Jump to content
WAH

Ran SAS ... now can't hit internet.

Recommended Posts

Nothing in the MB log would affect your internet connectivity. I don't suspect that your issue is caused by malware.

Please describe how many computers are used in the household, wired and/or wireless, etc.

Share this post


Link to post
Share on other sites

Nothing in the MB log would affect your internet connectivity. I don't suspect that your issue is caused by malware.

Please describe how many computers are used in the household, wired and/or wireless, etc.

Two desktops w/ external usb adapters. One laptop w/ internal adapter. All online with no problems. Belkin Wireless G+ MIMO router.

FYI here is the latest SAS Log.

"Error You aren't permitted to upload this kind of file"

It wouldn't let me attach the file so here it is on screen.

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 06/01/2010 at 10:22 AM

Application Version : 4.38.1004

Core Rules Database Version : 5013

Trace Rules Database Version: 2825

Scan type : Complete Scan

Total Scan Time : 01:32:14

Memory items scanned : 570

Memory threats detected : 0

Registry items scanned : 9001

Registry threats detected : 11

File items scanned : 32275

File threats detected : 4

Trojan.Media-Codec

HKU\S-1-5-21-557597913-2479457166-260850784-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}

HKU\S-1-5-21-557597913-2479457166-260850784-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84938242-5C5B-4A55-B6B9-A1507543B418}

HKU\S-1-5-21-557597913-2479457166-260850784-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84938242-5C5B-4A55-B6B9-A1507543B418}

Trojan.DNS-Changer (Hi-Jacked DNS)

HKLM\SYSTEM\CONTROLSET003\SERVICES\TCPIP\PARAMETERS\INTERFACES\{172044B3-38AD-4ED6-A238-16605D7282BA}#NAMESERVER

HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS#NAMESERVER

HKLM\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS#NAMESERVER

HKLM\SYSTEM\CONTROLSET002\SERVICES\TCPIP\PARAMETERS#NAMESERVER

HKLM\SYSTEM\CONTROLSET003\SERVICES\TCPIP\PARAMETERS#NAMESERVER

Malware.Trace

C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

HKU\S-1-5-21-557597913-2479457166-260850784-1006\Software\M5T8QL3YW3

HKU\S-1-5-21-557597913-2479457166-260850784-1006\SOFTWARE\XML

HKU\S-1-5-21-557597913-2479457166-260850784-1006\SOFTWARE\QZAIB7KITK

Trojan.Agent/CDesc[Generic]

C:\PROGRAM FILES\COMMON FILES\FLUXDVD\LIB\XEB\XEBTAG.DLL

Worm.EXPLORER32

C:\WINDOWS\SYSTEM32\EXPLORER32\EXPLORER32.EXE

Share this post


Link to post
Share on other sites

Are you know able to get online with that computer?

If not, check this again:

Go into network connections, right click on your network and choose properties. Highlight Internet Protocol (TCP/IP) and click Properties. The DNS and IP should be on Automatic. Now click on Alternate Configuration and make sure it's set to Automatic Private IP.

Also go into Control Panel>Internet Options>Connections>Lan Settings. Nothing should be checked in the Lan Settings window.

What brand of computer is it?

Share this post


Link to post
Share on other sites

Are you know able to get online with that computer?

If not, check this again:

Go into network connections, right click on your network and choose properties. Highlight Internet Protocol (TCP/IP) and click Properties. The DNS and IP should be on Automatic. Now click on Alternate Configuration and make sure it's set to Automatic Private IP.

Also go into Control Panel>Internet Options>Connections>Lan Settings. Nothing should be checked in the Lan Settings window.

What brand of computer is it?

Confirmed all the above is correct. Still can't get online. IPCONFIG started working without error msg. PC is Dell desktop 5100. Laptop and 2 other desktops (All Dells)all connect wireless. This pc is wired from router. Gotta go for a while.

Share this post


Link to post
Share on other sites

Confirmed all the above is correct. Still can't get online. IPCONFIG started working without error msg. PC is Dell desktop 5100. Laptop and 2 other desktops (All Dells)all connect wireless. This pc is wired from router. Gotta go for a while.

I also tried different network cables. Tried different NIC. Hooked directly to modem ... all with no luck. I don't get error msg "acquiring network address" anymore. Status says "connected" but something ain't quite rite!

Share this post


Link to post
Share on other sites

Run Firefox and see if you get online.

If not, you're in a whole new ball game.

Share this post


Link to post
Share on other sites

Run Firefox and see if you get online.

If not, you're in a whole new ball game.

I always try Firefox and IE. Firefox says Server not found!

If I'm in a newball game, do I have to find another batter?

