BleepingComputer.com: Removed ZeroAccess but no http works

Jump to content

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Removed ZeroAccess but no http works

#1 User is offline   molitar 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 6
  • Joined: 13-December 07

Posted 01 January 2012 - 09:51 PM

Has anyone figured out what this malware does? I removed the ZeroAccess and cleaned it up entirely.. I ran sfc /scannow.. I reinstalled and repaired the TCP/IP protocal. I can browse to non-standard ports like remotelyanywhere port 2000. But try to browse any standard ports it will not connect.. pings fine.. dns resolves fine.. non-standard ports work fine.. repair Windows Firewall. But still something blocks standard http and https ports. At this time I am resorting to a wipe reinstall on this clients system because it's an Asus EEE PC and has no repair install options. But I wish to know what could still block standard http ports as I have another client to work on later this week. Does anyone have a clue?

#2 User is offline   molitar 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 6
  • Joined: 13-December 07

Posted 02 January 2012 - 12:52 AM

Further information.. nslookup works but pings and tracert do not.. it appears to be some issue with DNS.. why would nslookup work fine but ping, tracert and browsers do not?

#3 User is offline   www.osisecurity.com. 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 02-March 12
  • Gender:Male
  • Location:Sydney, Australia

Posted 02 March 2012 - 01:27 AM

Hi molitar,

I had the same problem but all of the malware forum google results did not have an answer, so thought I would share and hopefully help others. I fixed it by:

Reboot into the Microsoft Windows Recovery Console, then (where D:\ is the Windows install CD-ROM or Service Pack);

expand d:\i386\ipsec.sy_ c:\Windows\system32\drivers\ipsec.sys
expand D:\i386\dnsapi.dl_ C:\Windows\system32\dnsapi.dll
expand D:\i386\dnsrslvr.dl_ C:\Windows\system32\dnsrslvr.dll

More info can be found at http://www.osisecurity.com.au/blog/zeroaccess-rootkit-sirefef-no-internet-connectivity-dns ... but it worked for me without repairing or reinstalling Windows. I'd be interested to hear if this helps anyone else.

Cheers,
-Patrick

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users