Sign-in / Sign-up
Your question

One remaining issue after virus removal

Tags:
  • Security
  • IP
  • Virus
  • System32
  • Windows 7
Last response: in Windows 7
January 23, 2013 11:59:40 PM

I had the $RecycleBin ZERO ACCESS virus. I removed it with RougeKiller and had to use REG fixes to input the entries that were deleted. After all of this on my last run of FSS I still have an error in the OTHER SERVICES section, and at the top it says I have an error with Google IP, that it is offline..anyone ever had this and what is the Google IP and Yahoo IP they speak of, what are they used for?

My FSS log----

Farbar Service Scanner Version: 16-01-2013
Ran by Coy44 (administrator) on 23-01-2013 at 20:52:54
Running from "C:\Users\Coy44\Downloads"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

More about : remaining issue virus removal

a b $ Windows 7
January 24, 2013 12:24:09 AM

The Google and Yahoo IP services are related to using one of those two as a DNS server if you have a static IP address in place. Most people don't, unless you're running it from your router or what not.

Your bigger issue is that this may only be the first of your issues. Attempting to repair your damaged OS after the RecycleBin virus using reg fixes of any kind can be hazardous. That virus has been known to damage much more than just the registry, to include boot sectors, MBRs (surprisingly enough), and partition tables.

My recommendation: Backup whatever you don't want to lose (being sure to scan everything as it goes in) and then reformat the drive and reinstall.

I can almost assure you that there is deeper damage than just what you're experiencing now and it just hasn't shown yet.
m
0
l
January 24, 2013 2:52:12 AM

hedwar2011 said:
The Google and Yahoo IP services are related to using one of those two as a DNS server if you have a static IP address in place. Most people don't, unless you're running it from your router or what not.

Your bigger issue is that this may only be the first of your issues. Attempting to repair your damaged OS after the RecycleBin virus using reg fixes of any kind can be hazardous. That virus has been known to damage much more than just the registry, to include boot sectors, MBRs (surprisingly enough), and partition tables.

My recommendation: Backup whatever you don't want to lose (being sure to scan everything as it goes in) and then reformat the drive and reinstall.

I can almost assure you that there is deeper damage than just what you're experiencing now and it just hasn't shown yet.


I did also run Windows Repair by Tweaking.com which supposedly rebuilds MBR. As far as I know all the issues I was having are gone including the Google search redirects. the only things unresolved were the error at the bottom of the FSS log talking about iphlpsvc registry key, and the Google IP thing, just didnt know if those things were needed. I read that the iphlpsvc.dll has something to do with allowing IPv4 to hangle IPv6 protocols or something.
m
0
l