Tech Support Forum banner
Status
Not open for further replies.

[SOLVED] New Thread - Had or Have Virus that affected my Network Adapters

24K views 73 replies 5 participants last post by  jcgriff2 
#1 ·
:wave:,

I was sent over to this section by Ried. I had a Thread here under the Virus/Trojan/Spyware help. Ried has done all he can do, I believe. There is not virus/trojan/spyware holding anything ransom.

Long story short, My sister bought a Compaq CQ60-215DX laptop from someone she works with about 1 month ago with Windows Vista 32 as the OS. After I ran Stinger I began having problems with network adapters. Device Manager items that are having trouble (everything in the device manager has a problem):
Atheros Ar5009 802.11a/g/n Wifi Adapter
NVIDIA nForce Networking Controller
WAN Miniport (IP)
WAN Miniport (IPv6)
WAN Miniport (Networking Monitor)

First I uninstalled both the NVIDA nForce Network Controller and the Atheros Ar5009 802.11 a/g/n WiFi Adapter thinking that a reboot would cause them to reinstall and work properly again. Well that wasn't the case. It did find the new hardware for both but I get the error that says "Windows found drivers for your software but encountered an error while attempting to install it. The system cannot find the file specified." The device manager shows all network adapters as not working properly with Code 31.

Then I downloaded the Chipset drivers, Atheros Wireless Lan Drivers, updated BIOS driver, and the NVIDA graphic drivers (280.26-notebook-win7-winvista-32bit-international-whql.exe) from the computers manufacturers website specific to the compaq computer code.

Nothing worked so I posted to the Virus/Trojan/Spyware help site thinking it was still the Virus/Trojan/Spyware that the computer had.

Since having conversed with Ried, I tried installing everything again. I followed some instructions on how to completely remove the drivers from the NVIDIA forums. Removing all the folders and using the DriverSweepe software to remove old or left over NVIDIA drivers. Then installed everything all over again and still no help.

Everything i boot the computer the found new hardware starts up, but I end up with the same problem "Windows found drivers for your software but encountered an error while attempting to install it. The system cannot find the file specified."

Any help you can provide would be greatly appreciated.. :pray::pray:

If you need it, here is the ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : Laptop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
 
See less See more
#2 ·
Re: New Thread - Had or Have Virus that affected my Network Adapters

I forgot to add, that I tried the recover mode and let it install the drivers from the recover partition, but that didn't work either.. Actually, this is the first thing I tried..
 
#4 ·
Re: New Thread - Had or Have Virus that affected my Network Adapters

:wave: 2XG,

Sorry about that.. I didn't think a blank XIRRUS image would do any good and I failed to mention that it came back blank. I think that is because the Network Adapters are not functioning.. Nonetheless, attached is the XIRRUS screen capture.

Also, I didn't think knowing my ISP was important, as all the computers in my home are working fine, except for the one that has the problems with the Network Adapters. Nonetheless, my ISP is Time Warner and my broadband is Cable.

I thought I listed the firewall and antivirus, but maybe that was in the other thread. Here you go:
Windows Firewall
No Virus Protection
Currently running Windows Defender

I was going to install Microsoft Security Essentials after clearing the virus, but that didn't pan out because there is no network activity on that computer.

I did provide the ipconfig /all results, just to show that there is not connectivity.
 

Attachments

#5 · (Edited)
Re: New Thread - Had or Have Virus that affected my Network Adapters

Thanks for all the info provided.

More tasks for you to do:
Verify that all your Network Services are Started from Control Panel.
Click on start and type services.msc press enter. Check each Dependency Tab, ensure that all Dependencies are all Started, if not please locate each one and Start the Services for the Dependencies.

• COM+ Event System (for WZC issues)
• Computer Browser
• DHCP Client
• DNS Client
• Network Connections
• Network Location Awareness
• Remote Procedure Call (RPC)
• Server
• TCP/IP Netbios helper
• WLAN AutoConfig
• Workstation

Run the sfc /scannow:

Click on Start and type cmd. Type the following command, sfc /scannow and then press enter

Another update of your progress will be appreciated.
 
#6 ·
Re: New Thread - Had or Have Virus that affected my Network Adapters

:wave: 2xg,

I don't have a service called:
• COM+ Event System (for WZC issues)

But I have one called:
• COM+ Event System

I assume it is the same, but thought I would mention it.

• Computer Browser returns a message that says "The Computer Browser service on local computer started and then stopped. Some services stop automatically if they are not in use by other services."

