Jump to content
Fadi

Lost internet connection after running SUPERAntispyware

Recommended Posts

Hello,

I was trying to download softwares from the internet and sunddenly chorme and firefox don't run. IE still running so I connected to the internet and searched for this and posts recommended to download SUPERAntispyware. I did download SUPERantispyware and run it.

It detects a lot of things.. then I proceed to deleted the detected warm, trojan etc..

I restarted the computer, now chrome and firefox and IE all could be opened

BUT I LOST INTERNET CONNECTION. The wireless of my laptop is detecting the connection but the small icon has a red x on it.

If I try to connect to the wireless connection, I get connection unsuccessful.

I'm using windows vista.

I'm not able to attach the The log file generated by SUPERantispyware.

PLEASE HELP.

Thank you.

-FADI

############################

PART OF THE LOG FILE

###########################

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 08/25/2011 at 10:02 PM

Application Version : 5.0.1118

Core Rules Database Version : 7600

Trace Rules Database Version: 5412

Scan type : Complete Scan

Total Scan Time : 06:52:11

Operating System Information

Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)

UAC Off - Administrator

Memory items scanned : 1000

Memory threats detected : 1

Registry items scanned : 43952

Registry threats detected : 32

File items scanned : 565781

File threats detected : 770

Adware.HBHelper

HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}

HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32

HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32#ThreadingModel

HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID

HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib

HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID

HKLM\Software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}

HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}

HKCR\URLSearchHook.ToolbarURLSearchHook.1

HKCR\URLSearchHook.ToolbarURLSearchHook.1\CLSID

HKCR\URLSearchHook.ToolbarURLSearchHook

HKCR\URLSearchHook.ToolbarURLSearchHook\CLSID

HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}

HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0

HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0

HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0\win32

HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\FLAGS

HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\HELPDIR

C:\PROGRAM FILES\SPEEDBIT VIDEO DOWNLOADER\TOOLBAR\TBHELPER.DLL

C:\PROGRAM FILES\SPEEDBIT VIDEO DOWNLOADER\TOOLBAR\TBHELPER.DLL

HKU\S-1-5-21-255948995-4086951440-1813727491-1000\Software\Microsoft\Internet Explorer\URLSearchHooks#{CA3EB689-8F09-4026-AA10-B9534C691CE0}

[sASINPROCSERVER32]

C:\USERS\FADI\APPDATA\LOCAL\TEMP\SVCINST\TBHELPER.DLL

Browser Hijacker.Deskbar

HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid

HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32

HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib

HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

Trojan.DNSChanger-Codec

C:\Program Files\videosoft\Shared Files\ViewRep7.dll

C:\Program Files\videosoft\Shared Files\Vsflex7.ocx

C:\Program Files\videosoft\Shared Files\VSPRINT7.ocx

C:\Program Files\videosoft\Shared Files\VSStr7.ocx

C:\Program Files\videosoft\Shared Files

C:\Program Files\videosoft

Trojan.DNS-Changer (Hi-Jacked DNS)

HKLM\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS\INTERFACES\{E9200FB1-6C5A-4E36-B35D-7E62555F2382}#NAMESERVER

HKLM\SYSTEM\CONTROLSET002\SERVICES\TCPIP\PARAMETERS\INTERFACES\{E9200FB1-6C5A-4E36-B35D-7E62555F2382}#NAMESERVER

HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{E9200FB1-6C5A-4E36-B35D-7E62555F2382}#NAMESERVER

HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS#NAMESERVER

HKLM\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS#NAMESERVER

HKLM\SYSTEM\CONTROLSET002\SERVICES\TCPIP\PARAMETERS#NAMESERVER

Malware.Trace

C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

C:\Windows\TASKS\{22116563-108C-42c0-A7CE-60161B75E508}.job

HKU\S-1-5-21-255948995-4086951440-1813727491-1000\SOFTWARE\XML

HKU\S-1-5-21-255948995-4086951440-1813727491-1000\Software\Microsoft\Handle

Share this post


Link to post
Share on other sites

Hi,

Thank you for your reply. the link you refered to is about deleting wireless network connection...

