[gooter]

Hi,

My laptop has an infection that prevents me from going online (or running taskmgr!), so I haven't been able to run the OTL tool yet. I have downloaded OTL on an external harddrive and will try to run it tonight and then post the results on here tomorrow.

But first, a noob question . . . If I attach my harddrive to my infected computer (to copy OTL over) is the virus likely to infect my external harddrive?

Last thing I want to do is infect my work PC

Thanks
Gooter

[Advertisements]

It's possible. Before you connect it to the sick PC, create two folders on in in the root folder of the external drive:

autorun.inf

desktop.ini

This will prevent it from transmitting an infection automatically. It would still be a good idea to scan it with your Anti-Virus before accessing it.

We might be able to get the networking to work:

Apparently you have an XP system.

We are seeing a lot of infections taking out one of the three drivers required by dhcp.

Start, Run, cmd, OK

Type with an enter after each line.

sc  query  afd

sc  query  netbt

sc  query  tcpip

(I use two spaces in the code box so you will be sure to see where 1 space goes.)

Each one should say something like this:


SERVICE_NAME: afd
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING <===============================================DOES THIS SAY RUNNING?
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

If all three of them are running then

net  start  dhcp

should say it is already started.

If that is the case then:

In IE, Files, uncheck Work Offline. Restart IE and test. If still no good:

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

In FireFox, (Tools or the Firefox button), Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.

In Chrome, Wrench, Options, Under the Hood, Change Proxy Settings, uncheck all boxes, OK.

Restart and test. If still no good:

Start, All Programs, Accessories, Command Prompt. Type with an Enter after each line in the code box:

ipconfig /flushdns

netsh  winsock  reset catalog

netsh  int ip reset reset.log

(I use two spaces in the code box so you will be sure to see where 1 space goes.)

Reboot and test. If it still doesn't work:


1. Click "Start," click "Control Panel," click "Network and Internet Connections," and then click "Network Connections."
2. Right-click the network connection that you want to configure (the one you use to connect to the Internet), and then click Properties.
3. On the General tab (for a local area connection), or the Networking tab (for all other connections), click "Internet Protocol (TCP/IP)", and then click "Properties."

4. Click "Use the following DNS server addresses," and then type 8.8.8.8 in the Preferred DNS server and 4.2.2.1 in the Alternate DNS server boxes.

5. Click "OK"

Reboot and test. If it still doesn't work:

(Start) Right click on My Computer, select Manage then Device Manager. Find the Network Adapters and click on the + in front to open up the sub entries. Right click on each sun-entry under Network Adapters and Uninstall. (Doesn't hurt to write down the names in case you need to download the drivers from the PC Maker's website. Normally you don't but with malware you never know.) Reboot and test. If it still doesn't work:

Start, All Programs, Accessories, Command Prompt. Type with an Enter after each line in the code box:

proxycfg  -d
ipconfig  /all
ipconfig  /release
ipconfig  /renew
ipconfig  /all

Report any errors you get and the IP addresses of the last ipconfig /all

Ron

[RKinner]

It's possible. Before you connect it to the sick PC, create two folders on in in the root folder of the external drive:

autorun.inf

desktop.ini

This will prevent it from transmitting an infection automatically. It would still be a good idea to scan it with your Anti-Virus before accessing it.

We might be able to get the networking to work:

Apparently you have an XP system.

We are seeing a lot of infections taking out one of the three drivers required by dhcp.

Start, Run, cmd, OK

Type with an enter after each line.

sc  query  afd

sc  query  netbt

sc  query  tcpip

(I use two spaces in the code box so you will be sure to see where 1 space goes.)

Each one should say something like this:


SERVICE_NAME: afd
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING <===============================================DOES THIS SAY RUNNING?
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

If all three of them are running then

net  start  dhcp

should say it is already started.

If that is the case then:

In IE, Files, uncheck Work Offline. Restart IE and test. If still no good:

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

In FireFox, (Tools or the Firefox button), Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.

In Chrome, Wrench, Options, Under the Hood, Change Proxy Settings, uncheck all boxes, OK.

Restart and test. If still no good:

Start, All Programs, Accessories, Command Prompt. Type with an Enter after each line in the code box:

ipconfig /flushdns

netsh  winsock  reset catalog

netsh  int ip reset reset.log

(I use two spaces in the code box so you will be sure to see where 1 space goes.)

Reboot and test. If it still doesn't work:


1. Click "Start," click "Control Panel," click "Network and Internet Connections," and then click "Network Connections."
2. Right-click the network connection that you want to configure (the one you use to connect to the Internet), and then click Properties.
3. On the General tab (for a local area connection), or the Networking tab (for all other connections), click "Internet Protocol (TCP/IP)", and then click "Properties."

4. Click "Use the following DNS server addresses," and then type 8.8.8.8 in the Preferred DNS server and 4.2.2.1 in the Alternate DNS server boxes.

5. Click "OK"

Reboot and test. If it still doesn't work:

(Start) Right click on My Computer, select Manage then Device Manager. Find the Network Adapters and click on the + in front to open up the sub entries. Right click on each sun-entry under Network Adapters and Uninstall. (Doesn't hurt to write down the names in case you need to download the drivers from the PC Maker's website. Normally you don't but with malware you never know.) Reboot and test. If it still doesn't work:

Start, All Programs, Accessories, Command Prompt. Type with an Enter after each line in the code box:

proxycfg  -d
ipconfig  /all
ipconfig  /release
ipconfig  /renew
ipconfig  /all

Report any errors you get and the IP addresses of the last ipconfig /all

Ron

[gooter]

Thanks for the quick reply Ron, but I went home and ran the rkill and malwarebyte tools, and it seems to have gotten rid of the virus

I was a bit too hasty though, and wasn't able to read your advice about protecting the external hardrive . . I now have a folder in my drive that I can't delete - called "8fdcd2b45cdcf4c3556b308d534aa55e"

I have run the malwarebyte tool on it and it wasn't flagged as an issue so I'm not too worried about it. It does look empty afterall . .

Thank you GeeksToGo.com!


(PS, updated my profile with my new laptop details, now running Vista home basic, not XP )

Edited by gooter, 08 March 2012 - 05:25 PM.