Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Rootkit - Cannot connect to internet


  • Please log in to reply

#61
MaxMurder

MaxMurder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
The current IP address on the sick pc is 192.168.2.7 (on the healthy laptop, the last digit is 6)
Default Gateway: 192.168.2.1 (same on the laptop)
Subnet mask: 255.255.255.0
DNS: 8.8.8.8
Alternative DNS: 4.2.2.1

nslookup att.com:

***Can't find server name for address 8.8.8.8
" " " " " 4.2.2.1

The earliest restore point I have is from September 16 of this year. I tried system restore before contacting G2G...I tried several points and each time it failed to restore giving a generic error. Maybe Online Armor wasn't letting it restore(?)

Should I try restore from 9/16? I didn't try that far back.

Edited by MaxMurder, 14 December 2011 - 10:00 PM.

  • 0

Advertisements


#62
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Yes go ahead and try the oldest restore point you have.
  • 0

#63
MaxMurder

MaxMurder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Restoration Failed. Grrrr
Do you think it might work in safe mode?

Edited by MaxMurder, 14 December 2011 - 10:45 PM.

  • 0

#64
MaxMurder

MaxMurder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Safe Mode failed as well.
  • 0

#65
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Do you see any errors from the Restore failures in the Event logs?
  • 0

#66
MaxMurder

MaxMurder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Where would I find the events log? I didn't see any recent logs.
  • 0

#67
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Click on System.

What make and model PC is this?
  • 0

#68
MaxMurder

MaxMurder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
HP Pavilion a450y. It's maybe 8 years old.

Here's some of the error messages I got just last night. The repeat numerously.

Application:
Description for Event ID (0) in source (gupdate) cannot be found. Local computer may not have the necessary registration information or message DLL files to display messages from a remote computer. You may be able to use /AUXSOURCE = flag to receive this information. See help and support for details. The following information is part of the event: Service Stopped

Security:
IPSecServices; IP Sec Service has experience a critical failure and has shut down with error code: The network connection was aborted by the local system .stopped IP Sec Services can be a potential security hazard to the machine. Please contact machine administrator to restart services.

Services:
ADF Networking Support Environment failed to start due to either because it is disabled or because it has no enabled devices associated with it.
(I guess we figured that out) hah
  • 0

#69
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Let's reinstall the network drivers. Perhaps that will help.
Get
sp24008.exe from
http://h10025.www1.h...391726&sw_lang=
  • 0

#70
MaxMurder

MaxMurder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
OK tried it...it said to update the drivers in Network Adapters (Device Manager) and I got the following message: The Wizard could not find a better match for your hardware than the software you currently have installed.
  • 0

Advertisements


#71
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Start, Run, services.msc, OK

Look for IpSec Services. Right click and select Properties. Click on the Dependencies tab. What does it depend on? Per BlackViper website it just needs

IPSEC Driver
Remote Procedure Call (RPC)
TCP/IP Protocol Driver

in order to function. Pretty sure RPC is running. The other two are probably in the non-plug and play section of Device Manager, (Show Hidden Devices must be checked.) Is one of them missing or not running?
  • 0

#72
MaxMurder

MaxMurder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
IP Sec and TCP/IP are present and running. Their Startup type is set to 'System'. RPC is running. There is an RPC locator which was not running, don't know if that is relevant.
  • 0

#73
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Go to http://smokeys.wordp...p3-tcpip-stack/

Look for:

Hardcore method when nothing else is working

Do
Step #1 and Step #2
  • 0

#74
MaxMurder

MaxMurder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
I'm not following the first step...
"Locate the Nettcpip.inf file in %winroot%\inf, and then open the file in Notepad"

Don't know how to find this

...Nevermind...found it

Edited by MaxMurder, 15 December 2011 - 10:51 PM.

  • 0

#75
MaxMurder

MaxMurder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Tried it...nothing. Still no AFD present in Device Manager.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP