Jump to content

Attacked by Nation Zoom now no network conection


Recommended Posts

After I used Malwarebytes to remove the 70+ PUPs listed after the scan I followed the directions to reboot the computer. Upon the restart the computer shows connected to the network either wirelessly or wired however I can not access any website or the local router, I am also unable to ping the router. The Network sharing center shows that the connection is active and the status shows active sent and received packets.


I was also seeing the WER (windows error reporting) service running and causing the active window to "blink" out every second or so because of this is was not possible to type any commands. I have temporarily disabled that service.


Because this computer can not access the internet gathering the DSS information will be more difficult as I am not currently near that computer but I will be able to sneaker net the information to a connected computer.

Link to post
Share on other sites

Hello Wileec and welcome to Malwarebytes forum.

As you noted, you will need to sneaker net tools to the infected-pc and do the reverse to reply back here.

If you cannot download on this machine, please see about downloading on another system.

Then you can put the tools on a USB-flash-thumb drive or burn to CD/DVD and transport to the problem computer, and copy the tool(s) to the desktop.

Tell me the Windows version of this system.

I'll need more information to locate the source of the issue.

Please only ATTACH the log files I ask for.

Download DDS and save it to your desktop from http://download.bleepingcomputer.com/sUBs/dds.com here

or http://download.bleepingcomputer.com/sUBs/dds.scr or


Disable any script blocker if your antivirus/antimalware has it.

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs


Do NOT turn off the firewall

Double click dds to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

Follow and answer the prompts as appropriate.

When done, DDS will open two (2) logs: DDS.txt & Attach.txt

Save both reports to your desktop.

Please attach following logs in your next reply:




Download & SAVE to your Desktop Tigzy's RogueKiller http://tigzy.geekstogo.com/Tools/RogueKiller.exe

Quit all programs that you may have started.

Please disconnect any USB or external storage drives from the computer before you run this scan!

For Vista or Windows 7 / 8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

For Windows XP, double-click to start.

When prompted to accept the EULA, please do so.

Wait until Prescan has finished ... <<-----

Then Click on Scan button at upper right of screen.

Wait until the Status box shows "Scan Finished"

Attach the log into your next reply.

The log should be found in RKreport[1].txt on your Desktop

Do NOT press any Fix button.

Exit/Close RogueKiller


Just in case it is needed, you may try this to see if it helps in getting back the connection to the internet.


Start NOTEPAD. Check and make sure "word wrap" is off.

From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked.

IF it -is- checkmarked, click that one time so that it is un-checked.

Please copy/paste the lines in bold below to Notepad:

@Echo on


attrib -h -s -r hosts

echo localhost>HOSTS

attrib +r +h +s hosts


ipconfig /release

ipconfig /renew

ipconfig /flushdns

netsh winsock reset all

netsh int ip reset resetlog.log

shutdown -r -t 1

del %0

Save as flush.bat to your desktop.

Double-click flush.bat file to run it. Your computer will reboot.

Link to post
Share on other sites

I'd like to understand why you have the wireless connection off and the cable unplugged ?

Does that not defeat the purpose of getting your connection back ?

If your system is behind a hardware router and the Windows firewall is on, that is typically enough.

  • Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Please disconnect any USB or external storage drives from the computer before you run this scan! i_arrow-l.gif
  • For Vista or Windows 7 / 8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    For Windows XP, double-click to start.

  • Wait until Prescan finishes. i_arrow-l.gif
  • On the RogueKiller console, click the Registry tab.

    Put a check next to just these lines here and uncheck the rest:

    [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

    [HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND

    [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

    [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND

    UN-check any -other - lines shown on your screen that are not listed in the above list.

  • Then click on Delete on the right hand column under Options.
  • When done, logoff & Restart the system.
  • The log will be found as RKreport

    Copy & Paste the contents into next reply.

  • Step 2

    Download and SAVE Shortcut Cleaner to your Desktop from http://www.bleepingcomputer.com/download/shortcut-cleaner/

    On Windows 7 / 8 / Vista, do a Right-click on it and select Run as Administrator.

    On Windows XP, double-click to start.

    When all done, Copy & Paste the contents of "sc-cleaner.txt"into a reply.

    Step 3

    Save and close any work documents, close any apps that you started.

    Temporarily turn off (disable) your antivirus program

    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

    Start your MBAM MalwareBytes' Anti-Malware.

    Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

    Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

    look down the screen to Action for potentially unwanted programs PUP < = = VERY Important

    & look down the screen to Action for potentially unwanted modifications PUM &

    & Action for peer-to-peer software P2P

    For each one of the 3 by clicking the down arrow ( on each one, one at a time ) ***

    select "Show in results list and check for removal" from the drop down (arrow) selections. < = = =

    Next, Click the Update tab. Press the "Check for Updates" button.

