Unable to query host name with ipconfig and no internet

I was browsing multiple sites over Internet and clicked on miserably known links. I would have clicked on some unknown links in between. After a while, the browser got closed automatically. It had given me some message clearly. But thinking of nothing happened.

Next day morning, I had opened the system but it is running pretty slowly and could scan my system using McAfee. This had thrown a bigger message to me that your system is infected by Virus.

You could guess what would have happened and how much bigger damage would it be. 😦  VIRUS, VIRUS and the Dangerous…. http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Backdoor%3aWin32%2fSmadow.gen!B&threatid=2147646431

The result is my system (Windows XP) got infected with virus (Backdoor:Win32/Smadow.gen!B, Trojan:Win32/FakeSysdef) and the damage is huge. Also Microsoft had stopped support on Windows XP couple of months ago.

Tension, tension, tension as this system has got lots of data and applications.

The damage is summarized below:

  1. Removed McAfee specific dll (OC****.dll), hence can’t scan my system.
  2. System is pretty slow.
  3. Am sure it would have impacted some system dlls but not sure what are they?
  4. Don’t even know what other damage it had done.

What did I do to recover the damage?

  1. Uninstalled McAfee Enterprise (all features) but McAfee Agent. It is not uninstalling with an error message that there are applications running by using Agent. This doesn’t impact anything to move forward to install another Anti-Virus Software.
  2.  Installed McAfee again to see whether it can proceed anyways. I’m failed get McAfee working on my machine with multiple tries. – Spent 5-6 hours on this to understand why it is not installing again.
  3. Lost hopes on McAfee and started thinking of get another anti-virus software.
  4. After an hour or two, I remembered the suggestion from my office TSS guy. The suggestion is ‘Install Microsoft Security Essentials’ and that too it is free for use by Microsoft.
  5. I have downloaded Security Essentials from Microsoft site from another laptop. Once it is installed and ran that for FULL scan, it took around 4-5 hours.
  6. There were couple of Blackdoors/trojans on the system and the recommendation is to remove those files as they are badly impact the system.
  7. Backdoor:Win32/Smadow.gen!B – This has infected to Windows\System32\drivers\ipsec.dll (would have impacted to tcpip.sys also) and couple of .sys files from System Volume Information folder. With this, network connectivity would never happen. But no way to avoid that as it is infected file.
  8. The entries (ipsec and tcpip) would have been deleted from the registry HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\.
  9. When you do ‘ipconfig’ from command prompt.
    An Internal error occurred:The request is not supported.
    Please contact Microsoft Product Support Services
    Additional Information: Unable to query host name
  10. Trojan:Win32/FakeSysdefIt has deleted couple of files from Application data folder.
  11. I need to reinstall Windows XP SP3 as well once again.
After this, lots of trails to get the system up but not happened. I did lot many workarounds suggested by lot many folks over Internet.
  1. Uninstalled Ethernet drivers. Restarted the machine, no luck.
  2. Reinstalled Windows XP SP3. Restarted the machine, no luck.
  3. Compared with other XP laptop and understood that it has also removed tcpip.sys from Windows\System32\drivers folder. tcpip.sys is very important protocol and impacts the network in the system.
    To Correct this:-

    1. Option1 – Tried installing Microsoft Fixit from http://support.microsoft.com/kb/299357. This didn’t help. Then went to the below steps.
    2. Go to Control Panel
    3. Open Network connections
    4. Select ‘Internet protocol (TCP/IP)’ and uninstall. By the way, you cannot unstall as the uninstall button would be disabled here. Use the Windows Enabler tool (either from http://windows-enabler.softpedia.com/ or http://www.freewarefiles.com/Windows-Enabler_program_980.html). Usage document would be available along with the tool.
    5. Quick brief on that, you just need to run Windows Enabler.exe, the icon sits in the System tray.
    6. After opening the network properties dialog and select the ‘Internet protocol (TCP/IP).
    7. Click on the icon from system tray and then click on ‘Uninstall’ disabled button, the tool enables button.
    8. Clik on Uninstall button. This would ask for restart of the system. After restart, it had brought back all the keys in HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tcpip\
    9. Now, you are good that the network connectivity happens.
    10. Connect your ethernet cable to the system and could observe that the lights were blinking.
  4. To get the ipsec.sys file..
    To Correct this:-

