Jump to content

Windows 7 box, corrupted networking. Can't connect to homegroup anymore.

lajekahr

By lajekahr
in General Windows PC Help

 Share

Recommended Posts

lajekahr

lajekahr

Posted
Posted

My wife's computer got a nasty bug. With the help of the malware forums, we've got the malware fully removed, but the unfortunately, it looks like something got corrupted and I can't figure out how to fix it.

The malware thread is here:

http://forums.malwarebytes.org/index.php?showtopic=110620&st=0

My current problems are:

Can't join the homegroup:

There is an active homegroup running on the network and her computer cannot even see it, let alone connect.

Can't share or discover:

When I go to advanced sharing settings, and click "turn on network discovery" and "share files" and hit okay. It accepts it, but when I re-open the advanced settings it shows it as still off.

Can't share attached printers over the network:

When I plug our printer into this comp, I can't print or share it. (I'm least worried about this problem, the printer has wi-fi so I put in on the wi-fi and can print on it from any computer on the network now.)

Short version of the steps I took to fix the malware:

Found infection, updated anti malware software, ran and purged.

Found secondary infection, due to constant shutdown, I had to jimmy a fix. I found the infected file (system32/services.exe) and copied the one from my computer onto her computer. (We're both running win 7.)

That stopped the constant shutdowns so I ran antivirus software and got rid of the infected services.exe file.

I'm hoping yall can help me figure out how to fix the network issue.

Thanks!

Link to post
Share on other sites
TruthRealm

TruthRealm

Posted
Posted

assuming your system is infact 'clean', ensure you've all of the latest Microsoft Updates (including SP1 for Windows 7!), then try running the following commands from an elevated (Run as Administrator) PowerShell prompt as written (order doesn't matter as long as "ipconfig /flushdns" is first)

ipconfig /flushdns

netsh winsock reset

netsh int ip reset

netsh int ipv6 reset

netsh advfirewall reset

shutdown -r

Link to post
Share on other sites
lajekahr

lajekahr

Posted
  • Author
Posted

resetting everything didn't work. :(

I've run the microsoft fixit program many times in the course of working on this problem, but I'm giving it another whirl on a hope.

...

Yup, as before fixit detects there are problems, but can't figure out what they are. sigh.

Thanks for the suggestions, though!

Link to post
Share on other sites
TruthRealm

TruthRealm

Posted
Posted

this procedure going out on a limb however it isn't a shot in the dark either

- verify the system is clean 'still' by downloading a 'fresh' instance of chameleon and running it off a flashdrive

- using "[Windows key] + [R]" type without quotes 'netplwiz' and click ohk

- create a new standard user account

- create a new administrator account

- restart

- log into the new standard user account (whenever asked by UAC for elevated credentials for any of the following tasks, be certain to use the 'fresh' admin account and not your previous account)

- open windows explorer (not internet explorer) and paste this location without quotes "Control Panel\All Control Panel Items\Windows Firewall"

on the upper left panel there should be a "Reset Defaults" option...use it

- make sure your network location is configured as 'Home' (not Public, Work or Domain)

- using the same method from above navigate to "Control Panel\All Control Panel Items\Windows Firewall\Allowed apps" and ensure the following are checked for both columns (Private and Public)

* core networking

* file and printer sharing

* homegroup

* network discovery

* play to functionality

- create a new homegroup from *this* computer

- on the other computer involved 'leave' the homegroup, then attempt joining the new one

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Hello and welcome to Malwarebytes

If you think you are infected, here are the steps needed to get your computer cleaned....

Please read the following so that you can begin the cleaning process:

Don't use any temporary file cleaners unless requested - this can cause data loss and make recovery difficult

You have 3 Options that you can choose from as listed below:

  • Option 1 —— Free Expert advice in the Malware Removal Forum
  • Option 2 —— Paying customer -- Contact Support via email
  • Option 3 —— Premium, Fee-Based Support

OPTION 1

As we don't deal with malware removal in the
General Malwarebytes' Anti-Malware Forum
, you need to start a topic in the

Malware Removal forum

so a qualified helper can help you fix any malware related problems or infections you may have.
  • Please read and follow the directions here, skipping any steps you are unable to complete.
  • After posting your new post, make sure under options, you select Follow this topic and choose Instantly,
    so that you're alerted when someone has replied to your post.

NOTE: Please do not post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies.

If you reply to your own post helpers may think that you're already being helped and thus overlook your post.


    • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
      Or
    • You may send a Private Message to a Moderator asking for assistance.

OPTION 2

Alternatively, as a paying customer, you can contact the help desk
here

OPTION 3

If you would like to use our
Malwarebytes Premium Consumer Services
partner, Comprehensive solutions to all your computer support needs—from installation and set-up to troubleshooting and tune-ups go to our
Malwarebytes Premium Services
support site.

Please be patient, someone will assist you as soon as possible.

Link to post
Share on other sites
lajekahr

lajekahr

Posted
  • Author
Posted

As noted in my post. The malware has already been removed. I'm trying to recover from possible after effects. If you note my post again, you'll see that there is even a link to the malware removal forum. Thanks for the suggestion truth realm I'll give that a whirl.

Link to post
Share on other sites
lajekahr

lajekahr

Posted
  • Author
Posted
this procedure going out on a limb however it isn't a shot in the dark either - verify the system is clean 'still' by downloading a 'fresh' instance of chameleon and running it off a flashdrive - using "[Windows key] + [R]" type without quotes 'netplwiz' and click ohk - create a new standard user account - create a new administrator account - restart - log into the new standard user account (whenever asked by UAC for elevated credentials for any of the following tasks, be certain to use the 'fresh' admin account and not your previous account) - open windows explorer (not internet explorer) and paste this location without quotes "Control Panel\All Control Panel Items\Windows Firewall" on the upper left panel there should be a "Reset Defaults" option...use it - make sure your network location is configured as 'Home' (not Public, Work or Domain) - using the same method from above navigate to "Control Panel\All Control Panel Items\Windows Firewall\Allowed apps" and ensure the following are checked for both columns (Private and Public) * core networking * file and printer sharing * homegroup * network discovery * play to functionality - create a new homegroup from *this* computer - on the other computer involved 'leave' the homegroup, then attempt joining the new one

Okay, I do this but when I log the new standard user it doesn't ask me for credentials to reset to defaults. It just gives me dialog boxes and I hit okay. No errors. I try to go to allowed apps, but it doesn't like that address, so I tried Advanced Features, but the just pops an error that I don't have sufficient privileges. No option to move up a level.

So I logged onto the new admin account.

From there I checked alllowed programs and advanced features, but on both of those I don't see anything like your list, just my various browsers and a couple games...

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

The issue is that only some of the tools used for malware detection and removal are going to give you any real chance of fixing this without fully reinstalling Windows.

We do not allow such tools to be used outside of the HJT forum though for obvious reasons of possibly damaging your computer even more by someone that doesn't know what they're really doing.

Please open a ticket on the Help Desk and ask for me and I will see if I can assist you or not. The Zero Access rootkit is a very nasty piece of malware and there are times that the damage cannot be undone and you will have to reinstall Windows but I can try to assist you if you like. Open a ticket, reference this link and ask for me to look at the ticket.

http://www.malwarebytes.org/contact_consumer

Thanks

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.