4 replies to this topic

[Grill-O-Matic]

Hello -

I have been experiencing some issues with my internet connection and I believe it is related to a virus that was supposedly removed by Malwarebytes. At this point, I cannot access the internet through any application. I have tried Firefox, I.E., Thunderbird, Google Earth, and have also tried to update several anti-virus programs and I can’t seem to get any of them to connect.

It looks to me like the DNS service within windows is not working properly but I have no idea how to resolve that kind of problem. I have tried accessing the internet through my hi-speed ISP and also through an old dial-up account and neither of them are working with Windows applications.

I disabled system restore and ran Malwarebytes in safe mode. It successfully removed the following infected entries:

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\phca6dj0epf1.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

ComboFix also removed a DLL file. Still not connecting. I ran it again and nothing else was found.

I have tried all of the following programs to resolve this issue without any luck:

Superantispyware
Avast
Avast Virus/Worm Cleaner
Spybot
Malwarebytes
Microsoft Malicious Software tool
Comodo Firewall
CCleaner
EasyCleaner
CleanMyPC Registry Cleaner
ATF-Cleaner
HiJackThis
ComboFix
SDFix

I have run most of these in safe mode as well or at boot-up when available. I have gotten to the point where none of them find anything wrong (except for a few false positive entries for context menu options.)

The network diagnostics application from within windows seems to think everything is fine right now. Several hours ago it was giving me errors in the DNSServerSearchOrder section.

I have also tried reinstalling the TCP/IP stack. I reinstalled the drivers for my wireless network adapter as well. Still no happiness.

I can ping and tracert the following web addresses:
www.google.com
www.yahoo.com
www.drudgereport.com
www.wunderground.com

Typing in any IP address including the IP address for my router in the browser gives me nothing.

I verified IP/Gateway/Subnet Mask/ DNS settings within windows for my hi-speed connection but those seem to make no difference. Two other computers in my household are able to connect, but not mine.

I can post the latest log files from some of these programs.

Any assistance anyone can provide would be greatly appreciated.

Thanks!

Owen Kelly

[GT500]

I remember being able to use LSP Fix to delete all LSPs, and WinSock XP (or something like it) to re-install the default set. Note that this is for Windows XP, and that I'm not sure if it works with Service Pack 3.

LSP Fix Homepage

WinSock XP Fix at SnapFiles

[EliteKiller]

GT500, on Sep 1 2008, 08:35 PM, said:

I remember being able to use LSP Fix to delete all LSPs, and WinSock XP (or something like it) to re-install the default set. Note that this is for Windows XP, and that I'm not sure if it works with Service Pack 3.

LSP Fix Homepage

WinSock XP Fix at SnapFiles

I know for a fact WinsockXP works with 9x/ME/2K/XP regardless of service pack. You can also use Dial-a-fix on 98, 98SE, Me, 2000
XP, Server 2003.

[Grill-O-Matic]

GT500, on Sep 2 2008, 01:35 AM, said:

I remember being able to use LSP Fix to delete all LSPs, and WinSock XP (or something like it) to re-install the default set.

GT500, YOU ROCK! WinSock XP did the trick!

Thanks a lot for your help. I thought maybe it had to do with WinSock but Windows is rather unhelpful with how to reinstall those files.

BTW, I used to go to church in Fortville when I was younger. It was a nice small town from what I remember. Grew up in Shelbyville, IN. Now I'm in Arizona.

[GT500]

Grill-O-Matic said:

GT500, YOU ROCK! WinSock XP did the trick!

Thanks a lot for your help. I thought maybe it had to do with WinSock but Windows is rather unhelpful with how to reinstall those files.

Yea, considering how easy it is to corrupt them, I'm surprised that Microsoft hasn't released their own tool.

Grill-O-Matic said:

BTW, I used to go to church in Fortville when I was younger. It was a nice small town from what I remember. Grew up in Shelbyville, IN. Now I'm in Arizona.

It's small, but I wouldn't call it nice. I'm just glad I don't actually live in town. I'm about a mile north of the high school, and a half-mile west, so I don't have to deal with as much traffic and such.