Malware clears IP address
in [Windows Viruses]
|
Prev: McAfee 5958 DAT update may cause WinXP continuous reboots
Next: Security update hits Window PCs
From: Newell White on 22 Apr 2010 06:30 I have several XP SP3 machines on our W2k3 AD network which have been infected with something which (a) Disables the DHCP client (b) Sets IP address and net mask to 0.0.0.0 (c) Disables search for files in explorer (d) Cause MBAM to halt with a run-time error which refers to an invalid .ocx file which is not present on machines which can run MBAM I can't see anything obvious with Autoruns.exe, and McAfee Corporate anti-virus finds nothing. Does this sound familiar? -- Regards, Newell White
From: David H. Lipman on 22 Apr 2010 06:52 From: "Newell White" <NewellWhite(a)discussions.microsoft.com> | I have several XP SP3 machines on our W2k3 AD network which have been | infected with something which | (a) Disables the DHCP client | (b) Sets IP address and net mask to 0.0.0.0 | (c) Disables search for files in explorer | (d) Cause MBAM to halt with a run-time error which refers to an invalid .ocx | file which is not present on machines which can run MBAM | I can't see anything obvious with Autoruns.exe, and McAfee Corporate | anti-virus finds nothing. | Does this sound familiar? Nope, sounds like a DHCP issue. As for the MBAM issue (and I assume you are a corporate customer) post about your problem in the Malwarebytes' forums... http://forums.malwarebytes.org -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: Newell White on 22 Apr 2010 08:46 "David H. Lipman" wrote: > From: "Newell White" <NewellWhite(a)discussions.microsoft.com> > > | I have several XP SP3 machines on our W2k3 AD network which have been > | infected with something which > > | (a) Disables the DHCP client > | (b) Sets IP address and net mask to 0.0.0.0 > | (c) Disables search for files in explorer > | (d) Cause MBAM to halt with a run-time error which refers to an invalid .ocx > | file which is not present on machines which can run MBAM > > | I can't see anything obvious with Autoruns.exe, and McAfee Corporate > | anti-virus finds nothing. > > | Does this sound familiar? > > Nope, sounds like a DHCP issue. > > As for the MBAM issue (and I assume you are a corporate customer) post about your problem > in the Malwarebytes' forums... > http://forums.malwarebytes.org > > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp > > > . How does a DHCP failure explain the refusal to search for files in Windows Explorer? Further investigation shows that most services are not running. Trying to start the DHCP client service results in 'Error 193: 0xc3' -- Newell White
From: "FromTheRafters" erratic on 22 Apr 2010 13:39 Could this be a symptom of svchost.exe being quarantined or deleted by McAfee? "Newell White" <NewellWhite(a)discussions.microsoft.com> wrote in message news:6477F623-B1E1-4FBE-BE48-E1FBC7FAAD6E(a)microsoft.com... > > "David H. Lipman" wrote: > >> From: "Newell White" <NewellWhite(a)discussions.microsoft.com> >> >> | I have several XP SP3 machines on our W2k3 AD network which have >> been >> | infected with something which >> >> | (a) Disables the DHCP client >> | (b) Sets IP address and net mask to 0.0.0.0 >> | (c) Disables search for files in explorer >> | (d) Cause MBAM to halt with a run-time error which refers to an >> invalid .ocx >> | file which is not present on machines which can run MBAM >> >> | I can't see anything obvious with Autoruns.exe, and McAfee >> Corporate >> | anti-virus finds nothing. >> >> | Does this sound familiar? >> >> Nope, sounds like a DHCP issue. >> >> As for the MBAM issue (and I assume you are a corporate customer) >> post about your problem >> in the Malwarebytes' forums... >> http://forums.malwarebytes.org >> >> >> -- >> Dave >> http://www.claymania.com/removal-trojan-adware.html >> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp >> >> >> . > How does a DHCP failure explain the refusal to search for files in > Windows > Explorer? > > Further investigation shows that most services are not running. > Trying to start the DHCP client service results in > 'Error 193: 0xc3' > > -- > Newell White > >
From: David H. Lipman on 22 Apr 2010 16:29 From: "FromTheRafters" <erratic @nomail.afraid.org> | Could this be a symptom of svchost.exe being quarantined or deleted by | McAfee? Could very well be as SVCHOST is the Sefver Daemon of NT Services and thus the OS is hosed if he had used the affected 5598 DAT file. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
|
Next
|
Last
Pages: 1 2 Prev: McAfee 5958 DAT update may cause WinXP continuous reboots Next: Security update hits Window PCs |