1,105,384 Community Members

IP addresses ping but not site names no internet connections

Member Avatar
mflexnet
Newbie Poster
4 posts since Jan 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

I removed a virus via MSE and afterwards have lost the ability to connect to the internet. This is a windows 7 professional 32 bit laptop. Staticly i can set the ip address and dns server and can ping the DG and the DNS server. I can also ping google by IP address. However cannot reach the website through IP address. I have tried winsock resets along with reinstallation of network adapter drivers. Even have done a system restore to a month back but so far none have worked. I have been scouring the web for the last 4 hours looking for a solution to fix the problem but have yet to find anything. Also i have uninstalled all antivirus software aside from MBAM. I hope that I can find a solution through this community.

Member Avatar
PhilliePhan
Central Scrutinizer
1,667 posts since Dec 2006
Reputation Points: 171 [?]
Q&As Helped to Solve: 115 [?]
Skill Endorsements: 5 [?]
Team Colleague
 
0
 

I hope that I can find a solution through this community.

We can try :)

-- Do you have any logs from the malware removal process? If so, please post them.

-- Please download and run Farbar Service Scanner
Check all the boxes and hit scan. It should produce a log. Please post the FSS.txt for us.

-- Please follow the steps in the linky below to obtain the GMER scanlogs and the DDS Logs:

http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

I or another volunteer will try to check back as time permits.

-- 'Course, if you have issues connecting the ill machine, you'll need a flash drive to transfer the tools and scanlogs....

Cheers :)
PP

Member Avatar
mflexnet
Newbie Poster
4 posts since Jan 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

fss log here.

Farbar Service Scanner
Ran by jmartinez (administrator) on 13-01-2012 at 15:35:47
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
afd Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open afd registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open afd registry key. The service key does not exist.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
Attention! C:\windows\system32\Drivers\afd.sys is missing.
C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\mpssvc.dll => MD5 is legit
C:\windows\system32\bfe.dll => MD5 is legit
C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll => MD5 is legit
C:\windows\system32\vssvc.exe => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuaueng.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Member Avatar
mflexnet
Newbie Poster
4 posts since Jan 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

nslookup gives an UnKnown cant find XXXX No response from server.

I did run FSS and it kicked out a log file that the machine is missing afd.sys under windows\system32\drivers folder. I have run a search and found other afd.sys files inside the winsxs folder and supposedly. According to http://www.smartestcomputing.us.com/topic/49786-no-internet-connection-after-virusmalware-removal-fix/ I can just replace the missing file. Trying this now.
.
.
.
Well that didn't work either. Windows network diagnostic tool responds with DNS server isn't responding. Yet I can ping the DNS server. Ive tried the reset in explorer and also have tried using firefox.

Just checked services.msc and there are many, many, many services with a

<Failed to Read Description. Error Code: 8>

some in particular: network connections, DNS client

Some show as started however and can be restarted. Earlier today the DNS client wouldn't start at all but with some registry work around by going to HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ DNS and removing the DependOnService then rebooting a new one was created and DNS client service finally started.

Member Avatar
PhilliePhan
Central Scrutinizer
1,667 posts since Dec 2006
Reputation Points: 171 [?]
Q&As Helped to Solve: 115 [?]
Skill Endorsements: 5 [?]
Team Colleague
 
0
 

It looks like you are on the right track.

I'd like to see the other logs I requested because, if the rootkitted malware is still active, it'll just reinfect another driver and you'll be back at square one.

This malware infects a random driver (from a small predetermined pool) and cleaning attempts bork the internet connection because they do not replace the infected driver, nor do they address the registry damage.

-- Did you back up the registry before hacking it? If not, I suggest you do so with a tool such as ERUNT.

Anyhoo, please post the logs and we'll go from there.

Cheers :)
PP

Member Avatar
mflexnet
Newbie Poster
4 posts since Jan 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Just for closure. Wound up just doing an hp recovery after backing up profile with windows easy transfer. Everything is back to normal.

Question Answered as of 2 Years Ago by PhilliePhan
You
This question has already been solved: Start a new discussion instead
Post:
Start New Discussion
View similar articles that have also been tagged: