I was sent to this forum section by the Forum God LDTate. He thinks that you guys might be able to help me, since my Hijack This and ComboFix logs, thanks to his help, are now clean but my problem is still present.
If you want to have a look at the most recent logs anyway, here is a link to view the logs:
Combo Fix and Hijack This
Gmer report is available at the end of this post
Link to my previous post
Here's what's wrong:
I've got a problem with my ASUS F7E notebook running on Win XP HE SP3. I cannot browse any web pages, both by IE and Firefox. The connection is being resetted while negotiation (this is what firefox says). Alle the other services work fine (windows updates, ICQ, ping etc.). It's just the HTTP, HTTPS and FTP that I can not use (ports 80 and 21). The Windows Network Diagnosis Tool has also detected problems with ony these three services.
This problem is not present when the system is being run in an emergency mode. Than I can browse the Web as normal both in IE and Firefox.
WHAT HAPPENED:
The notebook was infected by the Win32:Monga (Trj). I used Norton Internet Security 2007 and online scanner (Polish MKS_Vir) to get rid of the infection. It deleted the infected files, but did not undo the changes made in the system. Therefore I could not open any local disc drives by My Computer (no matter what I selected - Open, Explore, Autorun- the system tried to use infected e.com file to perform the instruction), see any hidden or system files, regardless of windows settings. I've heared that ComboFix solves these problems.
After downloading ComboFix I disconnected the network cable form the laptop, uninstalled Norton Internet Security (since I had 5 days of subscription left) and reboot the computer. Than I started ComboFix. At the end of the program (while generating the log file) several errors of Catchme.tmp occured (the one with Send a report/Don't send). Nevertheless, after a while the program closed properly, the log file was generated. (These errors of catchme.tmp occur each time I run ComboFix) I restarted the computer, uninstalled combofix (Run -> ComboFix /u) and deleted the QooBox folder. I installed Avast antivirus, run Trojan Remover and ATF Cleaner. Updated the system from SP2 to SP3. All the problems caused by Monga were fixed.
However, a new one appeared. The one with browsing the web... I've tried everything. Checekd all the network settings, browsers settings, turned off windows firewall (afted uninstalling Norton IS this is the only one left in the system), tried installing new browser (Opera), tried another network (WiFi). I still can't open any web pages. I think of reinstalling network drivers and IE. Do you think it might help?
I did all of these actions (except for uninstalling Norton IS) on my other notebook (Toshinba Satellite S2450-S203), also infected by Monga and everything is OK on this one. The problems were fixed and the network works fine.
Please help me... I will try to provide you with all the necessary info about the system. I'd rather not format hdd and reinstall the system.
Edited by kamkam1, 06 October 2008 - 03:34 AM.