Firewall can not turned on, ICS Service can not started, and internet disconnected - Rootkit tdl3 !!

IF you found your computer gets the the following problems, please beware of your computer most like is infected by a super virus !!

A windows XP SP2 PC, one day when it was booted up and was found the following problems:

1: User could not access to internet, Local network icon with a tooltip message : local network limited or no connectivity;

2: The firewall could not turned on - click button to turn on, no worked;

3: ICS service can not start: Even you go to Control Panel and try to start the service Windows Firewall/Internet Connection Sharing (ICS) Service by manually, it still did not work;

We checked lots of related resolving method such as Release socket, and also installed several virus clean tools, but nothing was helpful.

Finally we found right place to get the resolving solution: It is because a super virus ! Rootkit tdl3 !!

About Rootkit virus information, we will find more information later to post, here we just give the information how to clean this virus.

There are many of various Rootkit viruses, so maybe your computer inflected by another kind of Rootkit, but our information is for reference.

Actually, all we need is just downloading a great tool: Combofix.exe (if you installed Combofix.exe before, you should uninstall first and then use it again.) , Please put this tool directly to your desktop , DO NOT put in any other folder.

OK, actually the detail information should from here (Derek Microsoft MVP/Windows - Security ), Please read carefully before your use Combofix tool !!

For your convenient, I copied part of Derek's post to here below:

_ Delete any existing version of ComboFix you have sitting on your desktop

**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

2. Close any open browsers and any other programs you might have running

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ******_

Actually, our computer has lost the internet connection, so when Combofix.exe asked us "Recovery console is not installed, do you want to install?", we selected Yes but of course it could not download anything, but doesn't matter, you can still continue.

After 2 times reboot during Combofix.exe working, finally the Rootkit tdl3 virus gone away from our computer, The firewall was on again, and internet connections recovered again. Thanks Combofix.exe and Derek !

Hope this article is helpful for you ! Good luck !

(There is also another tool : GMER)