All other services and Dependencies are running.

When I tried to run sfc /scannow:

The command window opens really quickly and closes with no other information.

Progress unchanged.. Devices still have issues.
 
#7 · (Edited)
Re: New Thread - Had or Have Virus that affected my Network Adapters

You'll need to run an elevated command prompt. From Vista click on Start and type cmd and run as an Administrator then do the sfc /scannow again.

I just thought of something, have you tried uninstalling and reinstalling the drivers from Safe Mode, restart your computer tap F8 and select this option? Sorry if you already done this.

If sfc is unsuccessful then proceed to chkdsk /r also need to run from command prompt in an elevated command.
 
#8 ·
Re: New Thread - Had or Have Virus that affected my Network Adapters

When you say you ran Stinger, is that McAfee Stinger?
Do you have McAfee antivirus installed?
Is your user name an Administrator or a Standard user?
What happened when you installed the chipset & Atheros wireless drivers?
 
#9 ·
Re: New Thread - Had or Have Virus that affected my Network Adapters

:wave: 2xg,

I'm off to work this morning.. I'll try the scf /scannow in an elivated command window and see how that goes when i get back home tonight.

I just thought of something, have you tried uninstalling and reinstalling the drivers from Safe Mode, restart your computer tap F8 and select this option? Sorry if you already done this.
The steps i followed to uninstall all the NVIDA drivers and clean up the older drivers came from the NVIDIA fourm. It says to run driver cleaner pro in safe mode for best results. Which is what I have done. However, I did not try to install the drivers in safe mode.. If I try to install them in safe mode, do I enter safe mode with or without networking..??.. Do you think I need to uninstall everything the same way as noted in the NVIDIA forum page again..??..

Before I go thru uninstalling and reinstalling for the 3-4 time, is there a way I can confirm the drivers I am installing are the correct drivers for the OS and SP, and devices I have on board..??.. I did download them from the Compaqs web site using the computer code and they were listed as updates.. But was just wondering if there was some way to confirm for sure these are correct.. My guess is that they are correct, but I am wondering if for some reason the older drivers might need to be installed first then apply the updates..:4-dontkno

Lastly, I mentioned:
Then I downloaded the Chipset drivers, Atheros Wireless Lan Drivers, updated BIOS driver, and the NVIDA graphic drivers (280.26-notebook-win7-winvista-32bit-international-whql.exe) from the computers manufacturers website specific to the compaq computer code.
and was wondering if there is a specific order to install these in..??.. The BIOS isn't something I keep installing..
 
#10 ·
Re: New Thread - Had or Have Virus that affected my Network Adapters

:wave: Fred,

When you say you ran Stinger, is that McAfee Stinger?
Yes, that is the one I ran.

Do you have McAfee antivirus installed?
No, there isn't any antivirus software installed, just the Microsoft fielwall and defender. It looks like McAfee, AVG, Zone Alarm, and Norton was installed on the computer at some point. Per Reids request from my other thread:
I would recommend troubleshooting with the folks in our Networking Support section. They can get your specs, and check to make sure you have the proper driver files needed, etc..

I don't see any active malware in the logs. I did see ZoneAlarm error in the Event Viewer that will eventually need to be taken care of.
Quote:
10/7/2011 8:44:58 PM, Error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: A device attached to the system is not functioning.

There is an uninstaller for Zone Alarm listed here Uninstallers (removal tools) for common antivirus software - ESET Knowledgebase Download and run that.
I ran the removal tool for Zone Alarm, AVG, McAfee, but didn't find one for Norton. These programs didn't exist in the add remove programs area but showed up in the tools Ried had me running. I think there is a Norton folder under the Program Files folder, but I can't be certain.. I will have to check on this.. I know Norton shows as a service that loads Automaticly.

Is your user name an Administrator or a Standard user?
Administrator

What happened when you installed the chipset & Atheros wireless drivers?
They install and the new hardware manager fires up and does what it does and reports the
"Windows found drivers for your software but encountered an error while attempting to install it. The system cannot find the file specified."
 
#12 ·
Re: New Thread - Had or Have Virus that affected my Network Adapters

caddman - In addition to your Tasks, try this first before performing the sfc /scannow and chkdsk /r, test your connection after. If this didn't resolve the issue then proceed with the sfc and chkdsk.

