We help IT Professionals succeed at work.

Vista network identifying

craper
craper asked
on
This computer had viruses. I have used combofix cleaner, malwarebytes, Lavasoft ad-aware and spybot search and destroy. Also used the microsoft fixit tool to try and repair the network adapter still no go. Thansk for hel coule, of jpg attached. Sharing center Status.JPG
Comment
Watch Question

Commented:
Is this computer connected directly to the router or is it going thru a switch of some sort? First i would try an ipconfig /release and renew.  If it fails to get a new address, try a power reboot on your router and switch and do the ipconfig release renew again.

Author

Commented:
Thank you for your response this has happened on three different routers. here is jpg of ipconfig
ipconfig-release.JPG
Lavi ShiffmanConsultant

Commented:
Make that the Server service and the RPC service are both started.  Make sure that they're set to AUTO so you won't have to manually start them each time.

Look at: Control Panel -> Admin Tools -> Services.

Commented:
Ok, first start RPC..go to Start, Control Panel, Admin Tools and Services...Scroll down to Remote Procedure Call (RPC) start it, and configure it to start automatically.

Try Iconfig commands again.

Author

Commented:
Started those made them automatic restarted computer and the router still same thing

Author

Commented:
Paul still says the RPC server is not available

Commented:
start RPC again, do not reboot and try ipconfig commands

Commented:
If RPC is started and still can't connect, it maybe that it was removed for the current hardware profile.  In that case follow the steps in this article.



http://support.microsoft.com/kb/838428

Author

Commented:
Still didn't work Paul Thanks

Commented:
One other service to check is "Workstation"  RPC locator depends on that.  Try to restart the Workstation service, if it's started restart both RPC and RPC locator...try to renew the IP again

If all else fails you're probably going to have to boot from the Vista disk, and repair the current instalation, hopefully you have the disk.

Author

Commented:
OK Paul under the microsoft regedit   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\System\CurrentControlSet\Enum\ROOT\LEGACY_RPCSS   it does not have this part anywhere in there ROOT\LEGACY_RPCSS

Author

Commented:
Paul when i try to start the workstation it gives this error
  Error 1070: the account specified for this service is different from the account specified for other services running the same process

Commented:
Well thats good, that rules that out.  It sounds like that virus was using your RPC to call to rogue machines on the net.  With any of the Virus cleaners you installed, are any actively monitoring your computer that would block RPC connections?

Author

Commented:
nothing unless it is the avg 2012 they installed after they found they had viruses and before they got me to look at it

Commented:
No its that 1070 error thats screwing you up...go into your services and right click workstation service, properties and the log on tab...is the check box for local system account checked?  Make sure it's local system acct.  Also in that window make sure it's enabled for the hardware profile at the bottom.

Author

Commented:
Still a  no go Paul

Commented:
check to see that client for microsoft networks is installed, if its not workstation will not run:

go to network connections, right click your connection, properties...is client for microsoft installed?  if not cclick install, client, add, client for microsoft networks, click OK.

OR


go to registry editor...
does this folder exsist?
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation



If it does it should have the follwing subfolders as the attachment, it Should not have any dependencies, if it does have dependencies, delete the dependencies.



reg.jpg

Author

Commented:
It is missing the security folder   also description on the main folder is way different

Commented:
I think this virus corrupted and delted some key files in your registry, this networking issue might be one of many.  Your best bet is to find the CD for Vista and boot from it, run a repair so it restores all those missing registry files...really no other way to restore registry files unless you have a clean backup of it.  

A system restore may restore thos files that were infected, but it may be worth a try if you have a system restore point that is before the point of infection

Author

Commented:
Is there a way with Vista to do repair install where you do not loose everything? Like we could with XP and earlier Thanks. The repair fro the disk said it found nothing
Commented:
you need to boot off the cd to enter repair, so restart the computer with the cd in...follow this guide below..

http://www.bleepingcomputer.com/tutorials/repair-windows-with-windows-startup-repair/

Commented:
If your computer is connected to a home network or a public network, sometimes the router will stop giving out new DHCP addresses either because the service on the router has stopped, or because all of the DHCP addresses have been assigned, and none are left. You might try to reboot the router, if you can.

Gil

Author

Commented:
This was for extreme hard work and attempts to help. Ended up formatting and starting over   thanks Paul

Commented:
Ah well...sometimes with a Virus its your best bet to start clean.

Thanks!