Internet Connectivity Problem
I was browsing what should have been a very low risk webpage a few minutes ago on my laptop and all of the sudden I received notice that my virus protection identified and blocked two threats: one was a Trojan downloader and the other was a Trojan virus. I had them both removed and rebooted as instructed by my software.
Now I can no longer access the web through my Verizon Fios router (wifi). The network status is stuck on 'acquiring network address' and none of the standard troubleshooting steps I've attempted have changed this. My iPad is running off the same router and is working fine so I believe this is an issue with the PC itself. The two virus scans I ran show nothing and i really have no idea what to do from here. Any ideas.
P.S. Hackers should burn in hell. 
"There should be a help line that criminals could call to check out the viability of their plans. Just have them describe their plan, and then the help desk employee could explain, "No, that is a stupid plan. You will get caught immediately." -Funkenpants
Boot in safemode w/networking and see what happens?
Don't know if that will work with your Verizon thingie or not.
XBLive: Thin J | PSN: Thin_J | Battle.net: Twiggy.658, ThinJ#1850
You know stuff. - MannishBoy
The only thing that comes to mind would be that your TCP/IP settings have been changed. Typically it should be set to automatically get settings from DHCP, so I'd check there first.
Dabbling in most F2P MMO's as Veloreyn.
I'm going to be that guy and say - Nuke it from orbit ("It's the only way to be sure") and restore from backup.
What's also strange is that I can't seem to access the Verizon router through my web. Usually I can just punch in the 192.xxx.x.x and it coes right up but now I'm getting an error.
Perhaps I should just nuke it and start over. I haven't ever had to do that. This PC is relatively clean and empty already and i never ran a backup on it so how would i go about the full cleanse. Do I just install Windows again?
"There should be a help line that criminals could call to check out the viability of their plans. Just have them describe their plan, and then the help desk employee could explain, "No, that is a stupid plan. You will get caught immediately." -Funkenpants
Yeah, it sounds like malicious code started to run on your machine, and your antivirus saw it a little too late. It warned you, and perhaps stopped the infection process midway, but it wasn't fast enough.
You might potentially be able to resurrect it, but once known-bad code has run on a machine, there's only two ways to be certain it's clean again: either you do a full forensic analysis of every byte on the drive, when mounted under a known-clean OS (which is VERY time consuming, and takes a huge amount of expertise), or you wipe it. There are so many ways and places for viruses to hide that even Microsoft themselves can't always recover some infected computers without a wipe.
Basically, from a logical perspective, once virus code is running at kernel level on your system, it can hide its own presence in many different ways. Any measurement that any program does, even also running in kernel mode, can be compromised to report clean results. Before you've been infected, you can generally run with the assumption that a 'clean' report is actually clean. But once you know evil code has run on a machine, all a 'clean' report tells you is that you don't detect anything, not that it's actually clean.
Mounting the drive on another machine and running scans on it increases the chance of cleanliness a great deal, but even then the dormant OS can still be corrupted by custom code that the scanner doesn't recognize. I'm not aware of any programs that can analyze a dormant OS well enough to guarantee that it can be booted up in an uncompromised state... that may not even logically be possible. I believe you'd have to actually examine every program and document file on the machine, manually, to be certain, and the sheer magnitude of the task is ridiculous.
The tl;dr version: even if you restore the computer to apparently working, the absolute best you can ever now achieve with this computer is 'probably clean'. If you want 'certainly clean', you'll need to reinstall the OS.
I'd suggest backing up your profile directory to a USB key or something, and don't forget to go get all the drivers from the motherboard maker's website. All you really HAVE to have is the network driver, which is probably included in Win7 already, but it can be really convenient to have everything pre-installed on a USB key.
You can expect most reinstalls to take about four hours, start to finish.
Elewis17 wrote:
Beyond the "can you be sure?" certainty of cleaning angle, the other reason is time. How long can you spend running scans, researching what you were infected with, versus backup, nuke and restore. Neither route is a fun use of your time, but it's good to have the skills and knowledge that you can get your machine in a fresh, known good state.
This.
Check to make sure your ip address is still to DHCP.
Run malware bytes too.
wordsmythe wrote:
Thanks for all the info and suggestions.
anI ended up doing a System Restore to a point prior to the infection and everything is working fine upon completion. I'm now able to update Malwarebytes, can access the router, and Internet Explore is running like usual. I ran two virus scans and it picked up a Trojan Downloader (Karagany.G) and a Trojan Virus (Blacole.Ref.Q). I removed both of those, reran the scans, and everything looks "clean".
"There should be a help line that criminals could call to check out the viability of their plans. Just have them describe their plan, and then the help desk employee could explain, "No, that is a stupid plan. You will get caught immediately." -Funkenpants
Again: once bad code has run on a computer, you can never improve past 'probably clean' without either a full forensic examination or a rebuild. Modern viruses can be unbelievably clever and just about impossible to remove.
Elewis17 wrote:
Agreed Malor. I just meant that it appears to be as "clean" as possible without a full rebuild/forensic analysis. I did attempt to reinstall XP on it last night and the issue I was running into was that I couldn't get into the BIOS menu. Everytime I restart or reboot, I get that first Intro screen for literally a split second and pressing F2 (Setup) or F12 (BIOS) doesn't prevent the machine from continuing to the normal desktop startup. Any idea how I can get in there if it's not accepting my prompt during that short interval in the beginning?
"There should be a help line that criminals could call to check out the viability of their plans. Just have them describe their plan, and then the help desk employee could explain, "No, that is a stupid plan. You will get caught immediately." -Funkenpants
What type of keyboard are you using and how is it connected? No idea if I'm barking up the wrong tree, but I'd say PS2/USB onto ports directly on the motherboard should be most reliable, if you're using wireless or with a hub it might not help.
I'm on a DELL laptop (newer model).
"There should be a help line that criminals could call to check out the viability of their plans. Just have them describe their plan, and then the help desk employee could explain, "No, that is a stupid plan. You will get caught immediately." -Funkenpants
"Sited for not having a red flag on that ass"-ibdoomed
I've actually talked about that on a number of occasions... ACPI viruses definitely appear possible, but they presently will run only on one set of closely-related motherboards. It's not enough of a population to support normal viruses, but BIOS viruses could be used for targeted attacks, a la Stuxnet.
As ACPI continues to be extended and generalized, viruses that can run on multiple motherboards may become viable.
Elewis17 wrote:
wordsmythe wrote:
It would be very funny if Gumbie were posting that from an infected computer.
Elewis17 wrote:
How do you know he isn't?
Staats wrote:
Geek Bravado | Twitter | Flickr
Well, what I was kind of hinting at: how does he know he isn't?
Some modern viruses are unbelievably good. Remember, we only hear about the sh*tty ones.
Elewis17 wrote:
WTF do you want me to do about it? I'm the one that stole them.
"Sited for not having a red flag on that ass"-ibdoomed
Speaking of which, what's happened to zone alarm now?