Virus infects TCP Stack IPCONFIG error

[StreetHacker]

So I have seen lots of virus infect the TCP stack.. You wont be able to get online and if you go to IPCONFIG you get a error.. This seems to be the only way to fix it..Does any1 know of a easier way to fix it?

Step #1
Full uninstall of TCP/IP
----------------------------------------------------------------------
These steps are copied from http://support.microsoft.com/kb/325356
11. Locate the Nettcpip.inf file in %winroot%\inf, and then open the file in Notepad.
12. Locate the [MS_TCPIP.PrimaryInstall] section.
13. Edit the Characteristics = 0xa0 entry and replace 0xa0 with 0x80.
14. Save the file, and then exit Notepad.
15. In Control Panel, double-click Network Connections, right-click Local Area Connection, and then select Properties.
16. On the General tab, click Install, select Protocol, and then click Add.
17. In the Select Network Protocols window, click Have Disk.
18. In the Copy manufacturer's files from: text box, type c:\windows\inf, and then click OK.
19. Select Internet Protocol (TCP/IP), and then click OK.
Note This step will return you to the Local Area Connection Properties screen, but now the Uninstall button is available.
20. Select Internet Protocol (TCP/IP), click Uninstall, and then click Yes.
RESTART

succesfull uninstallation of TCP/IP will remove numerous keys from the registry including
HKLM/system/CurrentControlSet/services/tcpip
HKLM/system/CurrentControlSet/services/dhcp
HKLM/system/CurrentControlSet/services/dnscache
HKLM/system/CurrentControlSet/services/ipsec
HKLM/system/CurrentControlSet/services/policyagent
HKLM/system/CurrentControlSet/services/atmarpc
HKLM/system/CurrentControlSet/services/nla
These represent various interconnected and interdependant services.

For good measure you should delete the following keys before reinstalling TCP/IP in step #2
HKLM/system/CurrentControlSet/services/winsock
HKLM/system/CurrentControlSet/services/winsock2

Step #2
Reinstall of TCP/IP
----------------------------------------------------------------------
Following the above substep #13, replace the 0x80 back to 0xa0, this will eliminate the related "unsigned driver" error that was encountered during the uninstallation phase.

Return to "local area connection"> properties > general tab > install > Protocol > TCP/IP

You may receive an "Extended Error" failure upon trying to reinstall the TCP/IP, this is related to the installer sub-system conflicting with the security database status.

to check the integrity of the security database
esentutl /g c:\windows\security\Database\secedit.sdb

There may be a message saying database is out of date
first try the recovery option
esentutl /r c:\windows\security\Database\secedit.sdb

this did not work for me, I needed the repair option
esentutl /p c:\windows\security\Database\secedit.sdb

rerun the /g option to ensure that integrity is good and database is up to date.

Now return to the "local area network setup"
choose install > protocol > tcp/ip and try again

reboot.
worked for me.

[thecompu-doctor]

i hope this works. I'm heading out to the second computer I've seen with this crap in the past few weeks and i really don't want to do a N&P.

I followed the link and it is for server 2003, i guess this should work on vista...

[markcuk11]

will this do it http://support.microsoft.com/kb/299357

[MobileTechie]

That's just the netsh reset thing isn't it? Definitely one to try first but I assumed this was for situations where that doesn't work?

[ZenMike]

Quote:

Originally Posted by markcuk11

will this do it http://support.microsoft.com/kb/299357

This is about as far as I've ever had to go, but "netsh int ip reset reset.log" has done the job so far when it's gotten that bad.

Would this not be enough for the issue you're describing?

[FoolishTech]

Quote:

Originally Posted by ZenMike

This is about as far as I've ever had to go, but "netsh int ip reset reset.log" has done the job so far when it's gotten that bad.

Would this not be enough for the issue you're describing?

I don't believe any netsh command will actually rewrite related services entries in the registry, which is what that post on podnutz addresses...

[trapped]

I was able to fix one of these successfully, but it has been about a month so I am a bit fuzzy. Basically, this thread was the basis for finding the solution, http://answers.microsoft.com/en-us/w...4-9eaab2c40884.

[FoolishTech]

Decided to research this fix for inclusion in D7, but ran into a snag...

Quote:

11. Locate the Nettcpip.inf file in %winroot%\inf, and then open the file in Notepad.
12. Locate the [MS_TCPIP.PrimaryInstall] section.
13. Edit the Characteristics = 0xa0 entry and replace 0xa0 with 0x80.
14. Save the file, and then exit Notepad.
15. In Control Panel, double-click Network Connections, right-click Local Area Connection, and then select Properties.
16. On the General tab, click Install, select Protocol, and then click Add.
17. In the Select Network Protocols window, click Have Disk.
18. In the Copy manufacturer's files from: text box, type c:\windows\inf, and then click OK.
19. Select Internet Protocol (TCP/IP), and then click OK.

Check!

Quote:

Note This step will return you to the Local Area Connection Properties screen, but now the Uninstall button is available.

Nope! The Uninstall button is still grayed out. So I tried installing the INF, and even restarting Windows - no joy

Attempted this in a VM running XP SP3... what could I be missing?!

[markcuk11]

You could try windows enabler

[kevinjhaag]

Quote:

Originally Posted by FoolishTech

Decided to research this fix for inclusion in D7, but ran into a snag...



Check!



Nope! The Uninstall button is still grayed out. So I tried installing the INF, and even restarting Windows - no joy

Attempted this in a VM running XP SP3... what could I be missing?!

I've ran into the same issue. So your not the only one Foolish. I've been working on a solution myself for this and create some sort of automation. If I figure out anything, I'll send it your way. I had a computer today with the issue but it had to be a quick turnaround, so I just did a N&P. Hopefully the next computer I will get more time to work on it. I'm looking forward to a completely automated fix for this. I had fixed it once but I did many things and never recorded the steps I took to get it fixed. Talk to you later.