So, Should I delete my wireless network connection and create a new one? Is this is what should I do?

Sorry, but I'm beginner in that?

Thank you very much

-Fadi

Share this post


Link to post
Share on other sites

You're welcome.

Once you remove the connection, a new one will be created automatically when you connect to the router. Just put a check on "Save Network" and "Start Automatically" (then click OK) when you connect to the router.

Share this post


Link to post
Share on other sites

Hi.

I did that.. and I got "connection unsuccessful.. This computer is connected to Blink8992 but does not have access to the internet. etc.."

I tried to switch on/of the router but still not able to connect to the internet. I have a red X on the connection icon.

Any suggestion?

-Fadi

Share this post


Link to post
Share on other sites

Go into Internet Explorer's Tools-->Internet Options-->Connections-->Lan Settings. If anything is checked in this window, uncheck it and click ok.

If that doesn't help, open SAS's Repair Tools and run the Winsock LSP chain fix, then restart the computer.

Share this post


Link to post
Share on other sites

Thank you for your reply.

I tried that, but still the problem.

I have XAMP installed, so I have run apache on localhost and just want to try if I can connect to my localhost using my browser, even localhost cannot be reached!! Apache is running.. but cannot connect to localhost using the browser.

As for the internet connection, I can see my wireless connection in my wireless networks.. but when I try to connect to this wireless connection, I get "connection unsuccessful".. and then " connected with limited access"...

What could be the problem?

-Fadi

Share this post


Link to post
Share on other sites

I'm having trouble determining if the computer is a actually connecting to the router. Can you be more clear on that?

Try to flush the DNS:

* Click the Start Orb

* Now click All Programs

* Then Accessories

* Then Command Prompt

* Right-click on it and ‘Run As Administrator’

* Type the following and hit Enter:

* ipconfig /flushdns

* After a few moments you should be able to see a confirmation window:

* Windows IP Configuration. Successfully flushed the DNS Resolver Cache.

If that doesn't help, make sure your DNS and IP's are set to automatic (check both IPv4 and IPv6):

http://windows.microsoft.com/en-CA/windows-vista/Change-TCP-IP-settings

BTW-Did you run the SAS winsock fix?

Oh ya, this too: Are any other computers able to connect to the network, and/or can you connect to an alternate network?

Share this post


Link to post
Share on other sites

Hello,

I can see my wireless network connection in the list of available wireless networks. But when I go to the "network icon" at the bottom right side of the laptop screen I see it with RED X. If I click this icon and go to "connet or disonnect..." I can see my wireless network connection (Blinke8889)and has signal strenght "excellent". If I choose Blinke8889 to connect to it, it takes 1 minute and then I get "connection unsuccessful" and I can see "Connected with limited access" near my Blinke8889 wireless network connection.

I did the flushdns but nothing happen.

Yes, I can use my wireless network connection (Blinke8889) from my desktop.

The problem is apparently how to let my laptop connect to the Blinke8889.

Yes I did run the Winsock fix .. but still have a red X on the network icon.

In my SUPERantispyware log file that I have posted in the first post, I can see the following:

Trojan.DNS-Changer (Hi-Jacked DNS)

HKLM\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS\INTERFACES\{E9200FB1-6C5A-4E36-B35D-7E62555F2382}#NAMESERVER

HKLM\SYSTEM\CONTROLSET002\SERVICES\TCPIP\PARAMETERS\INTERFACES\{E9200FB1-6C5A-4E36-B35D-7E62555F2382}#NAMESERVER

HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{E9200FB1-6C5A-4E36-B35D-7E62555F2382}#NAMESERVER

HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS#NAMESERVER

HKLM\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS#NAMESERVER

HKLM\SYSTEM\CONTROLSET002\SERVICES\TCPIP\PARAMETERS#NAMESERVER

SORRY for bothering you but hope you can help me...

Thank you

-Fadi

Share this post


Link to post
Share on other sites

It's no bother, i just wanted some clarification.

