Jump to content


WAN Miniport with yellow exclimation mark


  • Please log in to reply
67 replies to this topic

#51 OFFLINE   Tushman

Tushman

    Forum Fiend

  • Members
  • PipPipPipPipPipPipPipPipPip
  • 1,804 posts

Posted 08 July 2010 - 01:31 PM

View Postzillah, on Jul 8 2010, 06:05 AM, said:

This is what I meant by still I can not see LAN icon within the "My Network Place"
Zillah,I think that you are getting your wording mixed up.  There is "My Network Place" listed on the start menu; and then there is "network connections" in the control panel.  Please make sure you are clicking on the "network connections" as shown in the screenshot.Posted Image

#52 OFFLINE   zillah

zillah

    Thread Head

  • Members
  • PipPipPipPipPipPip
  • 572 posts

Posted 08 July 2010 - 04:56 PM

Quote

There is "My Network Place" listed on the start menu; and then there is "network connections" in the control panel.
Hi Tushman and sorry for confusionYes I did that from control panel > Network Connections and I could not find Broadcom NIC,,,,,,and if you do right click to "My Network Places"  then "Properties" you will end up to Network Connections as well.This is what I meant when I said :

Quote

still I can not see LAN icon within the "My Network Place"


#53 OFFLINE   lewmur

lewmur

    Discussion Deity

  • Members
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 3,604 posts

Posted 08 July 2010 - 05:25 PM

View Postzillah, on Jul 8 2010, 03:56 PM, said:

Hi Tushman and sorry for confusionYes I did that from control panel > Network Connections and I could not find Broadcom NIC,,,,,,and if you do right click to "My Network Places"  then "Properties" you will end up to Network Connections as well.This is what I meant when I said :
It would appear to me that you still have malware controlling the computer.  Here is a link to Combofix.  I have had good success with it.  I don't think anything short of a clean install will work until you find and remove the trojan.

Edited by lewmur, 08 July 2010 - 05:26 PM.


#54 OFFLINE   zillah

zillah

    Thread Head

  • Members
  • PipPipPipPipPipPip
  • 572 posts

Posted 08 July 2010 - 05:49 PM

Quote

Here is a link to Combofix.
Hi lewmurI have just tried but still no joy

#55 OFFLINE   Tushman

Tushman

    Forum Fiend

  • Members
  • PipPipPipPipPipPipPipPipPip
  • 1,804 posts

Posted 08 July 2010 - 10:35 PM

Zillah,It's possible the trojan has altered the list of services in XP.  Download the default Start services from Black Viper's website here:http://www.blackvipe...XP/registry.htmNote that there are different versions depending on your operating system,XP Home; Pro; MCE; Tablet and it's for systems with Service Pack 3 installed.After you've downloaded the zip file, unzip the small registry file to a temporary directory; it can even be on your desktop - doesn't matter.  Afterwards, double click it to incorporate the registry file.  Reboot the system and then try to install the driver after that.

#56 OFFLINE   zillah

zillah

    Thread Head

  • Members
  • PipPipPipPipPipPip
  • 572 posts

Posted 09 July 2010 - 02:32 PM

TushmanI tried what you have suggested but still no joyThanks

#57 OFFLINE   Tushman

Tushman

    Forum Fiend

  • Members
  • PipPipPipPipPipPipPipPipPip
  • 1,804 posts

Posted 10 July 2010 - 02:25 AM

View Postzillah, on Jul 9 2010, 01:32 PM, said:

TushmanI tried what you have suggested but still no joyThanks
Open up the device manager and under the View menu, check the item for "Show Hidden Devices" -- post a screenshot here.

#58 OFFLINE   zillah

zillah

    Thread Head

  • Members
  • PipPipPipPipPipPip
  • 572 posts

Posted 10 July 2010 - 05:55 AM

Quote

Open up the device manager and under the View menu, check the item for "Show Hidden Devices" -- post a screenshot here.
http://i27.tinypic.com/1zqswac.jpgPosted Image

#59 OFFLINE   Tushman

Tushman

    Forum Fiend

  • Members
  • PipPipPipPipPipPipPipPipPip
  • 1,804 posts

Posted 10 July 2010 - 08:18 PM

Open up the command shell and reset your tcp/ip stack.At the C:\ prompt, type the following without quotes: "netsh int ip reset c:\resetlog.txt"

#60 OFFLINE   zillah

zillah

    Thread Head

  • Members
  • PipPipPipPipPipPip
  • 572 posts

Posted 10 July 2010 - 09:15 PM

Quote

At the C:\ prompt, type the following without quotes: "netsh int ip reset c:\resetlog.txt"
deleted SYSTEM\CurrentControlSet\Services\Netbt\Parameters\EnableLmhostsadded   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4E4D915F-6AEB-4401-803C-80D22408E259}\AddressTypeadded   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4E4D915F-6AEB-4401-803C-80D22408E259}\DisableDynamicUpdatereset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4E4D915F-6AEB-4401-803C-80D22408E259}\RawIpAllowedProtocols			old REG_MULTI_SZ =				0reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4E4D915F-6AEB-4401-803C-80D22408E259}\TcpAllowedPorts			old REG_MULTI_SZ =				0reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4E4D915F-6AEB-4401-803C-80D22408E259}\UdpAllowedPorts			old REG_MULTI_SZ =				0deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DontAddDefaultGatewayDefaultdeleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableIcmpRedirectdeleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableSecurityFiltersadded   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServerdeleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SearchListdeleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\UseDomainNameDevolutionreset   Linkage\UpperBind for PCI\VEN_14E4&DEV_1677&SUBSYS_01AD1028&REV_01\4&117729E2&0&00E0.  bad value was:			REG_MULTI_SZ =				PSched<completed><completed>


#61 OFFLINE   Tushman

Tushman

    Forum Fiend

  • Members
  • PipPipPipPipPipPipPipPipPip
  • 1,804 posts

Posted 11 July 2010 - 01:18 PM

After having done that, have you tried to re-install the NIC driver?  If not, try it now and see if you can connect to the internet.

