| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 121352 | 2011-10-22 02:23:00 | Fake Windows Restore Recovery Virus | Winston001 (3612) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1239128 | 2011-10-22 02:23:00 | I can't remember the last time I was troubled by a virus - 6-7 years at least. But now... Somehow a fake Windows Restore Recovery (it has other names too) virus got running and all desktop icons and Start programs disappeared. Safe mode didn't help and the real Windows Restore would not run. Using another pc I saved RKill, Malwarebytes, and Unhide to a flash drive and used them. My grateful thanks to Bleepingcomputer.com. www.bleepingcomputer.com The repairs have mostly worked although I'm not confident everything is fixed. My problem: I cannot access the internet. Plus Windows Firewall cannot be turned on despite running Fix It from Microsoft. support.microsoft.com Got the ethernet cable plugged in, wireless is also trying but no connection. I cannot see any yellow question marks on the hardware. Tried turning the firewall on in Services but no go. HELP. |
Winston001 (3612) | ||
| 1239129 | 2011-10-22 03:33:00 | Personally I'd do a clean format and reinstall windows if I were you, What version of windows are you using? Do you have any 3rd party firewalls installed? |
jareemon (5207) | ||
| 1239130 | 2011-10-22 05:23:00 | You'll find either setting have been corrupted, or Malwarebytes has not got everything. Sometimes it does miss a lot. Two things to try -- Available links from my sig - download and run in this order --- Super antispyware, then Spybot. Make sure with Super - you do a full scan not a quick. What AV do you have installed ? If its still not going, then run combofix (www.bleepingcomputer.com) the download links are under the title of Using ComboFix. Two warnings -- under NO circumstances stop it once you start, it can cause problems if you do. Second -- On the rare occasion it will make the system worse - hence the suggestion to try the other antimalware programs first. Finally whats the OS ???? ----- the TCP/IP stack may need to be rebuilt, or may need a repair install, or full reinstall. |
wainuitech (129) | ||
| 1239131 | 2011-10-23 06:08:00 | Thanks Wainui, I've followed your suggestions but unfortunately no luck. The good news is the laptop is running well and all of the data is there. Just will not connect to the net. I think its a TCP/IP problem although Fix It should have solved that. I'm probably at the point where I'll have to take it to an expert. |
Winston001 (3612) | ||
| 1239132 | 2011-10-23 06:15:00 | Not just yet -- rebuilding the TCP/IP stack may fix it ---- Whats the OS ??? Also look under Internet Options ( in control Panel) / Connections Tab, LAN settings - Make sure proxy Server is NOT ticked |
wainuitech (129) | ||
| 1239133 | 2011-10-23 06:22:00 | Open command prompt and type in - netsh winsock reset catalog Enter and you should get a message saying it was successful Restart the computer. |
Safari (3993) | ||
| 1239134 | 2011-10-23 06:30:00 | Open command prompt and type in - netsh winsock reset catalog Enter and you should get a message saying it was successful Restart the computer. Thats only half the fix, to rebuild it fully its ( assuming its windows 7) Winsock entries tells Windows 7 how to access your network services. Additionally, your TCP/IP protocol can be corrupted. The TCP/IP protocol is a stack of 4 layers that includes several transport layers, but when this stack is corrupt you will constantly have connectivity issues. netsh int ip reset reset.log Check the setting as I mentioned previously first under internet connections, from memory it often does tick the use proxy server, which will stuff things up. |
wainuitech (129) | ||
| 1239135 | 2011-10-23 06:42:00 | netsh winsock reset catalog is the fix for corrupted winsock files which 9 times out of 10 is the problem especially after running all those spyware removal programes. netsh int ip reset reset.log resets the TCP/IP No harm doing both at the same time though while the command prompt is open. |
Safari (3993) | ||
| 1239136 | 2011-10-23 07:05:00 | Completely true :) Some of those infections change the proxy setting as well, so hopefully one of the fixes will sort it. |
wainuitech (129) | ||
| 1239137 | 2011-10-23 07:44:00 | Apologies, thought I'd posted OS earlier: Windows XP professional I'll do as you suggest but right now am watching the Cup. Go Blu..er Noirs!! |
Winston001 (3612) | ||
| 1 2 3 4 | |||||