Killing Services..Unable to restart them
I have a very bad issue,
I guess this is a new issue, it is probably a virus attack I have around 30 PCs with this issue. The main issues we had was when typed IPCONFIG in CMD the ip shows 0.0.0.0
to both ip address and subnet mask.i checked the network connection the Local area connection icon was not available, the PC was isolated from the network.
services such as
1) themes
2) remote procedure call RPC
3)server
4)Network connections
5) automatic updates
6) Cryptographic Services
7)DHCP client
8)Windows Installer
were killed and cannot be started...but SAV was running but cannot detect any thing. I can’t change anything or install any programs.i repaired the OS (winxp) it was ok for some time but again it started.
We use ghost imaging system, i formatted the C drive and ghosted with a clean image, it was ok for some but didn’t work.
I’ve tried reading
support.microsoft.com/kb/329050
support.microsoft.com/kb/269019
support.microsoft.com/kb/822123
Need advice and help...
if anyone has such issues like to share progress ideas....
Comments
Hi, Do you have this issue
Hi,
Do you have this issue for all the users, including the local administrator? Also, in control panel , please confirm that the network card is enabled inside the network connections section.
If you want, you can contact technical support and get the Loadpoint Diagnostic utility. That way if there are any suspecious files, we can submit them to the security response.
Aniket
This looks like a typical
This looks like a typical Kernel rootkit..which is hiding from Windows API and is blocking all security and updates so that it cannot be detected.
over here Loadpoint might not help but still it would be.
I guess you have already tried, Disabling system restore, downloading the RapidRelase defs and running full scan in safe mode...if not the please try that first..
Run GMER or Sysinternals RootkitRevealer as it might help..
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
No network icons....waiting for a suspecting file.
I don’t have this for all users only a limited amount, and cannot check and confirm that the network card is enabled inside the network connections section because no icons are available to check that .the NIC is working, drivers are ok. even tried Hirens boot cd it gets connected to the network perfectly.
Please run the autoruns tool
Please run the autoruns tool and let us know if you find anything suspecious in the processes, services, drivers.
PLease refer to the article below for further information: https://www-secure.symantec.com/connect/articles/h...
Best,
Aniket
Just an FYI, RootkitRevealer
Just an FYI, RootkitRevealer isn't going to find all rootkits.
Eric C. Lukens IT Security Policy and Risk Assessment Analyst University of Northern Iowa
have solution...but cant find suspecting file
I found a solution but it’s not ok because we are unable to find the source file that infects it.
It’s a simple registry file, in the registry file below these values were missing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost
Netsvcs
Then the Pc was actually back to normal but I cannot determine whether it is fully ok .
The registry file that was infected.(infected.reg) The registry file that was replaced (replaced.reg)
If any idea, pls update.
Would you like to reply?
Login or Register to post your comment.