10 replies to this topic

[lajekahr]

My wife's computer got a nasty bug. With the help of the malware forums, we've got the malware fully removed, but the unfortunately, it looks like something got corrupted and I can't figure out how to fix it.

The malware thread is here:
http://forums.malwarebytes.org/index.php?showtopic=110620&st=0

My current problems are:
Can't join the homegroup:
There is an active homegroup running on the network and her computer cannot even see it, let alone connect.

Can't share or discover:
When I go to advanced sharing settings, and click "turn on network discovery" and "share files" and hit okay. It accepts it, but when I re-open the advanced settings it shows it as still off.

Can't share attached printers over the network:
When I plug our printer into this comp, I can't print or share it. (I'm least worried about this problem, the printer has wi-fi so I put in on the wi-fi and can print on it from any computer on the network now.)

Short version of the steps I took to fix the malware:
Found infection, updated anti malware software, ran and purged.
Found secondary infection, due to constant shutdown, I had to jimmy a fix. I found the infected file (system32/services.exe) and copied the one from my computer onto her computer. (We're both running win 7.)
That stopped the constant shutdowns so I ran antivirus software and got rid of the infected services.exe file.

I'm hoping yall can help me figure out how to fix the network issue.

Thanks!

[lajekahr]

Uh oh, I hope this doesn't mean I'm going to have to re-install.

[TruthRealm]

assuming your system is infact 'clean', ensure you've all of the latest Microsoft Updates (including SP1 for Windows 7!), then try running the following commands from an elevated (Run as Administrator) PowerShell prompt as written (order doesn't matter as long as "ipconfig /flushdns" is first)

ipconfig /flushdns
netsh winsock reset
netsh int ip reset
netsh int ipv6 reset
netsh advfirewall reset
shutdown -r

[Firefox]

You can try the Microsoft Fix-It tool located => HERE

[lajekahr]

resetting everything didn't work.
I've run the microsoft fixit program many times in the course of working on this problem, but I'm giving it another whirl on a hope.

...

Yup, as before fixit detects there are problems, but can't figure out what they are. sigh.

Thanks for the suggestions, though!

[lajekahr]

To be specific its the same thing I got in the malware forum post:
Windows Firewall is incorrectly configured. Not fixed.
You are not connected to a homegroup. Not fixed.

[TruthRealm]

this procedure going out on a limb however it isn't a shot in the dark either

- verify the system is clean 'still' by downloading a 'fresh' instance of chameleon and running it off a flashdrive
- using "[Windows key] + [R]" type without quotes 'netplwiz' and click ohk
- create a new standard user account
- create a new administrator account
- restart
- log into the new standard user account (whenever asked by UAC for elevated credentials for any of the following tasks, be certain to use the 'fresh' admin account and not your previous account)
- open windows explorer (not internet explorer) and paste this location without quotes "Control Panel\All Control Panel Items\Windows Firewall"
on the upper left panel there should be a "Reset Defaults" option...use it
- make sure your network location is configured as 'Home' (not Public, Work or Domain)
- using the same method from above navigate to "Control Panel\All Control Panel Items\Windows Firewall\Allowed apps" and ensure the following are checked for both columns (Private and Public)
* core networking
* file and printer sharing
* homegroup
* network discovery
* play to functionality
- create a new homegroup from *this* computer
- on the other computer involved 'leave' the homegroup, then attempt joining the new one

[AdvancedSetup]

Hello and welcome to Malwarebytes

If you think you are infected, here are the steps needed to get your computer cleaned....
Please read the following so that you can begin the cleaning process:

Don't use any temporary file cleaners unless requested - this can cause data loss and make recovery difficult

You have 3 Options that you can choose from as listed below:

• Option 1 —— Free Expert advice in the Malware Removal Forum
  
• Option 2 —— Paying customer -- Contact Support via email
  
• Option 3 —— Premium, Fee-Based Support

OPTION 1

As we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the
Malware Removal forum so a qualified helper can help you fix any malware related problems or infections you may have.

• Please read and follow the directions here, skipping any steps you are unable to complete.
  
• After posting your new post, make sure under options, you select Follow this topic and choose Instantly,
  so that you're alerted when someone has replied to your post.

NOTE: Please do not post back to (bump) your topic within the first 48 hours.
Replying to your own posts changes the post count and helpers are looking for topics with zero replies.
If you reply to your own post helpers may think that you're already being helped and thus overlook your post.

• 
  
  • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
    Or
    
  • You may send a Private Message to a Moderator asking for assistance.

OPTION 2

Alternatively, as a paying customer, you can contact the help desk here

OPTION 3

If you would like to use our Malwarebytes Premium Consumer Services partner, Comprehensive solutions to all your computer support needs—from installation and set-up to troubleshooting and tune-ups go to our Malwarebytes Premium Services support site.


Please be patient, someone will assist you as soon as possible.

[lajekahr]

As noted in my post. The malware has already been removed. I'm trying to recover from possible after effects. If you note my post again, you'll see that there is even a link to the malware removal forum. Thanks for the suggestion truth realm I'll give that a whirl.

[lajekahr]

TruthRealm, on 23 July 2012 - 01:17 PM, said:

this procedure going out on a limb however it isn't a shot in the dark either - verify the system is clean 'still' by downloading a 'fresh' instance of chameleon and running it off a flashdrive - using "[Windows key] + [R]" type without quotes 'netplwiz' and click ohk - create a new standard user account - create a new administrator account - restart - log into the new standard user account (whenever asked by UAC for elevated credentials for any of the following tasks, be certain to use the 'fresh' admin account and not your previous account) - open windows explorer (not internet explorer) and paste this location without quotes "Control Panel\All Control Panel Items\Windows Firewall" on the upper left panel there should be a "Reset Defaults" option...use it - make sure your network location is configured as 'Home' (not Public, Work or Domain) - using the same method from above navigate to "Control Panel\All Control Panel Items\Windows Firewall\Allowed apps" and ensure the following are checked for both columns (Private and Public) * core networking * file and printer sharing * homegroup * network discovery * play to functionality - create a new homegroup from *this* computer - on the other computer involved 'leave' the homegroup, then attempt joining the new one

Okay, I do this but when I log the new standard user it doesn't ask me for credentials to reset to defaults. It just gives me dialog boxes and I hit okay. No errors. I try to go to allowed apps, but it doesn't like that address, so I tried Advanced Features, but the just pops an error that I don't have sufficient privileges. No option to move up a level.

So I logged onto the new admin account.
From there I checked alllowed programs and advanced features, but on both of those I don't see anything like your list, just my various browsers and a couple games...

[AdvancedSetup]

The issue is that only some of the tools used for malware detection and removal are going to give you any real chance of fixing this without fully reinstalling Windows.

We do not allow such tools to be used outside of the HJT forum though for obvious reasons of possibly damaging your computer even more by someone that doesn't know what they're really doing.

Please open a ticket on the Help Desk and ask for me and I will see if I can assist you or not. The Zero Access rootkit is a very nasty piece of malware and there are times that the damage cannot be undone and you will have to reinstall Windows but I can try to assist you if you like. Open a ticket, reference this link and ask for me to look at the ticket.


http://www.malwareby...ontact_consumer

Thanks