Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

New Trojan Halts ICS Internet Network Connections


  • Please log in to reply

#1
scottportraits

scottportraits

    Member

  • Member
  • PipPipPip
  • 152 posts



Have had trouble maintaining an internet connection. Caught a Trojan days ago, but deleted it, so there's no quarantine specimen. Didn't jot down the name.....sorry about that. Two entries, one said 'embedded'. Was able to delete them, but may not have disabled System restore......

Days and days of (ICS) Internet Connection Sharing Service disabling itself and refusing to enable because of error 1068 'Dependencies'. Cannot right-click on either hi-speed icons (WAN Driver & Ethernet) to get drop-down menus.....because the Control Panel > Network Connections window freezes up and requires Task Manager to terminate the program.
Attempting to check Win XP Firewall results in a failure to open error because ICS services is stopped.
Right-clicking My Computer, choosing Mange, and opening the 'Services' list reveals that the "Windows/Firewall (ICS) Internet Connection Sharing Service" is stopped. It refuses to enable, in automatic (or manual), and sends this 1068 'dependencies' error.

I can get online for about 5 minutes upon booting up, but it moves slow and then I loose the connection entirely.

Ran all the scans you require in both normal and safe-mode, with system restore off. CWShredder, Adaware, Spybot , AVG Free, Ewido (now AVG Anti-Spyware 7), and finally Trojan Remover. Nothing ever came up. Device Manger revealed the hardware is fine, but access to enable the Network Connections is also being blocked from there.

Tonight, after a Trojan Remover Update and System Scan, I get this message, but it does not call it a malicious item:




File called by NT/XP Services Registry key:

C:\WINDOWS\System32\wbem\WmiApSrv.exe

Loaded by Registry Key:

Hkey_Local_Machine\System\CurrentControlSet\Services\WmiApSrv\"ImagePath"



So I track down these two files in C:\WINDOWS and in the registry HKEY tree.
They must have been renamed. I hope there is enough info to recommend a repair strategy. The only .exe file in the C:\WINDOWS is

smi2smir.exe
WMI SNMP MIB COMPILER
MS Corp.


And here I've exported this properties description from the HKEY registry entry:



Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiApSrv
Class Name: <NO CLASS>
Last Write Time: 10/12/2006 - 10:58 PM
Value 0
Name: Type
Type: REG_DWORD
Data: 0x10

Value 1
Name: Start
Type: REG_DWORD
Data: 0x3

Value 2
Name: ErrorControl
Type: REG_DWORD
Data: 0x1

Value 3
Name: DisplayName
Type: REG_SZ
Data: WMI Performance Adapter

Value 4
Name: DependOnService
Type: REG_MULTI_SZ
Data: RPCSS

Value 5
Name: DependOnGroup
Type: REG_MULTI_SZ
Data:

Value 6
Name: ObjectName
Type: REG_SZ
Data: LocalSystem

Value 7
Name: Description
Type: REG_SZ
Data: Provides performance library information from WMI HiPerf providers.


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiApSrv\Security
Class Name: <NO CLASS>
Last Write Time: 8/26/2004 - 7:00 AM
Value 0
Name: Security
Type: REG_BINARY
Data:
00000000 01 00 14 80 90 00 00 00 - 9c 00 00 00 14 00 00 00 ................
00000010 30 00 00 00 02 00 1c 00 - 01 00 00 00 02 80 14 00 0...............
00000020 ff 01 0f 00 01 01 00 00 - 00 00 00 01 00 00 00 00 ˙...............
00000030 02 00 60 00 04 00 00 00 - 00 00 14 00 fd 01 02 00 ..`.........ý...
00000040 01 01 00 00 00 00 00 05 - 12 00 00 00 00 00 18 00 ................
00000050 ff 01 0f 00 01 02 00 00 - 00 00 00 05 20 00 00 00 ˙........... ...
00000060 20 02 00 00 00 00 14 00 - 8d 01 02 00 01 01 00 00 ...............
00000070 00 00 00 05 0b 00 00 00 - 00 00 18 00 fd 01 02 00 ............ý...
00000080 01 02 00 00 00 00 00 05 - 20 00 00 00 23 02 00 00 ........ ...#...
00000090 01 01 00 00 00 00 00 05 - 12 00 00 00 01 01 00 00 ................
000000a0 00 00 00 05 12 00 00 00 - ........


It looks so strange to me! Nothing on the Computer > Manage > Services list is wrong....so says a techie at eMachines.....except the (ICS) one.

My hi-speed cable server, Adelphia, ran some checks and determined they could see the flow go right up to my modem....so it isn't the cable service.

I hope this is the right kind of info in a format you can make sense of. I am new to alot of this. Any help fixing this problem would be GREATLY APPRECIATED.


- Scottportraits
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP