Solved

No Internet Connection

Posted on 2004-10-31
529 Views
Last Modified: 2013-11-16
Hello:

My son must have got a virus or something on his pc as he has no connectivity to the Internet.  We use a cable modem to conenct to the Internet.  I tried running Ad-Aware and cleaned off a bunch of stuff.  Then downloaded from another computer HiJackThis and ran that.  The log file is below.  I also downloaded WinFix 1.2 and ran that but couldn't connect to the Internet.  WinFix supposedly fixed the probelm but after a reboot still can't connect.

Here is the HiJackThis file:

Logfile of HijackThis v1.98.2
Scan saved at 3:48:36 PM, on 10/31/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Downloads\HijackThis.exe

O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [kdx] C:\WINNT\kdx\KHost.exe
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [dy] C:\documents and settings\michael wetherholt\local settings\temp\dy.exe
O4 - HKLM\..\Run: [explorer] C:\WINNT\system32\explorer.exe



My son uses AdVir as an antivirus software and we just ran a scan.  Found a Trojan Horse called PSW.SclogB but AdVir can't delete it.  But I don't think this Trojan is causing the nonconnectivity to the Internet.

Any ideas?  If I could get online I could update AdWare, SpyBot Search and Destroy, etc.

Thanks!

Michael
0
Question by:MichaelWetherholt
    9 Comments
     
    LVL 65

    Accepted Solution

    by:
    Hello MichaelWetherholt =)

    Plzz post ur log at this site >> http://www.hijackthis.de/index.php?langselect=english
    and it will automatically analyse it for u,,, Fix the entries which it labels as Nasty :)
    To Fix, check the lines in Hijackthis scan and click on Fix Checked !!

    HJT Log Tutoriol >> http://aumha.org/a/hjttutor.php

    CAUTION: Before fixing the entries in hijackthis, make sure that they are really Nasty and can be deleted, better u first research for it on Google and then when u will confirm that they shud be deleted, Fix them. And whenever u run Hijackthis, run it from a New folder on ur desktop, so that in case of any problem, u can take advantages of its created backups of fixed items. And in case if u still face problems in dealing with it, just analyse ur log at the above site, and then scroll down where u will see a Save Analyse button, hit it and it will save ur Log Analysation, then copy the link of that page and paste it here, and we will check it for u :)
    0
     
    LVL 65

    Expert Comment

    by:SheharyaarSaahil
    Then Download these tools and install them:
    ========================================================
    AdAware ==> http://www.spychecker.com/program/adaware.html
    SpyBot  ==> http://www.spychecker.com/program/spybot.html
    CoolWebShredder ==> http://www.softpedia.com/public/cat/10/17/10-17-150.shtml
    Stinger ==> http://vil.nai.com/vil/stinger
    ========================================================

    Then Disable ur Messenger Service if its running >> http://www.itc.virginia.edu/desktop/docs/messagepopup/
    After that here are some "canned" Instructions of mine, If u want u can follow them to check if they can work for u or not :)

    1. Restart ur machine in safemode and Login as Administrator
    2. Run the AntiVirus tool and delete all viruses it found
    3. Run the Spyware Removal tools and delete everything they detect
    4. Then goto My Computer>Tools>Folder Options>View and turn on the feature of Show Hidden Files
    5. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temp and delete all files present here
    6. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temporary Internet Files, and delete the folder of ContentIE
    7. Goto C:\Documents and Settings\ur usernmae\Cookies, and delete all cookies present here
    (ofcourse im assuming that u have already saved all the login passwords for ur websites :)
    8. Goto C:\Windows\Temp and delete all files present here
    9. Reboot back in Normal Mode and check if problems are gone or not
    0
     
    LVL 65

    Expert Comment

    by:SheharyaarSaahil
    If still NOT, then Goto Start>Run>msconfig>Startup
    and untick all applications except the Antivirus and Firewall entires
    Now run the winsockfix tool, and restart, check if same problem still ??

    Post Back :)
    0
     
    LVL 49

    Expert Comment

    by:sunray_2003
    Hi MichaelWetherholt,

    According to what I see in this link http://www.bullguard.com/forum/8/Trojen-Horse---PSWSclogB-C_2418.html
    those 2 files listed there are the ones created by that trojan that you have.

    Can you search for those files and remove them in your computer. Search for them in safe mode if you cannot find and remove in Normal mode .

    Probably guess since your adware definitions are not fully updated , the softwares cannot find the virus and remove them

    Disable system restore too

    SR..
    0
     
    LVL 27

    Expert Comment

    by:Asta Cu
    Shehar has guided you very well here....

    Did you try uninstalling Winfax, which had "some" known issues and then try again?

    Shehar, what do you know about this entry which I've seen HijackThis results post as problem before, which is noted above?
    O4 - HKLM\..\Run: [explorer] C:\WINNT\system32\explorer.exe    
    Nasty   The entered application explorer was identified: Explorer lptt01 or Explorer ml097e. Hit rate: 65 % (result)   Must be fixed!

    By the way,  MichaelWetherholt .... before checking with Updated Viruscan program and then spyware, be sure to turn off system restore or the problem will return.  You do this as follows _ start-run-control panel - system - system restore and there turn it off before cleaning your system, then reboot and turn it back on.  Very important.

    Asta


    0
     
    LVL 27

    Expert Comment

    by:Asta Cu
    You're running both ZoneAlarm and AV; both of which can cause problems (older versions) so another thing to explore.
    0
     
    LVL 65

    Expert Comment

    by:SheharyaarSaahil
    asta dont have any specific information on this process,,, many trojans can put this process... but its a faked one as its not running from the original location.... have seen it many times before also !! =\
    0
     
    LVL 27

    Expert Comment

    by:Asta Cu
    Bottom line, you helped and Asker is happy.  Me too.  ":0) Asta
    0
     
    LVL 65

    Expert Comment

    by:SheharyaarSaahil
    ^_^
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Course: Foundations of Front-End Development

    Jump-start a lucrative career in front-end web development, with zero previous coding experience required. This course covers the basic programming concepts and languages required for creating engaging websites from scratch.

    How to sign a powershell script so you can prevent tampering, and only allow users to run authorised Powershell scripts
    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    In this Experts Exchange video Micro Tutorial, I'm going to show how small business owners who use Google Apps can save money by setting up what is called a catch-all email address in their Gmail accounts. By using the catch-all feature, small busin…
    Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

    884 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now