Guest Chris Barnes Posted August 9, 2007 Posted August 9, 2007 I am trying to help a person recover from an infected computer and am *almost* there, but have 1 nagging problem I can't seem to figure out. I am not 100% positive it is related to her infection. WinXP Home w/ SP2 (but obviously still needing some updates). Removed an old version of Norton and installed Corp Ed 10.2. * Had to run the updated virus defs manually because the computer wouldn't connect to symantec to do them automatically. Also installed Spybot Search & Destroy. Was able to do those updates. Rebooted into Safe Mode - ran both AV and Spybot. Found 12 spyware & 14 virii (one of them had 60+ occurances). Cleaned those off - but had a couple it couldn't clean. Rebooted into Safe Mode and ran them again. Spybot found 2 more; was able to clean off. AV found 1 more virus, was able to quarantine (which I then deleted). Rebooted into Safe Mode for 3rd time and did it again. Both scans came up clean (finally). HERE IS WHERE THE EXISTING PROBLEM SHOWS UP... Rebooted into regular mode. Nothing suspicious in Task Manager. Tried to goto http://windowsupdate.microsoft.com/, but computer tries to connect to 192.168.0.1 Check my network settings - yep, have a valid IP. Open cmd prompt and can ping out. Check Symantec AV - still can't connect to it's Liveupdate site. Check IE settings - the Security is set to "Allow all cookies". Reset to default, close IE. Reopen IE and check settings again - Security again set to "allow all cookies". Now I turn to this group for advice. I am usually pretty good at nuking infected machines, but this one has me stumped. -- + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Chris Barnes AOL IM: CNBarnes chris-barnes@tamu.edu Yahoo IM: chrisnbarnes
Guest nass Posted August 9, 2007 Posted August 9, 2007 RE: Recovering from a virus help "Chris Barnes" wrote: > I am trying to help a person recover from an infected computer and am > *almost* there, but have 1 nagging problem I can't seem to figure out. > I am not 100% positive it is related to her infection. > > WinXP Home w/ SP2 (but obviously still needing some updates). > Removed an old version of Norton and installed Corp Ed 10.2. > * Had to run the updated virus defs manually because the computer > wouldn't connect to symantec to do them automatically. > Also installed Spybot Search & Destroy. Was able to do those updates. > > Rebooted into Safe Mode - ran both AV and Spybot. Found 12 spyware & 14 > virii (one of them had 60+ occurances). Cleaned those off - but had a > couple it couldn't clean. > > Rebooted into Safe Mode and ran them again. Spybot found 2 more; was > able to clean off. AV found 1 more virus, was able to quarantine (which > I then deleted). > > Rebooted into Safe Mode for 3rd time and did it again. Both scans came > up clean (finally). > > HERE IS WHERE THE EXISTING PROBLEM SHOWS UP... > Rebooted into regular mode. Nothing suspicious in Task Manager. Tried > to goto http://windowsupdate.microsoft.com/, but computer tries to > connect to 192.168.0.1 Check my network settings - yep, have a valid > IP. Open cmd prompt and can ping out. Check Symantec AV - still can't > connect to it's Liveupdate site. > > Check IE settings - the Security is set to "Allow all cookies". Reset > to default, close IE. Reopen IE and check settings again - Security > again set to "allow all cookies". > > > Now I turn to this group for advice. I am usually pretty good at nuking > infected machines, but this one has me stumped. > > -- > > + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + > Chris Barnes AOL IM: CNBarnes > chris-barnesNEEDSPAMBODY@tamu.edu Yahoo IM: chrisnbarnesHELLOWORLD Hi Chris, I think the infection left the winsock corrupt or damaged, try to repair it by doing this: Open a run command and type in: ipconfig /flushdns click [OK] ipconfig /renew click [OK] netsh winsock reset click [OK] Reboot the machine, does this help?. Or download this tool from here winsockFixer: http://www.nasstec.co.uk/tools.html run it and when you prompted to Restart, please do so. Does the connection working?. If still no joy, how do you connect to the Internet, is it router/modem?. Are you able to access the Router page (that if you using a router)?. If you have one, then turn the router for about 40 Secs, then the Computer. Turn the Router/Modem ON, wait for 30 (for sync with the ISP to get IP) then the Machine ON, does this help?. HTH. nass ----- http://www.nasstec.co.uk
Recommended Posts