Internet unavailable after virus/trojan

Solved/Closed
Report
-
 joe -
Hello, recently I seemed to have gotten a Trojan. This caused my Chrome to not be able to load any pages. IE and Firefox still worked. Now that I've gotten rid of the malicious files (well at least most of them, some of them are undetected by Malwarebytes/MSSE but I still see some symptoms), none of my Internet Browsers work, and I can't connect to the Internet (games, browsers, chats, etc.).

When I check my Network Connections, it says I am Connected.

The first time this happened was a few days earlier. I don't remember exactly what happened, but I was scanning/removing virus files, and then I lost connection. I checked Control Panel at the time, at first it also said "connected" but then I checked again later and it the icon itself was gone. I used system restore that time to load back to a previous time when IE and Firefox still worked.

This time, I tried System restore again, but it seems it didn't load back far enough.

I checked the LAN settings, and none of the "use proxy" settings are checked.

Please help, it would be very much appreciated!



Note: I just clicked on "Apply All" below this posting space, I don't know what it does, so I'll have to see once it's posted :(


Here's a log of the scan that deleted most of the files. Later on, MSSE also picked up some infected files and fixed them, but I don't know how to see the logs from there :(.

__________________
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4229

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6/24/2010 12:03:12 AM
mbam-log-2010-06-24 (00-03-12).txt

Scan type: Quick scan
Objects scanned: 227632
Time elapsed: 1 hour(s), 1 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\zangosa (Adware.Zango) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Adriel\Application Data\WeatherDPA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adriel\Application Data\WeatherDPA\Weather (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adriel\Application Data\WeatherDPA\Weather\WeatherDPA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adriel\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML (Adware.Hotbar) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Adriel\Application Data\WeatherDPA\Weather\WeatherStartup.xml (Adware.Hotbar) -> Quarantined and deleted successfully.
__________________

The most recent incident that I lost connection was when MSSE deleted Win32/Alureon.H
Now that I've checked the log, it seems MSSE removed 4 instances of this. 3 out of 4 of these instances have the label "rootkit:Alureon->RasAcd"


Thanks very very much in advance!

Oh and I did try the other solutions that I've found on this site relating to this, but none of them worked.

2 replies

Found the answer! I contacted Microsoft Support and wow they actually fixed it xD

These were the directions that led immediately to the fix:

"
1. Click Start, click Run, type "ncpa.cpl" (without the quotation marks) and press Enter.
2. Right-click the connection you are using and click Properties.
3. Click on the "General" tab, highlight "Internet Protocol (TCP/IP)", and click Properties.
4. Select "Obtain an IP address automatically" and click OK.

"
1
Thank you

A few words of thanks would be greatly appreciated. Add comment

CCM 2821 users have said thank you to us this month


Dear Sir,

Please consider getting a trojan remover installed so that you get to remoove it completely from your system.

Thanks.
Thanks, I've downloaded it and scanned it, but looking at the log and its earlier prompts during the scan, it doesn't seem like it found anything malicious. During the scan, it asked me to delete some files, but those were only things related to AIM (I answered yes).

I haven't seen the error message: "Generic Host Process for Win32" recently though, so may be Malwarebytes and MSSE removed them already?

After the scan though, I tried pinging my router again, and this time it seems connected (previously, all the info showed that it was working fine except that the Average MS was over a million instead of 0).

I still can't connect to the Internet :(

I'll post the Trojan Remover Log may be someone can help.