1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Internet won't work after removing viruses

Discussion in 'Virus & Other Malware Removal' started by roxerz, Dec 25, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. roxerz

    roxerz Thread Starter

    Joined:
    Dec 25, 2011
    Messages:
    41
    Hello, just a few days ago, i had some issues with some viruses that infected computer. During that time, i was able to connect to the Internet (although slow due to the viruses) and was able to download SuperAntiSpyware to remove these viruses. But after SAS apparently removed these viruses and rebooted my computer, these viruses seemingly managed to return somehow. After a couple more tries to remove them, i was finally successful. But, when i logged back on and tried to use the Internet, both IE and FireFox were unusable. The error "Server not found" is what i see each time i try to connect to the Internet. The odd part is: i'm connected to the Internet and my other wireless devices receive wifi except my computer. My worry is that the anticirus may have deleted something important along with the virus, that allowed me Internet connection. Mind you i can not use any Internet whatsoever. So downloading any program to help me, might be practically impossible. I've already read other threads concerning this issue and none have helped. I've checked that the settings on my Internet are on no proxy. If anyone can help me it would be much appreciated. Thanks.
     
  2. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    Since you have IE, I assume you are running some version of Windows. They vary somewhat is how they implement networking.
     
  3. roxerz

    roxerz Thread Starter

    Joined:
    Dec 25, 2011
    Messages:
    41
    Well it's hard to tell since i can't use my Internet at all on my computer. So far i've tried number of methods to resolve this issue, but i haven't had any luck so far.
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,716
    The programs likely removed a driver and/or registry keys needed to connect and I doubt the machine is clean yet.

    You will need to transfer some small tools/programs to the infected computer via USB flash drive.

    Please download Farbar Service Scanner and transfer it to the desktop of the computer with the issue.
    • Make sure only the following option is checked:
      • Internet Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run (which should be on the desktop.)
    • Please copy and paste the log to your reply.
     
  5. roxerz

    roxerz Thread Starter

    Joined:
    Dec 25, 2011
    Messages:
    41
    Alright, sorry if i'm a tad bit late with posting the log, i just have to make an arrangement with a friend to use her computer. I'll post that log ASAP.
     
  6. roxerz

    roxerz Thread Starter

    Joined:
    Dec 25, 2011
    Messages:
    41
    Alright, i've got the USB and everything. How do i transfer the program to my USB? Sorry for being such a newbie at this, haha.
     
  7. roxerz

    roxerz Thread Starter

    Joined:
    Dec 25, 2011
    Messages:
    41
    As ordered:
    Farbar Service Scanner
    Ran by christopher hichez (administrator) on 27-12-2011 at 12:16:36
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============
    Dnscache Service is not running. Checking service configuration:
    The start type of Dnscache service is OK.
    The ImagePath of Dnscache service is OK.
    The ServiceDll of Dnscache service is OK.

    Dhcp Service is not running. Checking service configuration:
    The start type of Dhcp service is OK.
    The ImagePath of Dhcp service is OK.
    The ServiceDll of Dhcp service is OK.

    Tcpip Service is not running. Checking service configuration:
    The start type of Tcpip service is OK.
    The ImagePath of Tcpip service is OK.

    IpSec Service is not running. Checking service configuration:
    Checking Start type: Attention! Unable to open IpSec registry key. The service key does not exist.
    Checking ImagePath: Attention! Unable to open IpSec registry key. The service key does not exist.
    Checking LEGACY_IpSec: Attention! Unable to open LEGACY_IpSec\0000 registry key. The key does not exist.


    Connection Status:
    ==============
    Localhost is blocked.
    There is no connection to network.
    Attempt to access Google IP returned error: Other errors
    Attempt to access Yahoo IP returend error: Other errors


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    Attention! C:\WINDOWS\system32\Drivers\ipsec.sys is missing.
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    Gpc(6) NetBT(5) PSched(7) Tcpip(3)
    0x0700000004000000010000000200000003000000050000000600000007000000

    **** End of log ****
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,716
    We need to replace a file that's missing from the drivers folder with one from another location and also repair the registry so please do the following:

    Please run Farbar Service Scanner again.

    Type the following in the edit box after Search

    ipsec.sys

    Click the Search Files button and post the log (FSS.txt) it makes to your reply.
     
  9. roxerz

    roxerz Thread Starter

    Joined:
    Dec 25, 2011
    Messages:
    41
    Here ya go:
    Farbar Service Scanner
    Ran by christopher hichez (administrator) on 27-12-2011 at 14:06:45
    Microsoft Windows XP Service Pack 3 (X86)

    ************************************************
    ================== Search: "ipsec.sys" ===================

    C:\WINDOWS\system32\dllcache\ipsec.sys
    [2009-01-12 14:41] - [2008-04-13 14:19] - 0075264 ____A (Microsoft Corporation) 23C74D75E36E7158768DD63D92789A91

    C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
    [2009-01-12 14:41] - [2008-04-13 14:19] - 0075264 ____N (Microsoft Corporation) 23C74D75E36E7158768DD63D92789A91

    C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys
    [2009-01-17 11:24] - [2004-08-10 06:00] - 0074752 ____C (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

    C:\i386\ipsec.sys
    [2009-01-13 03:34] - [2004-08-10 06:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

    ====== End Of Search ======
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,716
    Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.

    ***************************************************

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    --------------------------------------------------------------------

    With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


    Go to Microsoft's website => http://support.microsoft.com/kb/310994

    Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

    Note: If you have SP3, use the SP2 package.


    ---------------------------------------------------------------------

    Transfer all files you just downloaded, to the desktop of the infected computer.

    --------------------------------------------------------------------


    Disable your anti-Virus and anti-spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.


    [​IMG]

    • Drag the setup package onto ComboFix.exe and drop it.
    • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


      [​IMG]
    • At the next prompt, click 'Yes' to run the full ComboFix scan.
    • When the tool is finished, it will produce a report for you.
    Please post the C:\ComboFix.txt in your next reply.
     
  11. roxerz

    roxerz Thread Starter

    Joined:
    Dec 25, 2011
    Messages:
    41

    Quick question: I have service pack 3.. should i just go ahead and download service pack 2 or 1?
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,716
    Service Pack 2.
     
  13. roxerz

    roxerz Thread Starter

    Joined:
    Dec 25, 2011
    Messages:
    41
    Okay so here's the issue: I don't know which one to download, because i can't determine whether my OS is home edition or professional. I've booted my computer up to see which edition i have, but i don't think it has any specific edition. Which one do you think i should download?
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,716
    Right-click My Computer and select properties. What does it say there under System?
     
  15. roxerz

    roxerz Thread Starter

    Joined:
    Dec 25, 2011
    Messages:
    41
    I have the Media Center Edition.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1032865