# [SOLVED] Can't connect to Internet after removing virus Windows XP 2012 Security



## a_zutshi (Feb 4, 2012)

Hi,

1) I had Windows XP 2012 Security virus that I removed. The antivirus software also removed afs.sys and afs.reg file, that I repalced from backup. I also copied and merged afs.reg Doing this got me an ipaddress for my PC.

2) I can not connect my wired desktop to the Internet. I can ping the ip address of google.com but not the url. I can also not ping ip address of netgear.com. My laptop has no problem connecting to the wireless network. 


3) I ran Winsockxpfix and flushed dns and did not help.


ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : home
Primary Dns Suffix . . . . . . . : 
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection
Physical Address. . . . . . . . . : 00-13-72-C4-A1-7D
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
Lease Obtained. . . . . . . . . . : Monday, February 13, 2012 4:44:44 PM
Lease Expires . . . . . . . . . . : Tuesday, February 14, 2012 4:44:44 PM
.

Here is the output from Farbar 


Farbar Service Scanner Version: 04-02-2012 01
Ran by Amit (administrator) on 13-02-2012 at 16:47:35
Running from "C:\Documents and Settings\Amit\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============
System Restore Disabled Policy: 
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: Attention! Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
Gpc(3) IPSec(5) NEOFLTR_650_16789(8) NetBT(6) PSched(7) Tcpip(4) 
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.
**** End of log **

Any help will be appreciated. I have spent last few weeks trying to fix it. I tried WIndows restore but was not successful.

thanks

Amit


----------



## shawnpb (May 30, 2010)

*Re: Can't connect to Internet after removing virus Windows XP 2012 Security*

Hello! Try in command prompt



```
Ipconfig /release
Ipconfig /renew
Ipconfig /all
```
then repost the ipconfig /all findings.


----------



## a_zutshi (Feb 4, 2012)

*Re: Can't connect to Internet after removing virus Windows XP 2012 Security*

Windows IP Configuration

Host Name . . . . . . . . . . . . : Home-desktop
Primary Dns Suffix . . . . . . . : 
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection
Physical Address. . . . . . . . . : 00-13-72-C4-A1-7D
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
Lease Obtained. . . . . . . . . . : Tuesday, February 14, 2012 6:39:29 AM
Lease Expires . . . . . . . . . . : Wednesday, February 15, 2012 6:39:29 AM


----------



## a_zutshi (Feb 4, 2012)

*Re: Can't connect to Internet after removing virus Windows XP 2012 Security*

Hi,

Just an update, I can Skype on the Desktop and now can ping the netgear ip address. But still can not ping google.com or use the browser.


----------



## 2xg (Aug 5, 2009)

*Re: Can't connect to Internet after removing virus Windows XP 2012 Security*

Hi amit and Welcome to TSF,

Check for any Proxy settings in your browser, remove it if found.
How to Remove Proxy Settings

If that didn't work, logon as a different User, create one if needed.

Please give us an update.


----------



## Fred Garvin (Sep 4, 2010)

*Re: Can't connect to Internet after removing virus Windows XP 2012 Security*

If 2Xg's advice doesn't help, there's a good chance you're still infected with more than just the AV 2012 malware. I can also see from the info you posted that the malware has deleted registry keys which allow your firewall and Windows update to work. You will either have to rebuild the registry keys, reinstall windows or pull them from a registry backup. If you need help with virus removal, you'll have to create a new post in the Virus & Security forum. Start here: NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum


----------



## a_zutshi (Feb 4, 2012)

*Re: Can't connect to Internet after removing virus Windows XP 2012 Security*

Ok, my problem has now resolved. Here is what I tried and what eventually worked:

I ran Malwarbytes and it did not find anything major.

I ran superantispyware and it found TrojanAgent/Gen-FakeAV. But this still did not fix the problem.

Finally, I found this link DNS resolve problem with ping but not nslookup - Windows Server Help

And what fixed it was removing Windows SP3 and then I can connect to Internet. Now I am resinstalling Windows SP3. Thanks for everyones help


----------



## 2xg (Aug 5, 2009)

*Re: Can't connect to Internet after removing virus Windows XP 2012 Security*

Thanks for the update. Glad to hear that your issue has been resolved.


----------



## Fred Garvin (Sep 4, 2010)

*Re: Can't connect to Internet after removing virus Windows XP 2012 Security*

That was a big way around the problem, but glad you got it fixed. The reason it did work was because reinstalling SP3 reinstalled the Windows firewall again. The virus you had, removed or changed a couple of registry keys which prevented you from turning the firewall it back on.




a_zutshi said:


> Ok, my problem has now resolved. Here is what I tried and what eventually worked:
> 
> I ran Malwarbytes and it did not find anything major.
> 
> ...


----------