Remove 6to4 adapters from Device Manager (Windows 7 Device Manager - How to Access Device Manager From the Command Prompt in Windows 7)
From Device Manager, Click the View menu from the top
Select Show Hidden Devices (Must be check before continuing)
Scroll down and expand Network Adapters
Right-Click a duplicated Microsoft 6to4 Adapter or Microsoft ISATAP Adapter
Select Uninstall
Click OK for the pop-up warning message
Repeat for each of the unwanted duplicated adapter
Close Device Manager when finish.

Followed by TCP/IP and Winsock Resets in this order:
Click on Start=> All Programs => Accessories and right click on Command Prompt, select "Run as Administrator" to open a command prompt.

Reset IPv4 TCP/IP stack to installation defaults. netsh int ipv4 reset reset.log
Reset IPv6 TCP/IP stack to installation defaults. netsh int ipv6 reset reset.log
Reset WINSOCK entries to installation defaults: netsh winsock reset catalog

Restart the computer after and test your connection again.

Please update us with your progress.
 
#13 ·
Re: New Thread - Had or Have Virus that affected my Network Adapters

Try this Norton Removal Tool.

I would turn off Vista User Access Control while you're troubleshooting and installing drivers. Click Start and type UAC in the search box, or go to Users then your user name in Control Panel. Uncheck the box for UAC and reboot.

Try turning off Plug and Play and manually reinstall the drivers starting with your chipset. Get the drivers from HP and not Nvidia's website. Make sure you are downloading Vista 32 bit drivers. Don't flash your BIOS.

If you still have Stinger installed, can you find the log for what it found or removed?

This isn't a networking issue at the moment, it's a Windows problem. The first thing you need to do is clear up the problems in Device Manager, starting with your chipset drivers. You can troubleshoot the network connection once all the notifications/exclamations in Device Manager are gone.
 
#14 ·
Re: New Thread - Had or Have Virus that affected my Network Adapters

Hi Fred,

The log is in the link he gave you. I'll post the contents here for you

McAfee(r) Labs Stinger(tm) Version 10.2.0.310 built on Oct 7 2011
Copyright (c) 2011 McAfee, Inc. All Rights Reserved.
Virus data file v1000.0000 created on Oct 7 2011.
Ready to scan for 31839 viruses, trojans and variants.

Scan initiated on Fri Oct 07 22:55:06 2011

Master Boot Record(s):....1
Possibly Infected:.............0
Boot Sector(s):.................2
Possibly Infected: ............0

C:\Users\Matt\AppData\Local\Temp\err.log31977396
Found the FakeAlert-MalDoctor.ab trojan !!!
C:\Users\Matt\AppData\Local\Temp\err.log31977396 is infected with the FakeAlert-MalDoctor.ab virus !!!
C:\Users\Matt\AppData\Local\Temp\err.log31977396 has been deleted.
Number of clean files: 954323
Number of infected files: 1
Number of files cleaned: 1

Ried said:
If it is the same as what you posted, then no need. I'm hoping to find a more detailed report because what I see in that report, would not have affected the internet.
 
#16 ·
Re: New Thread - Had or Have Virus that affected my Network Adapters

You're welcome. Also - no restore points. They were wiped out on Oct 8th.

10/8/2011 10:34:03 AM, Error: volsnap [20] - The shadow copies of volume C: were aborted because of a failed free space computation.
 
#17 ·
Re: New Thread - Had or Have Virus that affected my Network Adapters

:wave:

Thanks for your help again Ried..

Ok here is what I have done so far..

1.
Try this Norton Removal Tool
This removed Norton from the services.

2.
Try turning off Plug and Play and manually reinstall the drivers starting with your chipset
Did this

3.
Get the drivers from HP and not Nvidia's website. Make sure you are downloading Vista 32 bit drivers. Don't flash your BIOS.
This is were I downloaded them from. from the computers manufacturers website specific to the compaq computer code. So I guess I do have the correct files. Except I had already flashed the BIOS.

4.
Remove 6to4 adapters from Device Manager (Windows 7 Device Manager - How to Access Device Manager From the Command Prompt in Windows 7)
From Device Manager, Click the View menu from the top
Select Show Hidden Devices (Must be check before continuing)
Scroll down and expand Network Adapters
Right-Click a duplicated Microsoft 6to4 Adapter or Microsoft ISATAP Adapter
Select Uninstall
Click OK for the pop-up warning message
Repeat for each of the unwanted duplicated adapter
Close Device Manager when finish.
Reset IPv4 TCP/IP stack to installation defaults. netsh int ipv4 reset reset.log
Reset IPv6 TCP/IP stack to installation defaults. netsh int ipv6 reset reset.log
Reset WINSOCK entries to installation defaults: netsh winsock reset catalog
Right-Click a duplicated Microsoft 6to4 Adapter or Microsoft ISATAP Adapter
This confuses me. What is a Microsoft 6to4 adapter..??..

