Options
Virus Help! This may work for you!
I wanted to post this to show what I did to fix my problem and hopfully help someone else. Take a look!
Virus/Problems:
Cool Web Search
1800 Search Assistant (salm.exe)
About:Blank
Trojan.downloader
Misc. Associated files.
My Problem Description:
Problem began after running Norton AV for the first time. It found a virus named "salm.exe" and associated file named "lsp.dll" Ran the fix and restarted the machine. Logged on and found that I could not get to the network or internet. Checked connection and found that the IP address was reset to windows default. So I tried release/renew from the command line. But, IP address from DHCP would not refresh. Assigning a static IP allowed access to network but not the web. The following was done with static IP in place.
My Fix:
HiJack This - Examined Log Files, see entries below:
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\lsp.dll' missing
O15 - Trusted Zone: There were about 15 entries here that could be manually removed.
Virus Scan - AVG and Norton Fixed what I could. Files Deleted/Quarantined. No Internet Access
Ad Aware Scan - Fixed what I could manually. Files Deleted/Quarantined. No Internet Access
Spybot S&D - Manually Fixed what I could. Files Deleted. No Internet Access
Microsoft Reg Clean - Fixed what I could. Internet Access with static IP, No DHCP
Deleted Specific File "salm.exe"
RegScrubXP - Fixed. Internet Access with DHCP
I noticed during my attempts that the "salm.exe" would re-install itself. It was related to one of the HKLM reg entries. I'm not certain of which one(s) allowed this to happen, but once I deleted it that last time I haven't had the problem again.
Good luck, Hope this will help someone!
Any questions let me know!
~GotchaGood24
Virus/Problems:
Cool Web Search
1800 Search Assistant (salm.exe)
About:Blank
Trojan.downloader
Misc. Associated files.
My Problem Description:
Problem began after running Norton AV for the first time. It found a virus named "salm.exe" and associated file named "lsp.dll" Ran the fix and restarted the machine. Logged on and found that I could not get to the network or internet. Checked connection and found that the IP address was reset to windows default. So I tried release/renew from the command line. But, IP address from DHCP would not refresh. Assigning a static IP allowed access to network but not the web. The following was done with static IP in place.
My Fix:
HiJack This - Examined Log Files, see entries below:
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\lsp.dll' missing
O15 - Trusted Zone: There were about 15 entries here that could be manually removed.
Virus Scan - AVG and Norton Fixed what I could. Files Deleted/Quarantined. No Internet Access
Ad Aware Scan - Fixed what I could manually. Files Deleted/Quarantined. No Internet Access
Spybot S&D - Manually Fixed what I could. Files Deleted. No Internet Access
Microsoft Reg Clean - Fixed what I could. Internet Access with static IP, No DHCP
Deleted Specific File "salm.exe"
RegScrubXP - Fixed. Internet Access with DHCP
I noticed during my attempts that the "salm.exe" would re-install itself. It was related to one of the HKLM reg entries. I'm not certain of which one(s) allowed this to happen, but once I deleted it that last time I haven't had the problem again.
Good luck, Hope this will help someone!
Any questions let me know!
~GotchaGood24
0
Comments
http://www.spychecker.com/download/download_winsockxpfix.html
Please post a hijackthis log if you still want help.
I think you misunderstood what the intent of my post was. I found the solution and was showing the process that I went through to eliminate the problem. Hence, "This may work for you!" You are correct in that the deletion of the file did stop the internet access. When I ran the Regestry Cleaner it healed/removed associated files that prohinited the access.
I appreciate your reply. I look forward to working with you and the other guys who will be fighting the war on viruses.
Thanks Again,
GotchaGood24