No DNS/DHCP After Virus Removal


Recently, after removing a virus from a customer’s PC I encountered a problem while trying to get the PC back on the network. I tested the drop with another computer and it worked fine. The PC would not pull a DHCP address. I then gave the PC a static IP/DNS settings and the PC was able to ping (which means it had access to the internet) but could not resolve with multiple DNS settings.

I finally found my answer here This solution works perfectly but I’ll condense it below if you don’t want to follow the link.

The user ILS mentions that these symptoms are caused by a corrupted afd.sys file which is located at c:windowssystem32drivers. Either it is missing or infected.

A tool called Farbar System Scanner can be run on your Internet Services to verify the problem although you do not need to do this to try the fix.

Scan your system for another version of afd.sys and simply copy it over to the one in your driver folder

Next you need to modify the registry. Instructions are detailed in a post written by Broni here.

The easiest solution is to copy the Registry Entry from another PC that is working

If you get a permission problem when merging the Legacy_AFD, make sure you read Broni’s instructions on how to allow your user to change the permissions. For Windows 7, I used the following Broni written instructions:

  1. Start=>Run (alternatively use Windows key+R), type regedit and click OK.
  2. Navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRoot
  3. Right-Click Root and select Permissions…
  4. Click Advanced.
  5. Under Owner tab select the entry starting with you user name, example: Farbar(Farbar-PCFarbar)
  6. Put a check mark next to Replace owner on subcontainers and objects and click Apply and OK.
  7. Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
  8. Click Apply and OK.

As stated by the author of the post, after doing the above you will be able to merge Legacy_AFD.

Even though that post is old, it works like a charm, we were able to fix 5 computers today, all of them were Windows 7.

Following those instructions I was able to get the computer back on the network and the user back to work.

If you need help with your computer or your network give us a call at 314.333.3330 and take a look at our IT Support page for more information.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *