Firewall and Internet unresponsive after Trojan Removal
Good suggestions...
I have tried as system restore from inside win7 and from boot menu... is safe mode any different than the latter?
Anyone has success with uninstalling Malware-bytes and having your files return to normal???
January 31st, 2012 9:45am
Hi,
try system restore to state, in which was everything OK. Try also uninstall Malware-bytes and install Microsoft Security Essentials.
You can roll back with system restore from Safe mode.
This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.
Microsoft Student Partner
2010 / 2011 / 2012
Microsoft Certified Professional | Connected Home Integrator
| Consumer Sales Specialist
Microsoft Certified IT Professional: Consumer Support Technician on Windows Vista
Microsoft Certified IT Professional: Enterprise Support Technician on Windows Vista
Microsoft Certified IT Professional: Server Administrator on Windows Server 2008
Microsoft Certified Technology Specialist:
Windows 7, Configuration | Microsoft Windows Vista, Configuration
Pre-Installing Windows 7 for OEMs | Windows 7 and Office 2010, Deployment
| Windows Vista and Server Operating Systems, Preinstallation
Windows Server 2008 Active Directory, Conf | Windows Server 2008 Network Infrastructure, Conf
| Windows Server 2008 Applications Infrastructure, Conf
Windows Server 2008 R2, Server Virtualization | Windows Server Virtualization, Configuration
| Microsoft Lync Server 2010, Configuring
Windows SBS 2011, Configuring | Windows EBS 2008, Configuration
| Windows SBS 2008, Configuration
Windows HPC Server 2008, Development | Windows Internals
| MDOP, Configuration | SharePoint 2010, Configuration
Microsoft SCOM, Configuration | Microsoft SCDPM 2007, Configuration
| Microsoft SCVMM 2008, Configuration
Free Windows Admin Tool Kit Click here and download it now
January 31st, 2012 11:56am
Malware-bytes found some problems on my PC this morning... I notice my web pages being redirected and ran it immediately:
Memory Processes Detected: 4
C:\Users\Gee\AppData\Local\Temp\~!#AD22.tmp (Trojan.Dropper.PE4) -> 1828 -> Delete on reboot.
C:\Users\Gee\AppData\Roaming\4CBA8\05CE7.exe (Trojan.Dropper.PE4) -> 5016 -> Delete on reboot.
C:\Users\Gee\AppData\Roaming\A87EC\lvvm.exe (Trojan.Dropper.PE4) -> 4684 -> Delete on reboot.
C:\Users\Gee\AppData\Roaming\firefox.exe (Trojan.Dropper.PE4) -> 5800 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\AFD (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Backdoor.CycBot) -> Data: C:\Users\Gee\AppData\Roaming\A87EC\lvvm.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Data: explorer.exe,C:\Users\Gee\AppData\Roaming\4CBA8\05CE7.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|D7D.exe (Backdoor.CycBot) -> Data: C:\Program Files\LP\E724\D7D.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Dropper.PE4) -> Bad: (C:\Users\Gee\AppData\Roaming\A87EC\lvvm.exe) Good: () -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 7
C:\Users\Gee\AppData\Local\Temp\~!#AD22.tmp (Trojan.Dropper.PE4) -> Delete on reboot.
C:\Users\Gee\AppData\Roaming\4CBA8\05CE7.exe (Trojan.Dropper.PE4) -> Delete on reboot.
C:\Users\Gee\AppData\Roaming\A87EC\lvvm.exe (Trojan.Dropper.PE4) -> Delete on reboot.
C:\Users\Gee\AppData\Roaming\firefox.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Users\Gee\AppData\Roaming\Microsoft\E724\4904.tmp (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\afd.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\LP\E724\D7D.exe (Backdoor.CycBot) -> Quarantined and deleted successfully.
(end)
After reboot, my antivirus program disappeared and my internet connection was lost:
afd service is missing
bfe service is missing
and MpsSvc is missing
Mpsdrv is operable, but the rest are not responding to startup
How can I get my PC back?!
January 31st, 2012 4:09pm
Hi,
try system restore to state, in which was everything OK. Try also uninstall Malware-bytes and install Microsoft Security Essentials.
You can roll back with system restore from Safe mode.
This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.
Microsoft Student Partner
2010 / 2011 / 2012
Microsoft Certified Professional | Connected Home Integrator
| Consumer Sales Specialist
Microsoft Certified IT Professional: Consumer Support Technician on Windows Vista
Microsoft Certified IT Professional: Enterprise Support Technician on Windows Vista
Microsoft Certified IT Professional: Server Administrator on Windows Server 2008
Microsoft Certified Technology Specialist:
Windows 7, Configuration | Microsoft Windows Vista, Configuration
Pre-Installing Windows 7 for OEMs | Windows 7 and Office 2010, Deployment
| Windows Vista and Server Operating Systems, Preinstallation
Windows Server 2008 Active Directory, Conf | Windows Server 2008 Network Infrastructure, Conf
| Windows Server 2008 Applications Infrastructure, Conf
Windows Server 2008 R2, Server Virtualization | Windows Server Virtualization, Configuration
| Microsoft Lync Server 2010, Configuring
Windows SBS 2011, Configuring | Windows EBS 2008, Configuration
| Windows SBS 2008, Configuration
Windows HPC Server 2008, Development | Windows Internals
| MDOP, Configuration | SharePoint 2010, Configuration
Microsoft SCOM, Configuration | Microsoft SCDPM 2007, Configuration
| Microsoft SCVMM 2008, Configuration
Free Windows Admin Tool Kit Click here and download it now
February 1st, 2012 3:43am
Good suggestions...
I have tried as system restore from inside win7 and from boot menu... is safe mode any different than the latter?
Hi,
They are same. You may also perform System Restore under Windows RE.Juke Chou
TechNet Community Support
February 1st, 2012 5:27am
Good suggestions...
I have tried as system restore from inside win7 and from boot menu... is safe mode any different than the latter?
Hi,
They are same. You may also perform System Restore under Windows RE.Juke Chou
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
February 1st, 2012 1:16pm
@kgbader
When you have completed System restore, recheck via the services to insure that Base Filtering Engine and Windows firewall are "enabled", along with dependent services.
This rogue malware (along with some other of it's "family") will effectively render BFE as "not there" and windows firewall disabled. That was done by the rogue, not by MBAM (which took out the rogue).
Check Windows 7 Action Center to make sure firewall is on.
If and only IF still having issues with BFE or Firewall, then download and Save 2 registry fixes:
bfe.reg & firewall.reg
http://www.mediafire.com/?317ea53a883288d
http://www.mediafire.com/?z6aw8j7997qa7j9
Make sure they have a .REG extension
Right Click on each reg (in turn) and do a MERGE
You may have to respond to UAC prompt.
Afterwards, recheck services and also Action Center for firewall and anti-virus status.
AFAIK, neither MSE or MBAM cover the registry fixes. That is why it almost always requires additional fixes after the rogue is taken out.
p.s. The "author" of the fixes is unknown (at least till now) but the registry lines are essentially what you would have on a clean Windows client for the 2 sets of services.
Maurice Naggar ~ MVP (Oct 2002 - Sept 2010)
February 1st, 2012 9:15pm
@kgbader
When you have completed System restore, recheck via the services to insure that Base Filtering Engine and Windows firewall are "enabled", along with dependent services.
This rogue malware (along with some other of it's "family") will effectively render BFE as "not there" and windows firewall disabled. That was done by the rogue, not by MBAM (which took out the rogue).
Check Windows 7 Action Center to make sure firewall is on.
If and only IF still having issues with BFE or Firewall, then download and Save 2 registry fixes:
bfe.reg & firewall.reg
http://www.mediafire.com/?317ea53a883288d
http://www.mediafire.com/?z6aw8j7997qa7j9
Make sure they have a .REG extension
Right Click on each reg (in turn) and do a MERGE
You may have to respond to UAC prompt.
Afterwards, recheck services and also Action Center for firewall and anti-virus status.
AFAIK, neither MSE or MBAM cover the registry fixes. That is why it almost always requires additional fixes after the rogue is taken out.
p.s. The "author" of the fixes is unknown (at least till now) but the registry lines are essentially what you would have on a clean Windows client for the 2 sets of services.
Maurice Naggar ~ MVP (Oct 2002 - Sept 2010)
Free Windows Admin Tool Kit Click here and download it now
February 2nd, 2012 1:07pm