http blocked after malware cleanup

[kaborka]

I volunteered to clean malware off my friend's nb. It's XP, and it had "Security Guard" and a bunch of trojans. I ran the latest Malwarebytes, and after a couple of scan/reboot cycles it scanned clean.

The problem is, outgoing http requests are blocked. I can connect to https websites, ping, and nslookup works fine. xpnetdiag reports that FTP is working, too, but http is not.

I ran netdiag.exe from the XP CD to see if an IPSEC security policy had been set, but it said not. Google came up empty, although I found a few reports of the same problem, with no solutions posted.

Anyone encountered this? Any ideas?

 

[tzdk]

Last week I helped someone remove infection which among other things disabled safe boot. And in normal mode all AVs were disabled if not corrupted, was attaching itself to exe-files. Free version of SuperAntiSpyware http://www.superantispyware.com/index.html helped once it was possible to do something. If you disable a few startup items in preferences it wont bother you. Not more than Malwarebytes, same type of program just a bit heavier but with more features like these repairs. In preferences click "Repairs" tab and go crazy. Here are options http://i44.tinypic.com/2e1yhe0.jpg There is a short explanation to each one. Actually may be best to first do a scan. Who knows...

Those 2 programs are very good in removing infections but try find info on that "Security Guard" May be a manual removal guide, or just some posts from a malware removal forum. Can probably see what it damages in details, there could be more than connection problems.

Also check it did not mess with firewall settings, perhaps other security software. SAS only insert default values to make Windows work again.

 

[mechBgon]

Try running the command netsh winsock reset from the command line (Start > Run > cmd) while logged on as an Admin. Then reboot. Any good?

Otherwise, you might want to post a HijackThis log. I'd also suggest getting some antivirus software on there if you haven't already done that. more security suggestions

 

[kaborka]

Thanks much for the great suggestions. I was about ready to try an upgrade/repair reinstall. I did try disabling the Windows firewall (we're behind a router) and reregistering netshell.dll/ole32.dll. The latter was a MS suggestion for repairing another symptom: Can't open the property sheet of a network connection (kb/824923).

I've heard of SAS. I'll give it a shot and update later. -- Thanks!

 

[kaborka]

Update: I tried the repair options in SAS, to no avail. I did a repair reinstall, and all is well after getting all the Windows updates back in.