Options
No internet after infection
LION8TIGER
Posts: 8,484 Forum Member
✭
Had a couple of hours to spare today so went to look at a friends 'desktop computer'.
Turns out to be a Netbook belonging to his Italian girlfriend, set up in Italian .... not a good start.
It was infected with Antimalware Doctor a few months ago and had not been used since until last night. I brought with me a flash drive with Malwarebytes, Rkill, Avira etc.
Maybe I did something wrong with the Rkill as it was only a shortcut that I brought with me.
Installed M'bytes on the netbook and ran a quick scan .... it found about 30 problems, mostly with trojan in the description. Antimalware Doctor then seemed to have disappeared ... it could not be deleted before that.
Apparently there was internet access before but not now, the malware was popping up loads of things so she 'may' have done something to stop it, somehow stopping internet access.
Very hard to navigate in Italian, but managed to untick a proxy in internet options / connections / Lan settings ... didn't make any difference.
I ran xp tcip repair, reset tcp/ip and repair Winsock, again no joy.
The netbook is connected to a Netgear router on Sky, their main computer is the only one that appears connected in 'attached devices' though both are connected via ethernet cable.
Two strange things that make me think that the infection may not be gone are no access to windows firewall (error message) and trying ipconfig from a command prompt also throws up a big error message (in Italian of course) .... I presume it would be the same command whatever language it was set up as
.
I ran out of time and left them running a full scan with M'bytes and then one with Avira, neither updated (no internet).
Ideas welcome, did I miss anything ?
Turns out to be a Netbook belonging to his Italian girlfriend, set up in Italian .... not a good start.
It was infected with Antimalware Doctor a few months ago and had not been used since until last night. I brought with me a flash drive with Malwarebytes, Rkill, Avira etc.
Maybe I did something wrong with the Rkill as it was only a shortcut that I brought with me.
Installed M'bytes on the netbook and ran a quick scan .... it found about 30 problems, mostly with trojan in the description. Antimalware Doctor then seemed to have disappeared ... it could not be deleted before that.
Apparently there was internet access before but not now, the malware was popping up loads of things so she 'may' have done something to stop it, somehow stopping internet access.
Very hard to navigate in Italian, but managed to untick a proxy in internet options / connections / Lan settings ... didn't make any difference.
I ran xp tcip repair, reset tcp/ip and repair Winsock, again no joy.
The netbook is connected to a Netgear router on Sky, their main computer is the only one that appears connected in 'attached devices' though both are connected via ethernet cable.
Two strange things that make me think that the infection may not be gone are no access to windows firewall (error message) and trying ipconfig from a command prompt also throws up a big error message (in Italian of course) .... I presume it would be the same command whatever language it was set up as
.I ran out of time and left them running a full scan with M'bytes and then one with Avira, neither updated (no internet).
Ideas welcome, did I miss anything ?
0
Comments
There's nohing wrong with the machine set up in Italian, all that matters is whether the owner backed up their documents at least semi-regularly, so that a clean copy is available.
Thanks PrinceGaz, that is the last resort as the netbook does not have a CD drive to reinstall windows ... I think she has a copy of Win xp, maybe just a recovery disc .. which may do. A purchase of an external cd may be the answer.
She also has a D drive which I never thought of looking in, I presumed it was a CD drive but of course that is ruled out as she does not have one .. so maybe it is a recovery partition ... must look next time (after Christmas).
The answer I was really hoping for though I suppose was another idea to get the internet working again.
I noticed a couple of odd things as well looking at their main computer for instance the router ip is 192.168.0.1 but his computer is 192.168.1.3 ......
should it not be 192.168.0.2 if no other devices are connected ? Maybe nothing to do with it.
Unfortunately, those are the main fixes for restoring an internet connection after an infection.
As you've mentioned errors with other parts of the system (Firewall, running ipconfig and possibly a lot more to yet discover), the sensible decision is to restore/reinstall. The fact you have to struggle fixing it in Italian should make it an even easier decision.
You'll probably find there is a recovery partition on the
If you have an IDE/SATA to USB adaptor (every half-decent geek should have one), you can slave a CD drive from another machine if you need to manually format & reinstall from a normal Windows CD. You won't even need to physically remove the drive. This will save needing to buy an external drive.
I became a semi half-decent when Loobster suggested I get one , I did, it worked well for a messed up external hard drive Which still works using that bit of kit.
Thanks max.
I once did a test with a badly infected pc, it took an entire weekend of scans to remove all infections and even after all that, there were windows firewall issues. A reload took a morning, or 15 minutes if the user was smart enough to use something like Acronis true image.
I've always found that if you say that all files are lost and you'll have to reload, the user then realises just how bad it is...then if I can save most files they're over the moon and more likely to (very occasionally) make backups
I agree with every word of that.
I do like seeing the look of relief (and gratitude) on someone's face when they realise you've managed to save five years worth of family photos and/or business records. But I also enjoy seeing the look of panic and desperation when they initially think that they've lost everything - as this means they've finally understood just why backups are important and why you're supposed to make them.
Google reckons F9 at boot, so she will back up and give it a go.
Backup and restore from disc/hidden partition and be done with it, and tell her that is the only real way.
Some of the modern infections set themselves up as a internet portal, my guess is at an IP address of 192.168.1.1 which is then passing the data onto the Infectors computers filtering out passwords, cc details etc. via the router connection on 192.168.0.1
Also check within internet explorers settings via control panel / internet settings. Again, my guess would be that under the connections tab, LAN settings, they'll be a proxy server set up at 192.168.1.1. Just delete this info and untick and internet should reappear.
Thanks sweep, but ... ... did that already.
Anyway I'm not going near it until after Christmas. She will try the recovery at boot up and if that does not work then get herself an external cd drive as she has a recovery disk.