Can't connect to the internet after wrestling with malware

Factual Questions
1

Today I did battle with malware, a nasty little program which told me my system was infected, and that I needed to provide my credit card to buy their product to clean it out. It shut down most of my functions in the process.

I went into safe mode, hit system restore for about a week earlier, and then ran malwarebyes anti-malware program, which identified the infection and quarantined it and told me to reboot to complete the process. I had internet connectivity at this point.

Unfortunately, as soon as I rebooted after running malwarebytes, I could no longer connect to the net via my wifi connection. Everything else seems to run normally save for that.

The wifi managers inform me I’m connected to the net just fine, but any browser I open (explorer or google chrome) tells me it can’t connect to the internet.

My wife’s laptop (on which I’m composing this lament) connects just fine via the wifi.

And now my system restore no longer works! I’ve tried restoring to several different setpoints, to see if I could fix this last glitch, but I only get the message that system restore failed to restore, and I could try again if I like. Half a dozen reboots and restores later, I’m declining that option.

I’ve uninstalled malwarebytes to see if that corrected things, but it didn’t.

I’m running windows XP.

Any words of wisdom? My wife will throw me off her computer soon…

Thanks!

2

Is your wireless device integrated in your computer or it is a card (a third party wireless device) ?

What browser are you using?

Can you see other computers in your network?

I would recommend a backup of all your important data as you may have to repair the XP installation (one can reinstall only the components that were changed, but it is better to make a backup before doing repairs like that one)

3

Here are the diagnostic results:

WinSock diagnostic: Connectivity is valid for all Winsock service providers

Network Adapter diagnositic: Network connection status: Connected

HTTP, HTTPS, FTP diagnostic:

info: FTP (passive) successfully connected to ftp.microsoft.com

warn: HTTP: error 12029 connecting to www.microsoft.com: a connection with the server could not be established
info: HTTPS: successfully connected to www.microsoft.com

warn: HTTP: error 12029 connecting to www.microsoft.com: a connection with the server could not be established.

error: Could not make an HTTP connection.Here

4

It’s a card

tried both windows explorer and google chrome

I’ve neer tooked to see other computers in the network before. I’m certainly not seeing them now.

5

What happens if you try to connect to http://207.46.232.182/

6

Are you using the wireless connection program that came with the card or the wireless 0 service?

7

Not sure. LAN device is Realtek, fast ethernet NIC, wireless connection device is a NETGEAR PCI adaptor, if that’s any help.

8

The standard disclaimer stating that “IE cannot display the webpage”

9

Lets check the connection first, do you see a wireless network connection icon in your toolbar or in the Network Connections?

Check the properties and tell us the what is in the “Connect using”

10

wireless network connection status reports connected via linksys, speek 1.0 mbps, strenth 5/5, 549 packets sent, 327 received

Netgear smart wizard reports connected to internet with similar strenth and speed

11

Your connection seems good, so I would start looking at the browser infrastructure. have you tried uninstalling all browsers and then reinstalling? There have been viruses that screw you up by routing you through non-existent proxys and firewalls, and other hidden roadblock settings. But letting the little network connection wizard start from scratch(and starting from a newly installed browser is how most people get started) can sometimes put everything back to basics for you.

12

If that is Speed, darn, that is a snail pace and nothing much will show up , normally you see 54 Mps or better. Are you sure?

You should try a repair:

Right click on the wireless icon, one of the options will be “Repair” Select it and see if you are getting the same result.

Also: make sure that is the correct Linksys you are connecting, sometimes the wireless after a shake up will attempt to connect to other available wireless routers.

13

I’ve tried the ‘repair’ more than once, and also I’ve confirmed I’ve connected to my own wifi.

14

I don’t have a copy of the browser handy to reinstall, sadly. And rerunning connection wizard didn’t change anything either.

I’m still annoyed and puzzled that I can’t use system restore, too.

15

The speed remains at 1.0 Mps?

16

1.0 Mbps is what it reads

17

According to bleepingcomputer if you have this kind of malware your best bet (if your not a computer expert) is to do a hard reinstall. Some computers have a system restore function that you can access when you reboot the computer. Try this first. If this works make sure you run some kind of malware eliminator before you reconnect to the internet. This was the only way I was able to get rid of a similar virus.

I am not a computer expert. Please be aware of this as this procedure may cause damage to your computer files and system.

18

Can you hit any site at all?

Just for kicks you might want to check your hosts file. I had a rather nasty little virus make the rounds at work. It would over-write the hosts file and make it read-only. It used the hosts file to redirect almost all websites to some server in Poland IIRC.

How to check the hosts file.
Click on start and go to run.
Type in CMD and click OK
type in the following exactly
c:
then press enter
cd \windows\system32\drivers\etc
then press enter
dir ho*

The last command will list all files starting with ho. You should see one file named hosts with no extension. (It should not read hosts.xxx, just hosts). If there is just one type in the following:

notepad hosts
and press enter

Most likely your hosts file will be blank. If it is not blank you may have an issue.

The host file is used to override DNS (Domain Name Service). DNS translates web addresses (www) to IP addresses.

An entry like this:
100.1.1.1 www.whatever.com

Means that if you type in www.whatever.com into your browser the computer should use the IP 100.1.1.1.

What the virus we had was doing was putting in entries like

x.x.x.x www.google.com

in for a ton of sites. The x.x.x.x address was the viri authors website. So anytime you attempted to go to www.google.com it would instead send you to their website. The symptom that my users saw was that they couldn’t get to most websites because the server that the virus reset the hosts file to use didn’t exist anymore.

If that is the issue, removing this virus was quite a pain. To get rid of it (without reformatting) I had to use a linux boot disk, mount the drive and manually remove a ton of files and reg entries. Not a lot of fun.

Oh, a side note. If you don’t want your kids accessing certain sites, changing the hosts file is a fine way to do it. Most kids will take a long time to figure out how to fix that one. Just enter in the web address you do not want them to see and use the IP 127.0.0.1 which is the localhost.

Slee

19

Thanks, but as I’ve mentioned, I’ve been that route already

20

Other thing to try then before going further, remove the power of your router for a moment and then power it again, some problems can be solved by restarting the router (do this only after you warn others that you will disconnect it for a few moments)

If the speed still remains an issue, you may need to uninstall and reinstall the wireless card drivers, you can download the drivers from the manufacturer of your card using the other computer and then copy them with a USB card to your computer.