Virus knocking out lan? Help quik plz..

[yo4444]

I have 2 friends that have had this happen in a matter of 12 hours, and need to get them up and running fast.

Both have had their internet service just die on them inexplicably. Then when talking to them, they both had AVG detect a virus and delete it just before. Neither are able to run system restore, can't ipconfig/renew(getting a socket error) and both are getting a .dll run error on startup.

Is this a known thing? Anyone know the solution? What are the suggestions?

 

[Smokeys]

What version of windows?
What virus?
what is the socket error?
what dull run error?

have them run http://housecall.trendmicro.com to confirm nothing else is left.

 

[I.M.O.G.]

This might come in handy:

http://www.cexx.org/lspfix.htm

You can put the files on floppy or jump drive.

You need to ensure the infection is removed or this might not work. You might need to install AVG with updated virus defs to ensure there is nothing still on the machine - he can't run an online scan at trendmicro if the machine's internet is borqued.

If you google you can find out how to locate the log files for whatever antivirus software they are running, and then you can tell us what virus it found, so that we know what damage was caused.

If you could give us this information you would get an answer much quicker.

 

[yo4444]

XP,

It's a trojan/backdoor, thats all they know.... new.net6_38.dll

socket error:
Error occorred while renewing interface local connection 3 : An operation was attepted on something that is not a socket

Dll error is:
rundll c progra~l\Newdot~1.dll
specified module cannot be found
path c:\programfiles\new.net\

Housecall runs from their server online, and they cant get online...I can't DL it to my pc to bring over.

 

[I.M.O.G.]

I have a fix for you... BRB

You need to use the instructions here, and the program I gave you before incase their tcp/ip stack has already been damaged:

http://www.cexx.org/newnet.htm

Once installed, the client runs silently at start-up (via Rundll32) by a Run key placed in the Windows registry. The software may be more accurately termed an OS plugin due to the way it integrates itself with the network configuration (Windows Sockets, or Winsock stack) so that all DNS queries are passed through the New.net DLL. If the DLL is removed without also rolling back the changes made to the Winsock stack, such as by simply deleting the file, the computer's Internet connection will be broken.

The error at startup is due to the registry key, telling the driver to load. The AV found the driver and deleted it, which killed your internet connection.

 

[yo4444]

I have a fix for you... BRB

you guys are GODS!!!
Ill brb.. need to take the dog for a dumpy!

 

[yo4444]

Thank you guys very much.. got them both up and running over the phone. Just needed to uninstall from add/remove programs..even after the file was deleted with AV.