Trojan remover also removed SYS files/info Can't connect Internet

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Using XP. Had AVG software detect spyware etc... removed Trojans etc but also
seems to have made changes to SYS files or information. Can not connect to
internet. Can not RESTORE for it appears all Restore points have been changed
and un usable as well. Anyone know of how I can find out what may have
changed, missing or best of all how to fix. AVG Software Technitians no help
at all.
 
You could try this suggestion from Frank Saunders

In WinXP SP2: You can fix Winsock by going to Start | Run and typing CMD
In the command window type netsh winsock reset

That might get your internet back, if not try that and then a reboot.

Charlie
 
From: "Charlie Tame" <[email protected]>

| You could try this suggestion from Frank Saunders
|
| In WinXP SP2: You can fix Winsock by going to Start | Run and typing CMD
| In the command window type netsh winsock reset
|
| That might get your internet back, if not try that and then a reboot.
|
| Charlie

Assuming Fletch has WinXP SP2.
 
What was the name of the Trojan?

You don't want the System Restore Points if you.ve had a Trojan unless
you want the Trojan back. Turn System Restore off and then back on.


--


Hope this helps.

Gerry
~~~~~~~~~~~~~~~~~~~~~~~~
FCA

Using invalid email address

Stourport, Worcs, England
Enquire, plan and execute.
~~~~~~~~~~~~~~~~~~~~~~~~
Please tell the newsgroup how any
suggested solution worked for you.



~~~~~~~~~~~~~~~~~~~~~~~~
 
From: "FLETCH" <[email protected]>

| Using XP. Had AVG software detect spyware etc... removed Trojans etc but also
| seems to have made changes to SYS files or information. Can not connect to
| internet. Can not RESTORE for it appears all Restore points have been changed
| and un usable as well. Anyone know of how I can find out what may have
| changed, missing or best of all how to fix. AVG Software Technitians no help
| at all.
| --
| THANK YOU FOR ANY HELP!

You can't just say... "Had AVG software detect spyware etc... removed Trojans etc..."

You need to state what Trojans and what adware/spyware were found. Logs help !

Malware such as New DOT Net do a hook into the Layered Service Provider (LSP). If you
removed some adware/spyware without checking first checking if thay add LSP drivers, will
indeed break the TCP/IP communication.

If you have SP2 on your XP PC you can go to; Start --> Run
and execute...

%COMSPEC% /k netsh winsock reset catalog

If you don't have WinXP SP2 then you need to use a friends PC and download LSPFix and remove
the adware/spyware introduced items in the Layered Service Provider.

http://www.cexx.org/LSPFix.exe http://www.cexx.org/lspfix.htm
 
David H. Lipman said:
From: "Charlie Tame" <[email protected]>

| You could try this suggestion from Frank Saunders
|
| In WinXP SP2: You can fix Winsock by going to Start | Run and typing CMD
| In the command window type netsh winsock reset
|
| That might get your internet back, if not try that and then a reboot.
|
| Charlie

Assuming Fletch has WinXP SP2.
Click to expand...


That's what it says, and if he does not have SP2 then that's possibly where
the trouble started and I see no real reason why not to recommend it. Since
he cannot get to the internet on that machine right now I don't know what
else to suggest other than manually checking settings, and it is most likely
that the malware has broken something.

Charlie
 
If it's XP SP2, run the command as instructed.
start>run netsh winsock reset <reboot>
If that doesn't work, try removing the NIC from device manager, reboot and
let it redetect.
That should rebuild it.
 
--
THANK YOU FOR ANY HELP!


Charlie Tame said:
You could try this suggestion from Frank Saunders

In WinXP SP2: You can fix Winsock by going to Start | Run and typing CMD
In the command window type netsh winsock reset

That might get your internet back, if not try that and then a reboot.

Charlie



Charlie! Thanks for the quick reply! I never used one of these on line forum things before. Tried what you said and computer indicated "Sucessfully reset the Winsock Catalog" but still no Internet connection.
Click to expand...

I was so ready to say I love you man! Thanks for thought though!
 
Charlie

Fletch needs to download LSP Fix to another computer and run it on the
affected computer,
http://www.cexx.org/lspfix.htm

--


Hope this helps.

Gerry
~~~~~~~~~~~~~~~~~~~~~~~~
FCA

Using invalid email address

Stourport, Worcs, England
Enquire, plan and execute.
~~~~~~~~~~~~~~~~~~~~~~~~
Please tell the newsgroup how any
suggested solution worked for you.



