Virus infects TCP Stack IPCONFIG error

[trapped]

I was able to fix one of these successfully, but it has been about a month so I am a bit fuzzy. Basically, this thread was the basis for finding the solution, http://answers.microsoft.com/en-us/windows/forum/windows_xp-networking/dhcp-client-wont-start-due-to-dependency/91d41140-663f-4f58-9a04-9eaab2c40884.

 

[FoolishTech]

I've coded the solutions found in the podnutz thread and MS thread above (and then some) into the Reset Networking Interfaces function of D7 v4.9.7 Pre-Release...

 

[kevinjhaag]

I've coded the solutions found in the podnutz thread and MS thread above (and then some) into the Reset Networking Interfaces function of D7 v4.9.7 Pre-Release...

Awesome FoolishTech! Can't wait to test it out on the next computer that comes in with the specific problem that we are talking about. Thank you very much for making it much easier for me to repair with all your hard work.

Kevin

 

[FoolishTech]

Awesome FoolishTech! Can't wait to test it out on the next computer that comes in with the specific problem that we are talking about. Thank you very much for making it much easier for me to repair with all your hard work.

Kevin

I can't wait to find out if it actually works LOL keep me updated.

 

[dk99]

Does any one know how I can infect a virtual machine with this rootkit so I can get practice getting it out. I have had luck with zero access in the past but this problem with the acquiring ip loop issue is killing me

 

[StreetHacker]

got 1 in now How do I find the Pre Release!?!?! It is deff the virus VAccess that does it

 

[FoolishTech]

got 1 in now How do I find the Pre Release!?!?! It is deff the virus VAccess that does it

D7 Pre-Release isn't available as a direct download - but if you already have a copy of D7 downloaded and setup, then fire it up and chose the UPDATE CHECK button on the main screen and there you have the option of updating to the Pre-Release version of D7...

I have left the new functionality in the Pre-Release because it is untested... Let me know if it works and I can push it out as a final release.

 

[StreetHacker]

I tried it but it did not work =( IP config still gives error =(

 

[FoolishTech]

I tried it but it did not work =( IP config still gives error =(

Can you email me a copy of the malware that caused this, if you haven't deleted it yet??? be sure to rename the EXE to another extension, and compress, so my email doesn't scan it and reject...

My ZeroAccess samples don't do this amount of damage must be a newer variant... If I can just get a copy I can get a fix in the works...

 

[kevinjhaag]

I tried it but it did not work =( IP config still gives error =(

Unfortunately it didn't work here either but the computer I was working on also had corrupted system files too. When I ran sfc it was asking for windows xp pro sp2 disk when it was a windows xp home sp2. So I N&P it!

 

[StreetHacker]

Sorry I already removed the virus.. But when I get the next 1 In with it I will let u know ..Still no internet.

 

[red12049]

Unfortunately it didn't work here either but the computer I was working on also had corrupted system files too. When I ran sfc it was asking for windows xp pro sp2 disk when it was a windows xp home sp2. So I N&P it!

That's actually pretty common. Usually, inserting the correct disc for the current OS works just fine.

Rick

 

[trapped]

Sorry I already removed the virus.. But when I get the next 1 In with it I will let u know ..Still no internet.

Finally remembered how I fixed this last time. The infection corrupted the NetBT registry key. Replaced it with one from a working machine and the internet came back.

 

[kevinjhaag]

That's actually pretty common. Usually, inserting the correct disc for the current OS works just fine.

Rick

Yeah, I tried the correct disc and several others with no luck. The system files were well corrupted enough to go ahead and N&P it. Now I know the system is kosher now. Thanks.

Kevin

 

[iladelf]

For FoolishTech and others, is it possible that the utility below could fix this issue? I just stumbled across it from the Podnutz forums. Have no idea if it will fix this directly, but it looks like it could be a handy tool, called Rizone Complete Internet Repair:

http://www.rizonesoft.com/2011/complete-internet-repair/

After downloading, looks to me like any of the top 4 selections COULD fix this issue, specifically "Reset Internet Protocol". YMMV.

 

[Xander]

I've got the Rizone software on my flash drive but, to be honest, assumed that Nick's D7 was resetting/fixing the same things.

 

[iladelf]

I've got the Rizone software on my flash drive but, to be honest, assumed that Nick's D7 was resetting/fixing the same things.

Wasn't sure if D7 was/is doing the same thing(s) or not, ergo my post.

 

[tempusfugit]

I've tried cintrepair on 2 of these viruses and the internet was still dead.

 

[FoolishTech]

I've tried cintrepair on 2 of these viruses and the internet was still dead.

I'm still seeking samples of this variant so I can find out what breaks and how to fix it!

If you have one please let me know!!

 

[StreetHacker]

Here is another site to watch for the fix...Looks like this 1 has every1 Stumped!...I have fixed it useing my first post but it SEEMS to be hit or miss had 1 in the other day that did not fix it..

http://forums.majorgeeks.com/showthread.php?p=1696422