Jump to content


Photo

Internet not working after Vista Antivirus 2011 virus Help!


  • Please log in to reply
1 reply to this topic

#1 Jessi

Jessi

    New Member

  • Member
  • 2 posts

Posted 18 December 2011 - 08:20 AM

My vista pc just had the Vista antivirus 2011 virus. With help from bleepingcomputer.com for the virus I removed the virus but couldn't access the internet after. The internet is connected correctly and works on another computer but on the laptop that it was infected it stay in identifying... when I try to connect to the network. I ran FSS scanner and here are the results.

Farbar Service Scanner
Ran by Jessy (administrator) on 17-12-2011 at 18:30:37
Microsoft? Windows Vista? Home Basic (X86)
********************************************************

Service Check:
==============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open afd registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open afd registry key. The service key does not exist.


File Check:
===========
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2008-02-13 14:19] - [2008-02-13 14:19] - 0806400 ____A (Microsoft Corporation) 52A8BD6294F7D1443C6184C67AE13AF4

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.

**** End of log ****

I ran malware bytes the first time and it found 4 infected files and 1 registry key and here are the results from that last scan.
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8383

Windows 6.0.6000
Internet Explorer 7.0.6000.16830

12/17/2011 12:48:17 AM
mbam-log-2011-12-17 (00-48-17).txt

Scan type: Quick scan
Objects scanned: 191947
Time elapsed: 31 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD (Trojan.Dropper) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\System32\drivers\afd.sys (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Jessy\local settings\application data\pyq.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\Users\Jessy\AppData\Local\Temp\opre0.9675276587072371.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
c:\Users\Jessy\AppData\Local\Temp\nnnv0.23294652097472301.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.

Noticed that afd was missing so i restored that quarantined file to my system but the internet still wouldn't connect. Any help is appreciated. TIA!

#2 LoPhatPhuud

LoPhatPhuud

    Master of Disaster Recovery

  • General Admin
  • 15,881 posts

Posted 18 December 2011 - 04:21 PM

From what you have posted so far, it appears your operating system has been compromised. My only recommendation is to reformat and re-install.

Reference: http://www.dslreports.com/faq/16667


Note: If you posted at Bleeping Computer in the malware removal forum, you may want to ask for additional assistance there.


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users