    1. Copy ipsec.sys file from a virus-free windows XP machine. The file would be available in Windows\System32\drivers\ folder.
    2. Restart the machine.
    3. After restart, it had brought back all the keys in HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IPSec.
    4. Now, run ipconfig and HURRAY, the IP details has come back.

Huh, tried to connect to the internet, yes, the system is getting the IP address and also connecting to Internet.

I re-ran the Anti-virus and the system is cleaned up as per the Security Essentials anti-virus. The whole process took me 3 days to get my system back to previous known status and immediately posting this for the persons like you if have an issue like this.

Now, I can happily have a nice nap. Have a good time.

~ Gangadhar Kotu

Advertisements

17 responses to this post.

  1. Posted by Katja on May 10, 2012 at 10:17 pm

    Dear Gangadhar, You are a star! This post saved me 2 days and a half. I had exactly the same problem and tried the conventional fixes first but your steps worked a treat. I had to do it twice but now I’m back in business :-). I could kiss you! Thanks so much, Katja

    Reply

  2. Posted by Howard Patterson on May 12, 2012 at 8:52 pm

    Thank you so much for your insightful procedure. My son’s 6 year old laptop was not connecting and I had exhausted all the usual tricks. Didn’t have the recovery disks anymore and I was desperate. Your procedure allowed me to get it working and now he’s a happy camper. Bravo!

    Reply

  3. Posted by YRoberts on May 24, 2012 at 7:13 pm

    Windows Enabler does not trn on the uninstall button for me.

    Reply

    • Once you started the windows enabler utility, click on again from task bar to see ‘On’ on the icon and then click on the button to get it enabled.

      Reply

  4. Posted by ashvin on December 3, 2012 at 8:05 pm

    I installed Microsoft Security Essentials from another computer, however it is forcing to update (get latest virus files) from internet and internet is NOT working to begin with due to this virus. Any suggestions?

    Reply

  5. Posted by ashvin on December 3, 2012 at 8:19 pm

    I also tried to use another virus software (AVG), but that also requires internet connectivity. I would really appreciate if anyone has suggestions/workaround?

    Reply

  6. Posted by ashvin on December 4, 2012 at 3:42 pm

    I tried yet another software (Microsoft Malicious Software Removal Tool). It scanned the computer which ran for nearly 5 hours. Found one bad/infected virus file and removed it. Now I am trying to follow steps to uninstall TCP/IP (using Windows Enabler as suggested), but the option to uninstall TCP/IP in Network Connections is still grayed out (hence can not select it). Any ideas?

    Reply

  7. Posted by sean on December 7, 2012 at 5:57 am

    i click the window enable utility , dialog does not show up. help

    Reply

  8. Posted by Szilla on December 4, 2013 at 9:32 pm

    Thanks very much for posting this. Had to do a recovery installation of XP for a friend, and it broke the networking portion of Windows. Used the Enabler, uninstalled TCP/IP, then reinstalled it. Works fine now.

    Reply

  9. Posted by Narender on December 8, 2013 at 9:59 pm

    HI Gangadar, You mentioned that – Use the Windows Enabler tool (either from http://windows-enabler.softpedia.com/ or http://www.freewarefiles.com/Windows-Enabler_program_980.html).
    But Due to IP issues, my laptop is not connected to internet. Then how to get to those enabler site.

    Reply

    • Hi Narender, Please download the same from other machine and copy using USB/CD/DVD drives as we can’t do magic. Hope you can understand. Please take help from your friends/colleagues.

      Reply

  10. Thanks for your help and information which you provided. Actually they did not work for me and I tried to change my host name. I changed the computer name and restarted and it worked!! Good luck for you and keep up the good job.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: