DHCP Not Working / Possible Virus Problem

Posted on 2007-07-31
Last Modified: 2013-11-22
A user on my network got a virus called WinAntiVirus Pro 2007.  Since then I've had a handful of machines that are no longer pulling the IP address from the Domain Server.  I was able to remove the trojan using AVG Antispyware, but still the PCs are pulling the incorrect IP.  

Right now I'm assigning a static IP address to keep them working, but I need the machines to pull from our DHCP (domain controller) again.  Anyone have any suggestions?
Question by:aloyd18
    LVL 6

    Expert Comment

    is the gateway messed up or something?
    LVL 32

    Accepted Solution

    Here is some info on what you should look for to make sure you removed all:

    once done uninstall the NICs in safe mode and let them be rediscovered on reboot, set IP options as usual

    LVL 47

    Expert Comment

    Here are the 3 tools that removes Winantivirus and they're free.
    Some scanners only remove the bad files and leave bed registry entries modified by the trojan. Use vundofix or Combofix to reset modified reg entries.

    1. RogueRemover

    2.  Please download VundoFix.exe to your desktop.
    * Double-click VundoFix.exe to run it.
    * Click the "Scan for Vundo" button.
    * Once it's done scanning, click the "Remove Vundo" button.
    * You will receive a prompt asking if you want to remove the files, click YES
    * Once you click yes, your desktop will go blank as it starts removing Vundo.
    * When completed, it will prompt that it will reboot your computer, click OK.
    * Please post the contents of C:\vundofix.txt.

    Note: It is possible that VundoFix encounters a file it could not remove.
    In this case, VundoFix will run on reboot, simply follow the above
    instructions starting from "Click the Scan for Vundo button." when
    VundoFix appears at reboot.

    3. Download ComboFix to your Desktop, from either of these locations:

    Double click "combofix.exe" and follow the prompts.
    When finished, it shall produce a log for you.
    Post that log and a HiJackthis log in your next reply

    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
    LVL 24

    Expert Comment

    An old trick for Microsoft desktop was to regedit erase dhcp and all subkeys. This is its memory (of 'proper' servers etc), we do like a reformat of that. The next step of rebooting should restore the keys to proper (prior?) condition. DHCP server then getting found based upon response(s) to broadcast RFI, request for information. While multiple servers may yet respond, it is the ones used by asker that will respond first, and be selected ad the one favored more, more based on proximity than by human intervention. Closest one wins.
    LVL 32

    Expert Comment

    neat, did not know that. cheers

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    Suggested Solutions

    These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
    PREFACE The purpose of this guide is to explain how to manually move a SEP client to a different client group by performing steps on the client-side. These steps may prove particularly useful because they allow the client to move after it has alrea…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now