I have a heavily infected system that can no longer access the internet
Posted on 2012-04-04
We have a client machine that was heavily infected with trojans. I ran Malwarebytes, Super anti spyware and trend micro anti virus scans, which found viruses and showed that the viruses were quarantined and removed. However, the trend micro security console on our server continued to point to the affected client machine as problematic. After running the virus scans, the client machine lost network connectivity and was receiving a 169 address. I attempted to give the client machine a static ip following the scheme from our DNS server however even after the static ip settings were configured, the client machine was still unable to get online or connect to our network. I attempted to run trend micro again but noticed that would no longer start. I decided to perform a system restore and booted in safe mode however after two attempts with two different restore points, I received the message: System Restore did not complete successfully.
I then booted in windows regularly and after logging in i noticed the color scheme was similiar to safe mode and the start button had the classic look to it. However, safe mode was not displayed in the four corners of the screen. I nonetheless ran system restore in this state and after two attempts (with 2 different restore points) I had the same problem as before, windows reported system restore did not complete successfully. the system restore displayed the following details:
System restore failed to extract the file (D:\Windows\$NtUninstallKB236603$\4013077249) from the restore point. The restore point was damaged or was deleted during the restore.
I'm puzzled as to why system restore is looking to the D: drive, since our client machines have the OS loaded on the C: drive and the D: drive is reserved for the HP recovery partition for the machine.
Also, I ran a netsh int ip reset and netsh winsock reset and restarted but was still experiencing network issues.
Anyways, I am stuck and not sure how to proceed further, any help would be greatly appreciated.