    If prompted for a Restart, do that.

    When done, click the Scanner tab.

    Do a Full Scan. i_arrow-l.gif

    When the scan is complete, click OK, then Show Results to view the results.

    Make sure that everything is checked, and click Remove Selected.

    When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

    The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

    When all done, Copy & paste the MBAM scan log into a new reply.

    Tell me, How is the system ?

    Re-enable your antivirus program.

    Step 3

    Close any open work documents, if any, saving your work.

    Make sure to close any other programs that you started before.

    Please download Junkware Removal Tool by Thisisu to your Desktop


    Please close your security software to avoid potential conflicts.

    Run the tool by double-clicking it. If you are using Windows Vista or 7 or 8, right-mouse click JRT.exe and select Run as administrator.

    The tool will open and display information and disclaimer in a Command prompt window.

    I'd suggest you close all internet browsers at this point.

    Press a key on keyboard to start scanning your system.

    Please be very patient as this will take several minutes to complete, depending on your system's specifications.

    There are approximatly 12 phases or so in this tool. You will see each phase listed in the Command prompt window.

    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open. And the command prompt will have been closed.

    Please attach JRT.txt into a new reply.

    Re-enable your security software.

  • Step 4

    Please download "AdwCleaner" & Save to your Desktop from


    Close any open documents/programs & all internet browsers you have running.

    If your are running Windows XP, double click "adwcleaner.exe" to start it.

    Otherwise, Right-click on "adwcleaner.exe" and select Run As Administrator to launch the application.

    Now click on the "Clean" button.

    Confirm each time with OK.

    Your computer will be rebooted automatically. A text file will open after the restart. Please attach that logfile in your reply.

    Note: You can find the logfile at C:\AdwCleaner[s1]

Link to post
Share on other sites

Hello Wileec,

This is for after you have finished the other previous steps/tasks from the last reply.

This is for after that.

You will want to print out or copy these instructions to Notepad for offline reference!

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.


Close any of your open programs while you run these tools.

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Download and Save the attached file CFScript.zip, in the same location as ComboFix.exe ---your DESKTOP

Now Un-zip (extract) all contents to the Desktop. It will put a CFscript.txt on it

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs


Do NOT turn off the firewall

Close any (all) open browsers.

Drag CFScript.txt with your mouse and then Drop onto ComboFix.exe {the red-lion icon }

A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.

When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.


[1] IF after Combofix reboot you get the message

"Illegal operation attempted on registry key that has been marked for deletion"

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh

Attach the the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

There will be more to do later !


Link to post
Share on other sites

The board do get very busy at times. Especially these days.

As I see that you have re-imaged your system, I will now list some security principles to help you from getting reinfected.

Suggestions that you should follow:

Get and put in place our beta Anti-Exploit


Pay close attention when installing 3rd-party programs.

It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.

Furthermore, If the license agreement or installation screens state that they are going to install a toolbar or other unwanted adware, it is advised that you cancel the install and not use the free software.

Safer practices & malware prevention

Have a hardware router between the incoming internet-modem and your computer.

Use a Standard user account rather than an administrator-rights account when "surfing" the web.

See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html

Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.

Check in at http://windowsupdate.microsoft.com Windows Update and install any Important Updates offered.

Make certain that Automatic Updates is enabled.

How to configure and use Automatic Updates in Windows


Check on other update issues as well, by getting, installing and using Secunia Personal Software Inspector (PSI) on a monthly basis.

See How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector


Download, install, and keep updated Spyware Blaster (free): http://www.brightfort.com/spywareblaster.html

(all Protections should be enabled at all times)

Tutorial for Spywareblaster: Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware


I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm

See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm

That would help to keep your browser away from known spyware/malware sites.

Get notified when the MVPS HOSTS file is updated


Make regular backups of your system to removable media: DVD, USB external hard drive, etc.

Having a total image backup of your system stored on DVD/CD is highly important.

Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if a disaster hits.

Consider using Web of Trust WOT add-on for your browser(s)



Take extreme care if you share USB-flash/thumb drives from other people {even from friends, roommates, relatives}

Don't plug in an unknown flash/thumb drive into your PC.

IF you must do so, hold down the SHIFT-key when you insert the drive.

Scan any file with your Antivirus prior to opening or using.

On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:

http://www.eset.com/online-scanner ESET Online Scanner

http://quickscan.bitdefender.com BitDefender Quickscan

http://housecall.trendmicro.com/ Trend Micro Housecall

http://support.f-secure.com/enu/home/ols.shtml F-Secure Online Scanner

http://www.microsoft.com/security/scanner/en-us/default.aspx Microsoft Safety Scanner

http://www.pandasecurity.com/homeusers/solutions/activescan/ Panda ActiveScan

See Six tips to help you stay safer online


Stay safe,

I wish you well.

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.