|
Answer» Recently got a bit of malware on all of my PC's thanks to an XSS attack on one of my frequented sites. The Windows 7 and Vista PC's were mostly unaffected (all I did was remove the malware with BitDefender, they work fine now) but the XP computers will not browse the internet any longer. They could browse before removing the malware, but browsing was severely hampered by redirects. Now it doesn't work at all.
IPConfig says I'm connected to my router, but there's no DHCP enabled. The anti-virus can update, but nothing else internet-related will work. Any ideas how to fix this short of reinstalling the OS?Try a system restore to a day when all was well. The recent cleanup will remain in effect.
Good Luck
p.s Download and install IE8. ( remove the previous IE before the installation of IE8. )
http://www.microsoft.com/windows/Internet-explorer/default.aspx
Well, there's no restore dates prior to the day I got the malware. I already have IE 8 installed too.
I think it has to do with the DHCP being disabled, but I don't know what to try in order to fix it.I'd Clik Here... and follow the instructions for posting your logs...
Chances are you're still infected...You're right, I should have posted this in the malware section. My apologies for using the incorrect forum.
I'll do the things suggested in that thread, then post the results.No problem...Well, neither MBAM or SuperAntiSpyware came up with anything. But, they wouldn't update so it's possible something could have been missed. I uninstalled BitDefender but that made no difference.
Btw, HPVC and BatteryMon were written by me.
HJT log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:17:08 AM, on 5/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dldtcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\DellTPad\APOINT.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\TJ\My Documents\Visual Studio 2008\Projects\BatteryMon\BatteryMon\bin\Debug\BatteryMon.exe
C:\Program Files\DELL V305\dldtMsdMon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\FastStone Capture\FSCapture.exe
C:\Documents and Settings\TJ\My Documents\Visual Studio 2008\Projects\HPVC\HPVC\bin\Release\HPVC.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Dell V305\dldtmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HiJackThis\H~.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [dldtmon.exe] "C:\Program Files\Dell V305\dldtmon.exe"
O4 - HKLM\..\Run: [dldtamon] "C:\Program Files\Dell V305\dldtamon.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: BatteryMon.lnk = C:\Documents and Settings\TJ\My Documents\Visual Studio 2008\Projects\BatteryMon\BatteryMon\bin\Debug\BatteryMon.exe
O4 - Startup: FastStone Capture.lnk = C:\Program Files\FastStone Capture\FSCapture.exe
O4 - Startup: HPVC.exe.lnk = C:\Documents and Settings\TJ\My Documents\Visual Studio 2008\Projects\HPVC\HPVC\bin\Release\HPVC.exe
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: dldt_device - - C:\WINDOWS\system32\dldtcoms.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXEsounds like the TCP\IP stack is currupt or missing.
Ping 127.0.0.1 this is a loop back test. You probably fail the test. This just check the Sw.
Try this to reinstall the TCP\IP stack.
Try this:
U could also try fixing the present Win. Boot from the Win CD and do like if u were going to a install. DO NOT USE THE REFORMAT OPTION. Just follow instructions and it will get to a fix this install option. Choose this option and like it run. It will take about 30 mins for this fix. Write back and let us know?
PS do not use the manufacturers CD. It has to be a Win CD SP2 or SP3. TCP Fix...
If indeed this is what it is...Temporarily got distracted with other things, but I came back today and tried the TCP fix. It worked on my laptop, but I decided to throw the other computer in the dumpster since it was so old anyway. I'll toss that TCP fix program onto my backup hard drive in case it happens again. I appreciate the assistance.
Quote from: BaRR on May 21, 2010, 05:54:26 PM but I decided to throw the other computer in the dumpster since it was so old anyway.
Seems a little extreme. I've always managed to find some parts out of old PCs that were worth keeping.Just want to say thanks.....my wife's computer had the same problem and I downloaded the fix program and after it ran nortons found a back door Trojan.....all good and the wife has stopped annoying me...PHEW.....
|
