Windows XP – Resolving Aquiring Network Address Problems
After spending nearly a week on & off removing a virus from a notebook computer, we are down to one last task… getting the network services back online. Here are some notes about how to get around this problem and the ever-present “acquiring network address” that never is acquired.
Resetting Windows Network Stacks
- To reset the Windows/XP TCP/IP stack use this command from the command shell:
netsh int ip reset reset.log
- To reset the Windows/XP Socket layer, use this command from the command shell:
netsh winsock reset catalog
Check For Rootkits
Turns out the virus installed a rootkit. These are special files hidden by the operating system that change how the base OS works. That makes them hard to detect & remove with normal spyware. TDSS rootkit by Kapersky Labs helps fix that:
- Download install and run TDSS rootkit removing tool – get it here:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
In our case the file c:\WINDOWS\system32\DRIVERS\isapnp.sys was compromised. You can repair this with a Windows XP recovery (sometimes) by following these instructions : http://support.microsoft.com/kb/315311.
- Download, install, and run Combo-Fix. Before you do this you must SAVE LINK AS and rename the file from ComboFix to Combo-Fix during the download, NOT AFTER:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
In our case Combo-Fix also found problems with:
- c:\windows\bootstat.ocx
- c:\windows\Copy of notepad.exe
- c:\windows\system32\drivers\npf.sys
- c:\windows\system32\drivers\Packet.dll
- c:\windows\system32\drivers\Thumbs.db
- c:\windows\system32\drivers\wpcap.dll
Related posts:
- Changing Network Device Priorities In Vista
- cPanel Brute Force Protection – regaining access
- Easy Documentation for Git, MySQL, PHP, et cetera
0 Comment | Posted in blog,desktop computing
by lcleveland on June 09, 2010
Leave a comment