17 replies to this topic

[lippy7]

Hello! Thanks for letting me join - I have tried to piece together some causes and solutions but am now officially at a loss.

Got a fake antivirus protection virus... av something - cannot locate it at all on my system. Tried to end the process of csrss.exe - said it couldn't. Tried malwarebytes, pcdoctor, tdss, rkill, nothing has worked. It will allow it to go so far then it would stop the program dead in its tracks. I fell upon Hitman Pro which (like the others) I downloaded to USB from my laptop. Saved to desktop on infected PC and away we go! So many trojans and many other infections!! DELETE!! Phew! caught 'em! Thanks goodness... but in my ignorance, I may have deleted something unintentionally because after reboot now I cannot access the internet on that machine. Because of that I was not able to complete the Hitman Pro process because it needs the internet to run :/

I could then run malwarebytes which also found 10 viruses or the like, so those have been removed as well.

My machine is old and I have no clue where any of the initial items are - moved three times since I bought the machine, so I hope I don't need to restore from a disc. Please help me as I am desperate as this is the "hub" for our wireless and wired home network! I have five children, some of whom have homework on the PC, and this is the main machine and I will do whatever I need to do to get the internet connected again! Do I need to do the USB between the laptops to the PC? I know that's how I set up the network in the first place, but not sure if a main file is missing totally or evenif that process works in reverse.

I appreciated any assistance you can give me - I am truly DESPERATE and am at my wits end. I have spent hours upon hours on this since Friday night and although I got the viruses removed (fingers crossed) I lost more than I wanted in the process.

I look forward to hearing from someone soon - thank you in advance for your time, energy, expertise (and willingness to share that) and much appreciated assistance!

Best, Lippy :)

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  
• Please refrain from running tools or applying updates other than those I suggest.
  
• Never run more than one scan at a time.
  
• Keep updating me regarding your computer behavior, good, or bad.
  
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================================================

Tools like HitmanPro are usually not a good idea.
HitmanPro doesn't really care what is removed even if it's a system file - most likely your case.

I suggest you try system restore first and see if this will bring your connection back.

When done....complete all steps (or as many as you can) from here: http://www.smartestc...ease-read-this/

[lippy7]

Good morning and thanks for the quick reply!
My computer is bootable at this point and as you mentioned, it does "appear" to be okay, other than the fact that the ipsec.sys is missing now and I cannot connect to internet. So I don't cause further damage, do I commence system restore from Safe Mode with Networking, or regular mode?

Thanks!

[Broni]

If you know what file is missing hold on with system restore.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

• Double-click SystemLook.exe to run it.
  
• Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  
• Copy the content of the following box and paste it into the main textfield:
  

  :filefind
  ipsec.sys
  

  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

[lippy7]

SystemLook 30.07.11 by jpshortstuff
Log created at 16:54 on 13/10/2011 by Administrator
Administrator - Elevation successful
========== filefind ==========
Searching for "ipsec.sys"
C:\WINDOWS\system32\dllcache\ipsec.sys --a--c- 75264 bytes [05:49 14/04/2008] [05:49 14/04/2008] 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\system32\drivers\ipsec.sys --a---- 75264 bytes [05:49 14/04/2008] [05:49 14/04/2008] 23C74D75E36E7158768DD63D92789A91
-= EOF =-

[Broni]

The file is there.
It may be corrupted/infected though.

For now try system restore and let me know what happens.

[lippy7]

Ok should I do it in safe mode?

[Broni]

Only if normal mode won't work.

[lippy7]

Also is there something else missing that could be preventing me from accessing the Internet?

[Broni]

One step at a time.
Try system restore first.

[lippy7]

Ok should I back everything up onto a USB or something first?

[Broni]

System restore will not damage your data.

[lippy7]

I am currently restoring to an earlier date. Is this what you need me to do on the infected computer? Sorry for being so literal. I want to be sure I do everything correctly.

Thanks so much for your help!!!

[lippy7]

Ok I'm sorry but apparently it isn't letting me restore to an earlier point.

[Broni]

Did you try safe mode?

[lippy7]

will give it a shot right now... *fingers crossed*

[lippy7]

It didn't work in safe mode...

[Broni]

OK, it's time to run some scans.
Complete as many steps as you can listed here: http://www.smartestc...ease-read-this/

Use working computer to download necessary tools and USB flash drive to move those tools to bad computer.
Since you'll be moving USB stick between good and bad computer install this on GOOD computer first...

Download, and run Flash Disinfector, and save it to your desktop (Windows Vista and Windows 7 users, scroll down)

*Please disable any AV / ScriptBlockers as they might detect Flash Disinfector to be malicious and block it. Hence, the failure in executing. You can enable them back after the cleaning process*

• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  
• The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  
• Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  
• Wait until it has finished scanning and then exit the program.
  
• Reboot your computer when done.

Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

Windows Vista and Windows 7 users
Flash Disinfector is not compatible with the above Windows version.
Please, use Panda USB Vaccine, or BitDefender’s USB Immunizer