Did you check to be sure If that the DNS and IP's are set to automatic (check both IPv4 and IPv6): http://windows.microsoft.com/en-CA/windows-vista/Change-TCP-IP-settings

If that doesn't work, then as test, restore these items from quarantine:

Trojan.DNS-Changer (Hi-Jacked DNS)

HKLM\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS\INTERFACES\{E9200FB1-6C5A-4E36-B35D-7E62555F2382}#NAMESERVER

HKLM\SYSTEM\CONTROLSET002\SERVICES\TCPIP\PARAMETERS\INTERFACES\{E9200FB1-6C5A-4E36-B35D-7E62555F2382}#NAMESERVER

HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{E9200FB1-6C5A-4E36-B35D-7E62555F2382}#NAMESERVER

HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS#NAMESERVER

HKLM\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS#NAMESERVER

HKLM\SYSTEM\CONTROLSET002\SERVICES\TCPIP\PARAMETERS#NAMESERVER

Share this post


Link to post
Share on other sites

Hi,

If I restor to test can I re-quarantine them using superantispyware?

how?

Thank you

-Fadi

It's no bother, i just wanted some clarification.

Did you check to be sure If that the DNS and IP's are set to automatic (check both IPv4 and IPv6): http://windows.microsoft.com/en-CA/windows-vista/Change-TCP-IP-settings

If that doesn't work, then as test, restore these items from quarantine:

Trojan.DNS-Changer (Hi-Jacked DNS)

HKLM\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS\INTERFACES\{E9200FB1-6C5A-4E36-B35D-7E62555F2382}#NAMESERVER

HKLM\SYSTEM\CONTROLSET002\SERVICES\TCPIP\PARAMETERS\INTERFACES\{E9200FB1-6C5A-4E36-B35D-7E62555F2382}#NAMESERVER

HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{E9200FB1-6C5A-4E36-B35D-7E62555F2382}#NAMESERVER

HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS#NAMESERVER

HKLM\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS#NAMESERVER

HKLM\SYSTEM\CONTROLSET002\SERVICES\TCPIP\PARAMETERS#NAMESERVER

Share this post


Link to post
Share on other sites

It appears as though your name server was hijacked, you probably don't want to restore that. You just need to go into your TCP/IP settings for your network connection and restore the correct DNS server(s). If you have multiple computers on your network, you can just copy the DNS numbers from one of the other computers (assuming it isn't hijacked too!). Most of the time wireless connections use DHCP to obtain TCP/IP settings automatically; if you had previously assigned a static IP address, then your DNS server is most likely blank right now and just needs to be populated with something like the router's IP (192.168.1.1 or 192.168.0.1 are common)

Share this post


Link to post
Share on other sites

Hi,

I had never populated IP and DNS before. I just opt for "Obtain an IP automatically" and the same for the DNS "Obtain DNS server address automatically".

I'm using another computer on my wireless connection. nothing set for the IP and DNS...

Anyway, I tried to set DNS to 192.68.0.1 with the hope this will work.. but NO.. not working..

Thank you..

-Fadi

It appears as though your name server was hijacked, you probably don't want to restore that. You just need to go into your TCP/IP settings for your network connection and restore the correct DNS server(s). If you have multiple computers on your network, you can just copy the DNS numbers from one of the other computers (assuming it isn't hijacked too!). Most of the time wireless connections use DHCP to obtain TCP/IP settings automatically; if you had previously assigned a static IP address, then your DNS server is most likely blank right now and just needs to be populated with something like the router's IP (192.168.1.1 or 192.168.0.1 are common)

Share this post


Link to post
Share on other sites

Hi,

Any one could help please... I'm still not able to get internet access despite I can see my wireless connection in the available networks. My log files are attached above in my 1st post.

Thank you very much.

-Fadi

Hi,

I had never populated IP and DNS before. I just opt for "Obtain an IP automatically" and the same for the DNS "Obtain DNS server address automatically".

I'm using another computer on my wireless connection. nothing set for the IP and DNS...

Anyway, I tried to set DNS to 192.68.0.1 with the hope this will work.. but NO.. not working..

Thank you..

-Fadi

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...