Jump to content

BCIengineer

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I'm sorry this instructions are not more thorough and step by step, but I am in the middle of getting a client's network back up and running. To get rid of the bogus network adapters, I searched the registry for ms_passthrump. I deleted all the key's that had that value. At one point you it will say you cannot delete a key. Then go to Device manager and uninstall the rouge device. It will also tell you that you can not uninstall the device, but the device will disappear. You should then be able to delete the key also. Again I apologize for not being more thorough, and I do not recommend taking these measures if you are unsure of what you are doing in the registry. I will try to get a more descriptive process up later.
  2. Here is some output from running netsh int ip reset reset Linkage\UpperBind for ROOT\MS_NDISWANIPX\0000. bad value was: REG_MULTI_SZ = Passthru reset Linkage\UpperBind for PCI\VEN_14E4&DEV_1677&SUBSYS_01791028&REV_01\4&1D7EFF9E&0&00E0. bad value was: REG_MULTI_SZ = Passthru reset Linkage\UpperBind for ROOT\MS_NDISWANIP\0000. bad value was: REG_MULTI_SZ = Passthru
  3. Sounds like you have been hit by a new PE virus that came out last week. McAfee's name for it is w32/virut.n. Info about the nasty on Trend: http://blog.trendmicro.com/virux-cases-escalate/ It will infect pretty much every .exe and .scr file on your computer. Some people have said it lives through deleting the partition, which may have been the case for you. I had to format several of my clients PC's because at first McAfee could not clean the virus and instead deleted the files. Not good when it is every .exe on your PC. I also formatted the MBR on my rebuilds, and have not seen any sign of the virus yet. It connects to a IRC server to allow remote commands to be sent to your PC. I think that is where the rootkits and backdoors are coming from. I have been able to clean (I hope) the virus from most of my client's PCs, using McAfee with at least the 5519 DATs, Malwarebytes, and combofix. If you do ipconfig at a command prompt all you see is one line "Windows IP Configuration," right? WinsockXpFix was fixing the issue for me, but I think it breaks again on reboot. It does not get rid of the bogus network adapters though, and the problem does seem to come back. Hope this helps someone come up with a solution.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.