case where switching from using Dell WLAN to XP’s WZC resolved the issue.
     
  3. oneeighty

    oneeighty Thread Starter

    Joined:
    May 20, 2012
    Messages:
    20
    Hi Terry,

    Thanks for your response.

    Using resolution #1, this happened: Got a message saying: "Could not start the DHCP Client service on Local Computer". Error 1075: The dependency service does not exist or has been marked for deletion".

    Any ideas?

    Thanks again.
     
  4. TerryNet

    TerryNet Terry Moderator

    Joined:
    Mar 23, 2005
    Messages:
    69,538
    That's often caused by current or past malware. I have requested help from an expert.

    What operating system do you have?
     
  5. oneeighty

    oneeighty Thread Starter

    Joined:
    May 20, 2012
    Messages:
    20
    It's Windows XP, 2003. Thanks for your help.
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,645
    It does sound like the result of malware.

    You will need to transfer this small program to the infected computer via USB flash drive.

    Please download Farbar Service Scanner and transfer it to the desktop of the computer with the issue.
    • Make sure only the following option is checked:
      • Internet Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run (which should be on the desktop.)
    • Please copy and paste the log to your reply.
     
  7. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,645
  8. oneeighty

    oneeighty Thread Starter

    Joined:
    May 20, 2012
    Messages:
    20
    Here's the log:
    Farbar Service Scanner Version: 09-06-2012
    Ran by Asus (administrator) on 17-06-2012 at 16:57:34
    Running from "G:\"
    Microsoft Windows XP Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============
    Dhcp Service is not running. Checking service configuration:
    The start type of Dhcp service is OK.
    The ImagePath of Dhcp service is OK.
    The ServiceDll of Dhcp service is OK.

    NetBt Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open NetBt registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open NetBt registry key. The service key does not exist.


    Connection Status:
    ==============
    Localhost is accessible.
    There is no connection to network.
    Attempt to access Google IP returned error: Google IP is unreachable
    Attempt to access Google.com returned error: Other errors
    Attempt to access Yahoo IP returned error: Yahoo IP is unreachable
    Attempt to access Yahoo.com returned error: Other errors


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit


    **** End of log ****
     
  9. oneeighty

    oneeighty Thread Starter

    Joined:
    May 20, 2012
    Messages:
    20
    Yes, same computer. Basically, I restored the system that day and this seemed to re-install the network adapter [though I could be mistaken...]
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,645
    Alright then. It looks like this is a separate issue. The NetBT service key is missing from the registry and this is generally caused by malware.

    Both of the following can be transferred via USB flash drive to the desktop of the affected computer:

    Please download DDS by sUBs to your desktop from one of the following locations:

    http://download.bleepingcomputer.com/sUBs/dds.scr
    http://www.forospyware.com/sUBs/dds

    Double-click the DDS.scr to run the tool.

    When DDS has finished scanning, it will open two logs named as follows:

    DDS.txt
    Attach.txt

    Save them both to your desktop. Copy and paste the contents of the DDS.txt and Attach.txt files in your reply please.


    Please download GMER from: http://gmer.net/index.php

    Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

    Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.

    Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

    If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are unchecked on the right-hand side:

    IAT/EAT
    Any drive letter other than the primary system drive (which is generally C).

    Click the Scan button and when the scan is finished, click Save and save the log in Notepad with the name ark.txt to your desktop.

    Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.

    Open the ark.txt file and copy and paste the contents of the log here please.
     
  11. oneeighty

    oneeighty Thread Starter

    Joined:
    May 20, 2012
    Messages:
    20
    Thanks a million. So I've downloaded GMER and it's currently scanning, but I can't seem to download DDS from either of those links for some reason...
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,645
    OK. You can just post the GMER log then when it's finished.
     
  13. oneeighty

    oneeighty Thread Starter

    Joined:
    May 20, 2012
    Messages:
    20
    Will do. Thanks again for all of your help.
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,645
    You're welcome. :)
     
  15. oneeighty

    oneeighty Thread Starter

    Joined:
    May 20, 2012
    Messages:
    20
    Log from GMER:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-06-17 18:23:40
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9120822AS rev.3.ALC
    Running: 250hqf9f.exe; Driver: C:\DOCUME~1\Asus\LOCALS~1\Temp\kgayrpog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB7BD2F3C]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB7BD2FE4]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB7BD3080]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB7BD311C]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

    ---- Files - GMER 1.0.15 ----

    File C:\WINDOWS\$NtUninstallKB3278$\1512024366 0 bytes
    File C:\WINDOWS\$NtUninstallKB3278$\1512024366\@ 2048 bytes
    File C:\WINDOWS\$NtUninstallKB3278$\1512024366\L 0 bytes
    File C:\WINDOWS\$NtUninstallKB3278$\1512024366\L\irdvmyof 162816 bytes
    File C:\WINDOWS\$NtUninstallKB3278$\1512024366\loader.tlb 2632 bytes
    File C:\WINDOWS\$NtUninstallKB3278$\1512024366\U 0 bytes
    File C:\WINDOWS\$NtUninstallKB3278$\1512024366\U\@00000001 45968 bytes
    File C:\WINDOWS\$NtUninstallKB3278$\1512024366\U\@000000c0 2560 bytes
    File C:\WINDOWS\$NtUninstallKB3278$\1512024366\U\@000000cb 704 bytes
    File C:\WINDOWS\$NtUninstallKB3278$\1512024366\U\@000000cf 1536 bytes
    File C:\WINDOWS\$NtUninstallKB3278$\1512024366\U\@80000000 73728 bytes
    File C:\WINDOWS\$NtUninstallKB3278$\1512024366\U\@800000c0 43008 bytes
    File C:\WINDOWS\$NtUninstallKB3278$\1512024366\U\@800000cb 25600 bytes
    File C:\WINDOWS\$NtUninstallKB3278$\1512024366\U\@800000cf 31232 bytes
    File C:\WINDOWS\$NtUninstallKB3278$\3900421238 0 bytes

    ---- EOF - GMER 1.0.15 ----
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1057441