#62 OFFLINE   zillah

zillah

    Thread Head

  • Members
  • PipPipPipPipPipPip
  • 572 posts

Posted 11 July 2010 - 05:55 PM

Quote

have you tried to re-install the NIC driver?
Yes I did try that same problem still is going on.

#63 OFFLINE   Tushman

Tushman

    Forum Fiend

  • Members
  • PipPipPipPipPipPipPipPipPip
  • 1,804 posts

Posted 11 July 2010 - 08:39 PM

View Postzillah, on Jul 11 2010, 04:55 PM, said:

Yes I did try that same problem still is going on.
Open up the services applet.  In the run command line, type: services.msc and check to make sure the following services are set to automatic.    1. DHCP Client    2. DNS Client    3. Remote Procedure Call (RPC)    4. TCP/IP Netbios helper Also ensure that their dependency services are started and set to automatic as well.

#64 OFFLINE   zillah

zillah

    Thread Head

  • Members
  • PipPipPipPipPipPip
  • 572 posts

Posted 12 July 2010 - 05:30 AM

Quote

Also ensure that their dependency services are started and set to automatic as well.
I could not find dependencies (AFD, TCP/IP Protocol Driver,NetBios over Tcpip) in the services applet because they are not running properly (AFD, TCP/IP Protocol Driver,NetBios over Tcpip have yellow exclamation mark) under the device manager http://www.tomshardw...45-restore-dhcp
Could not start the DCHP Client Service on localcomputer.Error 1068: The dependency service or group failed to start.
Thanks

#65 OFFLINE   Tushman

Tushman

    Forum Fiend

  • Members
  • PipPipPipPipPipPipPipPipPip
  • 1,804 posts

Posted 12 July 2010 - 05:17 PM

View Postzillah, on Jul 12 2010, 04:30 AM, said:

I could not find dependencies (AFD, TCP/IP Protocol Driver,NetBios over Tcpip) in the services applet because they are not running properly (AFD, TCP/IP Protocol Driver,NetBios over Tcpip have yellow exclamation mark) under the device manager Thanks
Apparently the infection has disabled several of those services or atleast not to be running automatically upon boot.  It would help to know what the name of the trojan was when you scanned the system with the antivirus.  Some of the trojans/viruses can automatically run themselves as services when you boot up the computer.  If you knew what the name of the actual trojan was, you could search the registry for instances or keys for that specific name.Specifically you should search in the following keys:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ServicesBefore you go off and make any changes, I would like to emphasize as I always do, that manually editing the services key is not something you should take lightly.  ALWAYS make a backup.  And do not delete any subkeys that you are not sure of.Furthermore, take caution and modify the registry in this manner ONLY if you know what the name of the virus/trojan is.  Otherwise, open up the services applet and take a screenshot so we can see if there are rogue services running in the background.  On a side note, those screenshots you've been posting are not very clear.  Save those images as PNG instead and they will come out much clearer.Also specify what operating system you have.... XP Home or Pro?

Edited by Tushman, 12 July 2010 - 05:42 PM.


#66 OFFLINE   Tushman

Tushman

    Forum Fiend

  • Members
  • PipPipPipPipPipPipPipPipPip
  • 1,804 posts

Posted 12 July 2010 - 06:01 PM

One caveat to add to my previous post:Searching the registry for the name of the trojan may not (probably will not) prove to be useful.  As I have stated, several trojans are known to regenerate themselves under random file names that are not very recognizable.  Especially when you look in the task manager and see the list of processes running in the background. Having said that, if the trojan has embeded itself into the CurrentControlSet > Services subkey, the actual name of the (rogue) service will always be consistent which is why I recommended taking a screenshot of your services applet.

#67 OFFLINE   zillah

zillah

    Thread Head

  • Members
  • PipPipPipPipPipPip
  • 572 posts

Posted 12 July 2010 - 06:57 PM

Quote

It would help to know what the name of the trojan was when you scanned the system with the antivirus
This is what I do not remember it now.

Quote

On a side note, those screenshots you've been posting are not very clear. Save those images as PNG instead and they will come out much clearer.
I will consider doing that

Quote

Also specify what operating system you have.... XP Home or Pro?
XP Profe SP3

Quote

Otherwise, open up the services applet and take a screenshot so we can see if there are rogue services running in the background.
I would assume you meant run > msconfig > services not run > services.msc Thanks

#68 OFFLINE   Tushman

Tushman

    Forum Fiend

  • Members
  • PipPipPipPipPipPipPipPipPip
  • 1,804 posts

Posted 12 July 2010 - 07:56 PM

View Postzillah, on Jul 12 2010, 05:57 PM, said:

I would assume you meant run > msconfig > services not run > services.msc Thanks
No, the latter.  Type 'services.msc' into the run command line.  You can certainly use Msconfig to view the services running in the background, but MS recommends changing the services through the services applet instead.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users