Internet not working after Spyware

Custom
August 4, 2008 at 14:19:18
Specs: WinXP Pro, Athlon 3000+

It all started when I was browsing My Computer and got a pop up to get Anti-Spyware software. I realized that I needed just that, because the popup itself was spyware. So I hit Ctrl + Alt + Del to get rid of all the spyware that had been running already and started ridding my computer of that nasty stuff.

I terminated all the processes and I still had the popup while browsing my computer. So I figured it was a DLL that was injected into explorer. I restarted my computer into safe mode, looking for signs of programs that wanted to start with my computer. I erased some registry entries and deleted some obviously corrupt programs.

I restarted with a normal boot. As soon as I got back in, I realized my internet wasn't working. Hmm... Maybe my router went down.

My sister's laptop was working fine though (which is wireless, while I'm wired) Hmmm....

I tried accessing my router. No go.

I realized that something was seriously up.

I spent hours removing every last bit of spyware and viruses on my computer with the use of Kaspersky, MalwareByte's Anti-Malware, and Smitfraud, all in safe mode. I got rid of over a dozen EXEs, and half a dozen registry keys, plus half a dozen DLLs in Internet Explorer and Explorer. It seemed there would be nothing stop my computer from working perfectly.

As soon as I restarted, I saw my internet was still not working. All the spyware was gone, but the damage was done and my internet wouldn't start working any time soon.

Since then, I still can't get a single page to load or ping request to come back. Here are the symptoms. I don't know what to do next:

-Absolutely no pages load. Firefox tells me "Address Not Found."
-My computer is unable to connect to my router's DHCP server for an IP address. It becomes Automatic Private Address 169.254.x.x, Subnet Mask 255.255.0.0, unless I specify a specify a static lan address, in which case the LAN icon has a yellow exclamation point on it stating "Limited or no connectivity" (even though I was using the same exact static address just yesterday) - No other computers on this network have the same IP address
-When a static address is assigned, the router's address loads a blank white page with no content. All other webpages continue to give me Address Not Found
-Pinging all internet addresses gives no response. Only 192.168.1.1 and 192.168.1.100 (my static address) give results. Oddly, though, the result says

C:\>ping 192.168.1.1

Pinging °ÿ with 32 bytes of data:

Reply from 192.168.1.1: bytes=32 time<1ms TTL=127
Reply from 192.168.1.1: bytes=32 time<1ms TTL=127
Reply from 192.168.1.1: bytes=32 time<1ms TTL=127
Reply from 192.168.1.1: bytes=32 time<1ms TTL=127

Ping statistics for :
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

I don't understand why the address of the router becomes °ÿ

Pinging localhost gives the following result

C:\>ping localhost

Pinging VAL-MAIN [°ÿ] with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for :
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
With the same °ÿ

Here's what I've tried doing:
-I've tried removing the driver for my LAN card from Device Manager and reinstalling the drivers without it working.
-I've tried going through the Set up a home or small office network wizard but it always says it was unable to complete the wizard at the end
-The router is still accessible from other computers in the house


I'm very scared I need to reinstall windows because of this spyware I picked up. What else can I try?


See More: Internet not working after Spyware

Report •


#1
August 4, 2008 at 14:27:59
"It becomes Automatic Private Address 169.254.x.x, "

At some point we either need to be on the same subnet as your router or get dhcp to work.

Start by changing to a static ip in the routers range and try to access the web based setup.


Ping is generally a poor tool to trust much. Ping localhost on some OS's can return a result with no nic card installed.

We can always use a live linux cd such as knoppix to try. Knoppix normally has all the popular nic drivers so we might be able to prove the nic is working.

Might have to put the xp disk back in and do a "repair" in worse case.

"Best Practices", Event viewer, host file, perfmon, are in my top 10


Report •

#2
August 4, 2008 at 16:41:58
I booted into a ubuntu live cd and saw that my internet was connected from the first second of being booted. I have no choice but to repair windows, it seems.

PS: Host file looked fine and event viewer showed nothing out of the ordinary


Report •

#3
August 4, 2008 at 20:48:26
Host file would have nothing to do with dhcp offer. (pretty sure)

Ubuntu proved that the system could work and now we assume some damage or error to xp. Might start with sfc.exe /scannow.


"Best Practices", Event viewer, host file, perfmon, are in my top 10


Report •

Related Solutions

#4
August 4, 2008 at 23:02:39
On another forum, a user named kimsland told me the following:

That °ÿ is the telltale sign that the WINSOCK catalog is corrupted. Simply enter this command at a command prompt:

netsh winsock reset catalog


Or download Winsockfix (http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml)


The command line fixed my problem perfectly in a matter of minutes.


Report •

#5
August 5, 2008 at 14:02:44
Thanks for the report, sorry I didn't guess it.

"Best Practices", Event viewer, host file, perfmon, are in my top 10


Report •

#6
August 5, 2008 at 19:19:46
No problem. I appreciate the support. Hope someone in need of this fix stumbles upon it when they have the same issue!

Report •


Ask Question