Re: GOOGLE REDIRECTS TO http://abnow.com

Quads · ‎07-21-2008

Looks like C:\Windows\System32\mswsock.dll is infected and Symantec has screwed itself over possilly causing no internet due to the firewall not working properly.

Try System restore to the one I did 3 - 4 days ago.

Quads

shevo11 · ‎03-14-2012

I started my computer in safe mode and when it asked me to continue on safe mode or restore system to one day i choose this last one... But when i restore the system, after rebooting, it says that it couldn´t restore the system to the day i selected. I tried whith the other days it offer, but the same happened.

what can i do?

Quads · ‎07-21-2008

Safe Mode you won't have the internet anyway on mininal mode.

Quads

shevo11 · ‎03-14-2012

No, but that only to start the restore program, all the other i did it in normal mode, what can i do to get back the internet in that computer?

Quads · ‎07-21-2008

Do you still have OTL and Systemlook??

Quads

shevo11 · ‎03-14-2012

Only OTL but i supouse i can pass the other with the use of a USB or something, what do you need?

Quads · ‎07-21-2008

ccapp.exe is Symantec and is causing a network problem and mswsock.DLL which some zeroaccess variants use

Start OTL, under Copy and paste what is below between the lines

msconfig

safebootminimal
activex
drivers32
netsvcs
"%WinDir%\$NtUninstallKB*$." /30
C:\Program Files\Common Files\ComObjects\*.* /s
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%SYSTEMDRIVE%\*.exe
/md5start
volsnap.sys
atapi.sys
explorer.exe
winlogon.exe
wininit.exe
mswsock.DLL
tdx.sys
afd.sys
/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs

Press the

I have attached the custom scan data also.

Quads

shevo11 · ‎03-14-2012

Here you have the log

Quads · ‎07-21-2008

mswsock.DLL is in the correct location and the correct location and the correct MD5 of 5E11D375C92A0DDA7AC4D487FC4E1978.

Also C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe is running but I would say as I said the other day Symantec looks like is playing up, when ccApp.exe is not working right you can end up with no internet, as it's for the firewall.

I don't have the Symantec CleanWipe tool, I wonder if I can remove the troublesome Symantec with Combofix, but with OTL. Will have to think.

With a new downloaded Combofix and transferred over, then start the PC into Safe Mode (Not Safe Mode with Networking) does Combofix start and run.

You do have zeroaccess (again)

[C:\WINDOWS\$NtUninstallKB13314$] -> Error: Cannot create file handle -> Unknown point type

Quads