Share this post


Link to post
Share on other sites

Try to switch to Google DNS or Open DNS, reboot after that. If you can get online then you are affected by malware and should IMO contact SAS support to do a dianostic, but if it was me i would (if possible) format the HD and reinstall Windows.

Share this post


Link to post
Share on other sites

It seems the operating system is too corrupt to warrant any further repair.

I agree with the option to back up the data and reinstall the operating system.

Share this post


Link to post
Share on other sites

It seems the operating system is too corrupt to warrant any further repair.

I agree with the option to back up the data and reinstall the operating system.

OK. I'll keep that in mind. Thanks again for all your help!

Share this post


Link to post
Share on other sites

PROBLEM SOLVED WITHOUT REINSTALLING XP

I had the "acquiring network address" issue about 3 days ago when I used SuperAntiSpyware to delete a background trojan.

A trojan had been running on my system for the past couple of weeks (at least that I know of), and giving background audio ads via Internet Explorer or Google Chrome. Firefox was also constantly crashing. Not sure if this was related to the trojan though.

After malware bytes, windows defender and norton antivirus couldn't address the problem I searched online and found SAS. Much to my surprise, SAS found all instances of the trojan (executed the scan in default safe mode - no internet) on the first run. I quarantined the results and deleted without reviewing them.

After System was restarted, I started experiencing internet issues both wired and wireless. I have other computers at home and they were just fine. This made me think something went awry with the SAS run. After much deliberation, I did a system restore and ran SAS again.

This time I ran a tcp/winsock reset but to no avail.

Even on the second try, I overlooked checking the quarantined list and that was a major mistake.

After a third system restore, and rerun of SAS, I finally decided to look at the quarantined list. This time I saw a crucial windows file NETBT.SYS in the quarantine along with its registry entries. After searching online, it was clear to me that this file is crucial for proper internet operations on windows. So I took the clean version of file from my other system copied it over, and restarted the system. I imported all the quarantined registry entries and imported them over.

After these 2 steps, and a restart I was finally able to get back online.

I am writing this here because I don't want others wasting their time trying to reinstall the entire operating system. Unfortunately, none of the websites (including microsoft) have an easy way to copy over the broken system files and registry entries. However, with a little extra

time and a bit of manual effort this issue can be resolved.

Thanks to SAS for providing an awesome spyware prevention tool.

If you have further questions, feel free to pose on this thread.

Share this post


Link to post
Share on other sites

PROBLEM SOLVED WITHOUT REINSTALLING XP

I had the "acquiring network address" issue about 3 days ago when I used SuperAntiSpyware to delete a background trojan.

A trojan had been running on my system for the past couple of weeks (at least that I know of), and giving background audio ads via Internet Explorer or Google Chrome. Firefox was also constantly crashing. Not sure if this was related to the trojan though.

After malware bytes, windows defender and norton antivirus couldn't address the problem I searched online and found SAS. Much to my surprise, SAS found all instances of the trojan (executed the scan in default safe mode - no internet) on the first run. I quarantined the results and deleted without reviewing them.

After System was restarted, I started experiencing internet issues both wired and wireless. I have other computers at home and they were just fine. This made me think something went awry with the SAS run. After much deliberation, I did a system restore and ran SAS again.

This time I ran a tcp/winsock reset but to no avail.

Even on the second try, I overlooked checking the quarantined list and that was a major mistake.

After a third system restore, and rerun of SAS, I finally decided to look at the quarantined list. This time I saw a crucial windows file NETBT.SYS in the quarantine along with its registry entries. After searching online, it was clear to me that this file is crucial for proper internet operations on windows. So I took the clean version of file from my other system copied it over, and restarted the system. I imported all the quarantined registry entries and imported them over.

After these 2 steps, and a restart I was finally able to get back online.

I am writing this here because I don't want others wasting their time trying to reinstall the entire operating system. Unfortunately, none of the websites (including microsoft) have an easy way to copy over the broken system files and registry entries. However, with a little extra

time and a bit of manual effort this issue can be resolved.

Thanks to SAS for providing an awesome spyware prevention tool.

If you have further questions, feel free to pose on this thread.

Hi,

I've had a similar nightmare with Trojan.DNS-Changer. It started with my internet running very very slowly and after trying several anti-spyware/malware tools without success I found SUPERAntispyware and it found the trojan. I quarantined it and thought that was the end of it. Unfortunately I too now have the issue where I can't connect to the internet and I get the "acquiring network address" message in network connections. I don't have the NETBT.SYS file quarantined, only two Trojan registry threats and two rootkit file threats.

My wife's laptop connects to the internet ok through the same router. So I'm stuck. Please help!!!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...