The only thing I am able to uninstall is are:
Atheros Ar5009 802.11a/g/n Wifi Adapter
NVIDIA nForce Networking Controller

The other Devices do not actually unistall

I have attached a image of the device manager. When I selected show hidden devices several several devices show up and are working.. Is this normal..??.. See image Device_manager.jpg

netsh int ipv4 reset reset.log had no profile attached
netsh int ipv6 reset reset.log had no profile attached
netsh winsock reset catalog did something. I don't recall what

5.
I just thought of something, have you tried uninstalling and reinstalling the drivers from Safe Mode, restart your computer tap F8 and select this option? Sorry if you already done this.
I had asked if I should run this in safe mode with or without networking..??.. I never got an answer so I tried it in both..

6.
You'll need to run an elevated command prompt. From Vista click on Start and type cmd and run as an Administrator then do the sfc /scannow again
This ran. It said:
Beginning verification phase of system scan.
Verification 100% complete.
Windows Resource Protection found corrupt files but was unable to fix some of th
em.
Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example
C:\Windows\Logs\CBS\CBS.log

I wasn't asked to attach the log file. It is 39,995kb.. It is too large to attach anyway. I noticed there was a CBS.persist.log file from Aug. 2011.. Before my sister got the computer..

7.
If sfc is unsuccessful then proceed to chkdsk /r also need to run from command prompt in an elevated command.
When I ran this it said:
C:\chkdsk /r
The type of the file system is NTFS.
Cannot lock current drive.

Chkdsk cannot run because the volume is in use by another
process. Would you like to schedule this volume to be
checked the next time the system restarts? (Y/N)

I clicked Y and restarted.. it is running now..

So far nothing has worked.. I still have the same problems..:4-dontkno

Please advise..
 

Attachments

#18 · (Edited)
Re: New Thread - Had or Have Virus that affected my Network Adapters

Thanks for trying all previously suggested tasks, some can be easily overlooked and there's a couple of us assisting you. :grin:

If you are talking about the drivers to be uninstalled then reinstalled from Device Manager in Safe Mode, yes. Manually reinstall the drivers and don't let Windows manually reinstall them for you. If you need assistance on this please let us know.
I had asked if I should run this in safe mode with or without networking..??.. I never got an answer so I tried it in both..
If there's no 6to4 adapters to be removed that's okay.
 
#19 ·
Re: New Thread - Had or Have Virus that affected my Network Adapters

1. Cad, sounds like you downloaded the correct drivers
2. Use Safe mode W/O networking, but it's not a big deal. Safe Mode W/Networking just adds the inclusion of needed networking services to connect to the internet, etc.
3. Are there any other devices in Device Manager with exclamations or question marks?
4. With UAC & Plug and Play turned off, boot into Safe Mode (w/o networking) then go to Control Panel>>Programs. See if there is a listing for the Atheros Wifi adapter and the Nvidia networking controller. Uninstall them if that option is available then reboot back into Safe Mode.

After digging a little deeper, it looks like the Nvidia network drivers are gong to be installed with the chipset drivers. So you may see an entry in Programs where you can uninstall a whole nvida package of software. I would uninstall nvidia as long as you have the chipset installation file saved to the Compaq hard drive.


5. Go into Device Manager and Right click on the Atheros & Nvidia network controller (if they are still there and weren't previously un-installed in step 4) then select uninstall. Reboot again back to Safe Mode and see if any reference to those 2 drivers appear in Device Manager. At this point, I would also run the Nvidia uninstaller or cleaner tool - I think you said you have it.

6.Reboot back to normal Windows (UAC & Plug & Play still off). Try and install just the Nvidia chipset drivers by double clicking the file you downloaded and see if they install. Check Device Manager after rebooting again.

See if you get anywhere with the chipset drivers first, then we'll worry about the wireless card.

Also, don't worry about the SFC scan log. Vista always throws an error in the log and it's probably a pending file rename error if you look through it
 
#20 ·
Hi.
Still at work but will be leaving soon. Just a quick couple of things.

