PDA

View Full Version : WinXP reverts back to state before the repair after I shut down PC. Need some help.


Xtreme
01-04-2012, 10:19 PM
I have a computer that was infected and I ran all the offline scans to remove the viruses and even used D7 to do some repairs. My issue is I can not get it connected to the internet.

I ran a Windows Repair and after that was finished everything worked like a charm. Updated AV and other things before I wrapped it up. I was required to restart the computer as normal and thats when things went back to the way it was; not able to connect to the internet.

Its got something to do with the services and the dependencies when its not working. I cant open the firewall to enable it, it asks me if I want to start the internet and firewall service so I click yes and I get an error 2 code.

Now windows repair fixes this problem but I cant keep it locked in after I reboot the machine. Ive repaired system restore and created a restore point after the Windows Repair and then used that restore point after the reboot (when things go back to not working) and that does not help.

To me it sounds like something might be getting deleted once the OS shuts down.

Any suggestions?

cgrant
01-05-2012, 02:25 AM
I had the same problem with a clients computer which I still have not been able to figure out. I ran the Windows Firewall Repair and other repair apps restarted and still having the same problem. Can't connect to the network. No Domain on the computer, just using a netgear router with DHCP assigned IP address.

Did not have time to finish it and will try again over the weekend. If I figure something out I will definitely let you know.

Xtreme
01-05-2012, 03:02 AM
Thanks I would greatly appreciate that.

I did run combofix and it found Zero.Access Rootkit but of course after combofix did its thing Im still having the same problems. Im about to give this a shot from ESET (http://kb.eset.com/esetkb/index?page=content&id=SOLN2895) about removing this to make sure its gone.

dk99
01-05-2012, 03:28 AM
Thanks I would greatly appreciate that.

I did run combofix and it found Zero.Access Rootkit but of course after combofix did its thing Im still having the same problems. Im about to give this a shot from ESET (http://kb.eset.com/esetkb/index?page=content&id=SOLN2895) about removing this to make sure its gone.

Read this thread

http://www.technibble.com/forums/showthread.php?t=33460p

Xtreme
01-05-2012, 04:26 AM
Thank you. Im about to give this a shot! This has been a pain in my side now for a while. Be glad to get this fixed soon.

Xtreme
01-05-2012, 01:45 PM
I made several different attempts but to no avail. I went ahead with a format reload. I have a log I will post later from GMER and ComboFix. Also I will have to find a copy of this rootkit and try on my virtual machine. Kind of frustrating not being able to fix this problem.

Dagooseisloose
01-05-2012, 03:49 PM
Ive had this issue with two computers yesterday. Both computers were windows XP and both were infected and "cleaned". Both systems wouldnt connect to Exchange 2010 through Outlook 2010. Me being the Exchange admin I got called in. After spending like an hour with one I sent it back down to get scanned again. ComboFix and it worked. Gave it back to the user and low and behold Outlook No worky no more. Ran nslookup and came back with ordinal 1108 cannot be found in Wsock32.dll. Great Winsocko is housed. Ran a couple of winsock fix utilities and still no go.

In the end I Nuked and Paved both. I know what some people are going to say. Im a half assed tech who cant fix things just a reinstalls. It took me 3 hours to reload both PC's. I spent at least 3 hours trying to fix one with no success between scanning and diagnoising. Its quicker for me to reload. In the end I feel the client gets a better product anyway.

Xtreme
01-05-2012, 09:57 PM
In the end I Nuked and Paved both. I know what some people are going to say. Im a half assed tech who cant fix things just a reinstalls. It took me 3 hours to reload both PC's. I spent at least 3 hours trying to fix one with no success between scanning and diagnoising. Its quicker for me to reload. In the end I feel the client gets a better product anyway.

I always try to steer clear from N/P, but if your spending too much time on a machine sometimes thats your only option and the best way to guarantee quality.

Hell my last job designed their business around N/P. The owners had no experience in computers what so ever. It was a joke. lol