Messages

1

General Computer Support / Re: W7 Home Premium 64b won't access internet Browsers/Email/Support Tools

« on: December 09, 2013, 10:18:23 pm »

Thank-You SHANE!!!

This was indeed a boot sector infection ... it tried to take over the ISO Update but I managed to get past it ... now have to wade through a gazillion updates again ... but its far less pain then having to reinstall and reconfigure so again thank-you for the pointer to the ISO site.

2

General Computer Support / Re: W7 Home Premium 64b won't access internet Browsers/Email/Support Tools

« on: December 09, 2013, 04:20:20 pm »

Thank-you for that ... I will download and try this iso boot with repair ... Combo fix ran after I removed Mcafee but left me overwhelmed with all the log entries it wasn't clear what it was reporting especially with warnings that it reports stuff that can be perfectly fine.

3

General Computer Support / Re: W7 Home Premium 64b won't access internet Browsers/Email/Support Tools

« on: December 09, 2013, 03:58:23 pm »

Ran spinrite 6 on the drive before doing an image backup ... no issues found ... chkdsk /f/r found nothing

Used Acronis 2013 to do a image backup to a external drive

 Memory issues in my experience typically cause random crashes and or program lockups/failures ... I don't see any evidence of that happening over the past 4 days of diagnostics ... but could possibly run memtest on it overnight just to be sure

After Imaging the Harddrive I did reload an as built/delivered image of the machine which has no issues with internet access ... this to me rules out the nic and downstream hardware

I also moved the drive to an esata port as a slave external drive and ran a few virus/malware programs but I don't believe these will review the registry of the slave drive properly?

This is one of the ugliest infections I have seen given that none of the 45 tools I have thrown at it have found anything other then a few PUP and PUM files which were eradicated straight off

sfc -scanow says the core files are good ... is it possible an infection could spoof this?

None of the rootkit tools appear to run prior to boot ... it is possible an infection is smart enough to hide from the major tools (some new variant 2-3 weeks old?) ... if a rootkit is involved here wouldn't it be easy to hide from known tools? My expectation is that a proper test would run prior to the OS ever starting ... POST BIOS level code could run prior to the OS starting and do anything.

If this is indeed a registry only issue it makes me wonder why everything else is totally functional ... ie Word, Excel, Ping, tracert, Temprature Widgets, etc. all work properly ... in one of my tests I totally removed all the browsers, Nic, and Network Related programes then added them back ... issue still existed even with netsh resets ... Wire Shark suggests the internet services are working ... my suspcion is that this thing is just blocking the browsers from accessing the network services.

Everything I have done so far points to it being an infection ... what was interesting was a Wire Shark trace that showed activity with an address in the 1.192.168.nnn domain which reverses to a Mainland China Server ... why would this machine be talking to China automatically?

Researching this issue suggests it is new ... there are variations but for the most part they appear to be picked up by the core tools.

If you have other suggestions I can reload the before image and glady follow your steps to see if perhaps I have missed something ... I don't consider myself and expert even though I have coded in most systems going back over 30 years ... there is a lot going on in the newer PC's so it's no longer a simple task to trouble shoot.

4

General Computer Support / W7 Home Premium 64b won't access internet Browsers/Email/Support Tools

« on: December 07, 2013, 10:42:52 am »

This is one ugly piece of work!
Wondering now if it can even be removed.

Symptoms:
Ping and Tracert appear to work to google.com and grc.com as well as widgets are being updated
all browsers and email blocked
team viewer blocked

- loaded before image
- shift-f8 safe mode with internet has same issue
- rebooted
- removed all security SW Mcafee 12.8.856
- cleared all temp file using TFC
- ran RKill (64)
- ran all steps of your Repair_Windows (selected all) continually received "Execute proccesses remotely has Stopped working"

- attempted to run your Repair_Windows in Safe mode no difference

FSS
Connection status:
Attempt to access Local Host IP returned error: Localhost is blocked: Other Errors
Lan Connected.
Attempt to access Google IP returned error: Other Errors
Attempt to access Google.com returned error: Other Errors
Attempt to access yahoo.com returned error: Other Errors

New info:

Wire Shark appears to show normal activity on the network card however there is no activity from the browsers ie entered google.com into google chrome and expected there to be an interchange with the dns services ... there isn't even a DNS request ... google chrome is also appending https to any url entry which isn't going to work either.

Wire Shark is showing some activity to a Mainland China IP Address

Downloaded the 5 top rated rootkit revealers and all come back clean ... from my experience if this isn't a rootkit I wouldn't expect this issue to be present in Safe Mode ... The widget Temperature is being updated plus I can ping any external source address properly