~~~~~~~~~~~~~~~~~~~~~~~~
 
Fletch

Download LSP Fix to another computer and run it on the
affected computer,
http://www.cexx.org/lspfix.htm

--


Hope this helps.

Gerry
~~~~~~~~~~~~~~~~~~~~~~~~
FCA

Using invalid email address

Stourport, Worcs, England
Enquire, plan and execute.
~~~~~~~~~~~~~~~~~~~~~~~~
Please tell the newsgroup how any
suggested solution worked for you.



~~~~~~~~~~~~~~~~~~~~~~~~
 
From: "Charlie Tame" <[email protected]>

|
| That's what it says, and if he does not have SP2 then that's possibly where
| the trouble started and I see no real reason why not to recommend it. Since
| he cannot get to the internet on that machine right now I don't know what
| else to suggest other than manually checking settings, and it is most likely
| that the malware has broken something.
|
| Charlie
|

If he has WinXP SP2 the "full" command line is...

netsh winsock reset catalog

If he doesn't have SP2 installed then there are a few third party utilities to fix the
Layered Service Provider

LSPFix -- http://www.cexx.org/lspfix.htm

Winsock XP Fix -- http://www.snapfiles.com/get/winsockxpfix.html

Winsock2 FIX -- http://www.bu.edu/pcsc/internetaccess/winsock2fix.html
 
THANK YOU TO EVERYONE FOR HELP! YOU GUYS ARE GREAT!!!!!!!!!!

I was brave enough to try. I reset winsock thing then looked in Device
Manager and found NIC to be disabled so I enabled and WALLA or whatever I am
back baby!!!! Thank you again! Thought I was going to have to reinstall
everything!!!!!!!!
 
I appreciate that but since he had apparently no internet access on the
machine I was going for the built in possibility first.

It's kinda hard to even guess when the malware isn't known :) Personally I
think the authors should get nailed more often with some real custodial
sentences.

Charlie
 
Thank you for that info, I must have missed copying something in the
original post too. Obviously not my day. I was in fact going to say LSPFix
but then remembered no internet access :)

Charlie
 
=?Utf-8?B?RkxFVENI?= said:
Using XP. Had AVG software detect spyware etc... removed Trojans etc but also
seems to have made changes to SYS files or information. Can not connect to
internet. Can not RESTORE for it appears all Restore points have been changed
and un usable as well. Anyone know of how I can find out what may have
changed, missing or best of all how to fix. AVG Software Technitians no help
at all.
Click to expand...

Winsock repair thingamajigs:

http://www.iup.edu/house/resnet/WinsockXPFix.exe
http://www.iup.edu/house/resnet/winfix.shtm the readme

http://www.bootdisk.com/kentucky/tcpfix2.exe
http://www.bootdisk.com/kentucky/lspfix.zip
 
Charlie said:
Thank you for that info, I must have missed copying something in the
original post too. Obviously not my day. I was in fact going to say LSPFix
but then remembered no internet access :)
Click to expand...

One can use another pc to get the files. Even if you have a single pc at
home, chances are there is one at work.
 
Charlie

Another useful tool in these situations is Stinger. Regains control of
the machine. With LSP Fix you then have access to support from the
internet to clean the machine. It still leaves you reliant on a 56 kb
modem in some situations, which can be limiting for larger downloads but
there you are.

Download Stinger from here and run it to make sure that A-V-disabling
viruses are not present on your PC
http://download.nai.com/products/mcafee-avert/stinger.exe

Fits on a floppy which you can write protect before running. This is
useful if the computer does not have a CD drive as some older computers
do not. It would be better to download to another machine and put on the
floppy before introducing the disk to the infected machine. Make sure
you run the anti-virus scan in safe mode.

--


Regards.

Gerry

