Author Topic: [Request Add] Windows Repair - IP Helper SVC Repair  (Read 15327 times)

0 Members and 1 Guest are viewing this topic.

Offline tbdawg

  • Newbie
  • *
  • Join Date: Sep 2012
  • Posts: 27
  • Karma: 2
    • View Profile
[Request Add] Windows Repair - IP Helper SVC Repair
« on: September 24, 2012, 05:46:56 am »
I had a PC today (my sons actually) that was infected with the zeroaccess rootkit which disabled a bunch of services. It's all fixed now, but was kinda surprised that between using ComboFix and Tweaking.com's Windows Repair that this service appears untouched as it seems to often be removed with this rootkit and probably some others. So I put together a little package for you that you may want to add. (See Attachment) The Windows 7 key is from a Win 7 Ult PC and the Vista key is Home Premium (sorry no XP PC to pull from), though I don't think it makes much if any difference which version the key came from as long as its Vista/7. The keys have both been cleaned of PC specific data. It appears that the subkeys below:

\Parameters\6To4
\Parameters\IPHTTPS
\Parameters\Isatap
\Parameters\Teredo
\Teredo\PreviousState

are filled in on the fly as needed depending on device parameters etc. At least the Isatap subkey did on my sons PC. Of course a restart will be needed after the fix has been made. Hope this helps somebody!

BTW Thank you for your hard work!

Edit: Ugh, just realized I put this in the wrong spot. Sorry!
« Last Edit: September 24, 2012, 06:17:59 am by tbdawg »

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: [Request Add] Windows Repair - IP Helper SVC Repair
« Reply #1 on: September 24, 2012, 11:36:12 am »
Right now the Windows Repair tool doesn't do much with any of the reg keys for the services. Very dangerous.

But I am going to be starting on a new version where I will start adding these reg keys and for each os and such. Going to be a big job but it will be worth it as it will make the Windows repair fix more problem then ever. :-)

Right now the things that it cant fix are normally related to bad or missing reg keys. Since the program doesnt touch or replace them it doesnt fix those. So as new versions come out I will be adding more and more. So thanks for these, I have added it to my to do list and I will see what i can do :-)

Shane

Offline tbdawg

  • Newbie
  • *
  • Join Date: Sep 2012
  • Posts: 27
  • Karma: 2
    • View Profile
Re: [Request Add] Windows Repair - IP Helper SVC Repair
« Reply #2 on: September 25, 2012, 03:28:10 am »
I forgot to mention that the Win 7 key is 64 bit and the Vista key was 32 bit, though I suspect it won't matter. I am planning on doing some clean os installs soon (maybe later tonight or tomorrow) so I will make some reg dumps and verify. I also happened to remember that when I do a clean install for most of my PC's, or the ones I am working on, that I usually make a complete reg dump before I get to far along with it. I pulled a clean dump off of one of my Vista 32 bit PC's to see what the keys for this service looked like and they were almost exactly the same as the one I attached for Vista above. The only difference was one of the empty keys I listed above as being created on the fly wasn't there. So it should be safe. I also happened to get my hands on a XP Pro clean dump and verified that this service doesn't exist for XP. Which is also what was shown for this service via blackviper.com. Obviously I don't have any info on it yet for Win 8, but will add if and/or when I get it.

I'm also looking into building this service via SC.exe, but I am a bit rusty using cmd. I will look into it after I verify some more clean dumps and post the batch file for you if I am successful. Or I could write an exe to check the service and then repair what is needed. (bit rusty here too, but it's like riding a bike right. lol) Of course I will test all first and only post code/attachments if I'm successful.

If you would like any of the complete clean install dumps just let me know and I'll send them your way. I'll try and provide info for each dump if I can.

Offline tbdawg

  • Newbie
  • *
  • Join Date: Sep 2012
  • Posts: 27
  • Karma: 2
    • View Profile
Re: [Request Add] Windows Repair - IP Helper SVC Repair
« Reply #3 on: October 03, 2012, 10:03:52 pm »
Shane here is a batch file that rebuilds the IP helper service from scratch using SC.exe for either Vista or Windows 7 all versions. It requires elevation to run successfully. I have tested it thoroughly. It will repair the service whether it is there or not. It also makes a back up of the services reg key before making any changes etc. Should be very easy for addition to your tool if you desire.

Basic work flow is as follows:
It is recommended that all networks (WiFi, Ethernet, Bluetooth) be disconnected prior to running, but not required (will most likely need to restart PC otherwise).

Checks to see if the Service Exists.
If Exists -> Check if Running
If not Exists-> OS Check
If Running -> Try to stop -> recheck.
If not Running-> Make a date/time stamped backup of services reg key in Documents.
Delete Service via SC
OS Check
Build the service according to OS.
Attempt to start the service -> Check if Running -> retry if not
Check the text output in the Console window and verify no errors occured.
If service cannot be Started PC must be restarted then Network connection(s) made.
Otherwise make Network Connections.

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: [Request Add] Windows Repair - IP Helper SVC Repair
« Reply #4 on: October 04, 2012, 10:02:52 am »
Added it to my "To Do" list for the Windows repair :wink:

Shane

Offline tbdawg

  • Newbie
  • *
  • Join Date: Sep 2012
  • Posts: 27
  • Karma: 2
    • View Profile
Re: [Request Add] Windows Repair - IP Helper SVC Repair
« Reply #5 on: October 05, 2012, 01:19:34 pm »
Awesome! I should be able to do this for most services if you need any other scripts just give me a shout and I'll be glad to help. In fact I am currently working on a program that will verify each out of the box service for Windows 7 (and then I'll add Vista & Windows 8) checking for corruption (against the way it would be for a clean install) and repairing only what is needed. In some cases rebuiling the service completely. It will also eventually check for that services dependencies etc and hopefully repair them as well. You'll be able to incorporate it very easily with your program if you desire. Otherwise it can be run as a stand alone. Of course, It'll make a backup of each service prior to repair. I'll be building against all the info that I have gained via clean dumps from all versions of Windows 7 etc. I've been meaning to do this for some time, guess that time is now.  :wink: