cancel
Showing results for 
Search instead for 
Did you mean: 
kuttus
Level 9
Report Inappropriate Content
Message 11 of 20

Re: Risky connection after XP antivirus 2012 remove

There may be one more infection assosiated with it. . To check it's presence you have to do one thing.

In Windows XP

----------------------

Click on the start meanu and press on Run.

Inside the Run window type CMD and press on Okay.

In the black Command Window type

NETSH WINSOCK RESET and hit on enter.

If you get a message

"Sucessfully reset the Winsock Catalog.

You must restart the machine in order to complete the reset." then you are safe.

If not your computer is infected.

Steps - 1

Try the above steps.

Steps-2

Ping.exe is a infection. To fix this run a SIGVERIF on the compuiter. For that Click on Start Menue -> Click on Run -> Type SIGVERIF and press on Ok.

Follow the instructions.

It will detect one infected *.sys  file. You have to replace that file from the recovery console.

The other solution to fix it is a Fresh Installation.

In Windows Vista and Windows 7

--------------------------------------…

Click on the Start Menu and in the Search box type CMD

At the top you can see a CMD file. Just right click on that file and select Run as

Administrator.

In the black Command Window type

NETSH WINSOCK RESET and hit on enter.

If you get a message

"Sucessfully reset the Winsock Catalog.

You must restart the machine in order to complete the reset." then you are safe.

If not your computer is infected. In windows Vista and Windows 7 a successful system restore

will fix the issue. Try a system restore to a good point.

After a successful system restore try to do the same step again.

If you got the message "Sucessfully reset the Winsock Catalog.

You must restart the machine in order to complete the reset." your computer is safe and secure.

laomao
Level 7
Report Inappropriate Content
Message 12 of 20

Re: Risky connection after XP antivirus 2012 remove

Hi Kuttus,

Thank you for your suggestion, it was quite help. At least I know what impacted on my PC system. Here is the test result.

1).  NETSH WINSOCK RESET

System reported "Entry Point Not Found.  The procedure entry point MigrateWinsockConfiguration could not be located in the dynamic link library MSWSOCK.dll". It confirmed my PC was infected.

2). SIGVERIF

Three sys files were reported -- dtsoftbus01.sys, ndasbus.sys, serial.sys. In addtion, there are a lot of dll files got reported too. See the captured for detail. Can you tell how to cover them through recover console? Thanks a lot.

signature.jpg

kuttus
Level 9
Report Inappropriate Content
Message 13 of 20

Re: Risky connection after XP antivirus 2012 remove

serial.sys is the infected one. You can see there is no Version for that one.

Either replace the file using recovery console or run this tool.

www.fixzero.notlong.com

laomao
Level 7
Report Inappropriate Content
Message 14 of 20

Re: Risky connection after XP antivirus 2012 remove

Hi Kuttus,

I want to use recovery console to replace serial.sys, can you tell me how to do that? Thanks.

kuttus
Level 9
Report Inappropriate Content
Message 15 of 20

Re: Risky connection after XP antivirus 2012 remove

To start the computer in recovery console we need a Winodws XP CD.

             

•  Boot   the computer using the XP CD. You may need to change the boot order in   the system BIOS. Check your system documentation for steps to access the   BIOS and change the boot order.

             

  1. •  When   you see the "Welcome To Setup" screen, you will see the options below   This portion of the Setup program prepares Microsoft Windows XP to run   on your computer

             

                                

             

  1. •   Press   Enter to start the Windows Setup. do not choose "To repair a Windows XP   installation using the Recovery Console, press  R", (you do not   want to load Recovery Console). Do not choose "To repair a Windows XP   installation using the Recovery Console, press  R".
  2. You will then get a DOS prompt.        from here,

Now you have to copy the serial.sys file from the CD/i386 folder using the DOS Commands.

Use the command in the recovery console.

copy X:\i386\serial.sys   Y:\WINDOWS\system32\drivers\

Where X is your Driver letter for the CD drive and Y is the Drive letter for your System drive. 90% Y will be C drive.

I hope it is easy to run the www.fixzero.notlong.com tool first. Since it is a Windows XP the tool will be fixing the issue.

Try it.

laomao
Level 7
Report Inappropriate Content
Message 16 of 20

Re: Risky connection after XP antivirus 2012 remove

Hi Kuttus,

Thank you very much for your information.

I do not want to run the download tool is because my PC had been infected. I am afraid that the tool will be infected during it was running in an infected system.

I tried to use  XP CD to recover serial.sys. But I did not get a DOS prompt after selecting Windows Setup. I will copy the serial.sys file from a known good XP system to replace the infected one. Thanks.

kuttus
Level 9
Report Inappropriate Content
Message 17 of 20

Re: Risky connection after XP antivirus 2012 remove

Let me know if you needed any assistance. Post here. I will replay you.

kuttus
Level 9
Report Inappropriate Content
Message 18 of 20

Re: Risky connection after XP antivirus 2012 remove

XP Internet Security 2012 / XP Security Center 2012 / XP Antispyware 2012 / XP Antivirus 2012 / XP Security 2012 / XP Home Security 2012  all these are same spayware.

If you are trying to remove this spyware, there are full instructions on how to do  that manually at the link :

http://www.bleepingcomputer.com/virus-removal/remove-xp-antivirus-2012

on 29/12/11 7:00:06 EST AM
Highlighted
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 19 of 20

Re: Risky connection after XP antivirus 2012 remove

How to fix file associations in Windows:  https://community.mcafee.com/docs/DOC-1264

Kuttus please don't post registry key fixes, especially from rival software companies.

laomao
Level 7
Report Inappropriate Content
Message 20 of 20

Re: Risky connection after XP antivirus 2012 remove

Hi Kuttus,

Thank you for your information.

I have followed those information to remove this spyware. What I feel confuse is that Malware and McAfee did not detect any more virus after removing this virus, but I did see the virus still there,

1). testendonline.com virus pop up after I opened my firefox.

2). After I login into XP, McAfee reported generic host services for win32 tried to connect with the ip which I posted in above.

3). Ping command was activated by virus and tried to ping outside IP which I posted in above. This is blocked by McAfee.

4). My wifi could not stop acquiring network address although the dhcp ip was assigned and internet was working.

Any suggestion? Thanks.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community