~~~~~~~~~~~~~~~~~~~~~~~~
FCA

Stourport, Worcs, England
Enquire, plan and execute.
~~~~~~~~~~~~~~~~~~~~~~~~
 
From: "Gerry Cornell" <[email protected]>

| Charlie
|
| Another useful tool in these situations is Stinger. Regains control of
| the machine. With LSP Fix you then have access to support from the
| internet to clean the machine. It still leaves you reliant on a 56 kb
| modem in some situations, which can be limiting for larger downloads but
| there you are.
|
| Download Stinger from here and run it to make sure that A-V-disabling
| viruses are not present on your PC
| http://download.nai.com/products/mcafee-avert/stinger.exe
|
| Fits on a floppy which you can write protect before running. This is
| useful if the computer does not have a CD drive as some older computers
| do not. It would be better to download to another machine and put on the
| floppy before introducing the disk to the infected machine. Make sure
| you run the anti-virus scan in safe mode.
|

McAfee/AVERT Stinger only targets ~54 infectors and their variants, mostly internet worms.
It is updated infrequently and should only be downloaded and used *IF* you know you are
infected with one of the targeted infectors. The fact is Stinger has fallen behind. There
are *many* new Bagle and SDBot variants that have come out since its last update of 10/5/05.

On the other hand, the following Multi AV Scanning Tool is a broad-spectrum removal tool.
The McAfee command line scanner alone covers ~155,000 infectors including all the infectors
Stinger targets and way more and gets updated regularly. Additionally, it adds the scanners
from Trend Micro, Sophos and Kaspersky. Thus its coverage is very comprehensive. Stinger
comes only as a Win32 GUI. While it can be executed in Safe Mode and Normal Mode, it can't
be used from DOS. On the other hand, the Multi AV Scanning Tool provides DOS scanners as
well as Win32 compliant scanners such that one can boot off a DOS DISK for FAT32 or a DOS
DISK with NTFS4DOS for NTFS and clean a computer without the Win32 OS in operation.



Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } 4 batch files, 6 Kixtart scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend, Kaspersky and McAfee Anti Virus Command
Line Scanners to remove viruses, Trojans and various other malware.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

* * * Please report back your results * * *
 
David

Do your suggestions fit on a floppy disk?

--


Regards.

Gerry

~~~~~~~~~~~~~~~~~~~~~~~~
FCA

Stourport, Worcs, England
Enquire, plan and execute.
~~~~~~~~~~~~~~~~~~~~~~~~


David H. Lipman said:
From: "Gerry Cornell" <[email protected]>

| Charlie
|
| Another useful tool in these situations is Stinger. Regains control
of
| the machine. With LSP Fix you then have access to support from the
| internet to clean the machine. It still leaves you reliant on a 56
kb
| modem in some situations, which can be limiting for larger downloads
but
| there you are.
|
| Download Stinger from here and run it to make sure that
A-V-disabling
| viruses are not present on your PC
| http://download.nai.com/products/mcafee-avert/stinger.exe
|
| Fits on a floppy which you can write protect before running. This is
| useful if the computer does not have a CD drive as some older
computers
| do not. It would be better to download to another machine and put on
the
| floppy before introducing the disk to the infected machine. Make
sure
| you run the anti-virus scan in safe mode.
|

McAfee/AVERT Stinger only targets ~54 infectors and their variants,
mostly internet worms.
It is updated infrequently and should only be downloaded and used *IF*
you know you are
infected with one of the targeted infectors. The fact is Stinger has
fallen behind. There
are *many* new Bagle and SDBot variants that have come out since its
last update of 10/5/05.

On the other hand, the following Multi AV Scanning Tool is a
broad-spectrum removal tool.
The McAfee command line scanner alone covers ~155,000 infectors
including all the infectors
Stinger targets and way more and gets updated regularly.
Additionally, it adds the scanners
from Trend Micro, Sophos and Kaspersky. Thus its coverage is very
comprehensive. Stinger
comes only as a Win32 GUI. While it can be executed in Safe Mode and
Normal Mode, it can't
be used from DOS. On the other hand, the Multi AV Scanning Tool
provides DOS scanners as
well as Win32 compliant scanners such that one can boot off a DOS DISK
for FAT32 or a DOS
DISK with NTFS4DOS for NTFS and clean a computer without the Win32 OS
in operation.



Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

It is a self-extracting ZIP file that contains the Kixtart Script
Interpreter {
http://kixtart.org Kixtart is CareWare } 4 batch files, 6 Kixtart
scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and
WGET.EXE. It will
simplify the process of using; Sophos, Trend, Kaspersky and McAfee
Anti Virus Command
Line Scanners to remove viruses, Trojans and various other malware.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in
C:\AV-CLS}
This will bring up the initial menu of choices and should be executed
in Normal Mode.
This way all the components can be downloaded from each AV vendor's
web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and
Reboot the PC.

You can choose to go to each menu item and just download the needed
files or you can
download the files and perform a scan in Normal Mode. Once you have
downloaded the files
needed for each scanner you want to use, you should reboot the PC into
Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you
want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and
Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder
C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE
to go through your
FireWall to allow it to download the needed AV vendor related files.

* * * Please report back your results * * *
Click to expand...
 
Back
Top