In safe mode another device showed up as yellow ? mark. It was something like driver install bla bla bla. I was assuming that was a result of turning off the plug and play. Is that the case? That device doesn't show up in normal mode and I don't recall what device element it fell under.

Yes, I still have the driver removal tool. I posted a link to the NVIDIA forum for the steps I was using to remove the drivers. Which includes the NVIDIA software.

I will have to look and see if there is software listed for the wireless card.

When installing the chip set package there are 3 items that show up to install. I don't recall their names. If one of them is specific to the network controller should I only install it or are all 3 needed?

Lastly, after disabling the 2 services and the UAC, the found new hardware still popped up when I installed the chip set file. Did I miss a service? Is thermite than 2 services to disable?
 
#21 ·
Re: New Thread - Had or Have Virus that affected my Network Adapters

Hi.
Still at work but will be leaving soon. Just a quick couple of things.

In safe mode another device showed up as yellow ? mark. It was something like driver install bla bla bla. I was assuming that was a result of turning off the plug and play. Is that the case? That device doesn't show up in normal mode and I don't recall what device element it fell under. No idea, you'd have to be more specific about what the device is, but I wouldn't be concerned with it yet. You want to get the chipset drivers installed first.

Yes, I still have the driver removal tool. I posted a link to the NVIDIA forum for the steps I was using to remove the drivers. Which includes the NVIDIA software.

I will have to look and see if there is software listed for the wireless card.

Don't worry about the wireless card. Wait til everything else is working in Device Manager first.

When installing the chip set package there are 3 items that show up to install. I don't recall their names. If one of them is specific to the network controller should I only install it or are all 3 needed?

Again, you'd have to tell me specifically what the additional programs or drivers are that nvidia wants to install. It should automatically install all drivers that are necessary, unless you are talking about optional software.

Lastly, after disabling the 2 services and the UAC, the found new hardware still popped up when I installed the chip set file. Did I miss a service? Is thermite than 2 services to disable?

I'm not sure. That may just be a message that the nvidia software is installing hardware drivers
 
#22 ·
Re: New Thread - Had or Have Virus that affected my Network Adapters

When installing the chip set package there are 3 items that show up to install. I don't recall their names. If one of them is specific to the network controller should I only install it or are all 3 needed?

Again, you'd have to tell me specifically what the additional programs or drivers are that nvidia wants to install. It should automatically install all drivers that are necessary, unless you are talking about optional software.
The 3 installation features are:
NVIDIA SMBus Drivers
NVIDIA SMU Drivers
NVIDIA Ethernet Drivers

Are all three of these needed?
 
#24 ·
Re: New Thread - Had or Have Virus that affected my Network Adapters

:wave:

Ok.. I did all the uninstalls the NVIDIA and the Atheros software, and ran the driver sweeper program and followed your instructions as indicated..

Still no luck..:4-dontkno Same error..

No there isn't anything else in device manager that is having issues..

I haven't installed the Video or Audio parts of Nvidia..

let me know if there is anything else I should try..
 
#25 ·
Re: New Thread - Had or Have Virus that affected my Network Adapters

Still no luck..:4-dontkno Same error..
When you say same error, do you mean you're getting this message -- "Windows found drivers for your software but encountered an error while attempting to install it

In Device Manager under network adapters, is there still a yellow exclamation next to the nvidia nforce network controller or Atheros?

If you haven't already, try installing the Atheros wireless driver.
 
#28 ·
Yes, same error means:
"Windows found drivers for your software but encountered an error while attempting to install it. The system cannot find the file specified."

Well when the network controller drivers installs, it forces the found new hardware to search for new hardware and it finds the Atheros device as well. After I installed the network controller drivers, I made sure to uninstall the Atheros device from the device manager and doubled checked to make sure that there was no listing of Atheros in the software lair again. Revolted and tried installing the Atheros drivers. No luck with this either. I received the following:
"Windows found drivers for your software but encountered an error while attempting to install it. The system cannot find the file specified."

I thought the SP was SP2. But according to some if the logs Ried had me post, it says SP1. I will have to double check tonight.

Thanks again for everyones help.
 
#29 ·
Re: New Thread - Had or Have Virus that affected my Network Adapters

Double check the service packs installed. If you don't have Service Pack 1 or 2 installed, you'll have to download each to a flash drive then install on the problem computer one at a time. SP1 should correct an issue that is preventing you from installing device drivers.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top