Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirects and computer freezes


  • This topic is locked This topic is locked
3 replies to this topic

#1 Redwingster

Redwingster

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 23 June 2011 - 10:21 PM

Hi, my name is Frank. My significant other's HP is running Windows XP Professional 2002 Service Pack 3. Been fighting search redirects and freezes for weeks. Malware Bytes sees nothing. Kaspersky finds a bunch of stuff in safe mode, but can't get it all cleaned out. Here is the Kaspersky scan results from tonight, run from safe mode. Would appreciate some help. Thanks!

Autoscan: completed 3 minutes ago (events: 104, objects: 437914, time: 00:57:25)
5/28/2011 5:28:53 PM Task started
5/28/2011 5:37:42 PM Detected: Virus.Win32.Suspic.gen C:\Program Files\ActivIdentity\ActivClient\accoca.exe
5/28/2011 5:37:42 PM Untreated: Virus.Win32.Suspic.gen C:\Program Files\ActivIdentity\ActivClient\accoca.exe Postponed
5/28/2011 5:47:46 PM Detected: Backdoor.Win32.ZAccess.ad C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP219\A0060052.ini
5/28/2011 5:47:46 PM Detected: Rootkit.Win32.ZAccess.c C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP219\A0060065.sys
5/28/2011 5:47:46 PM Detected: Rootkit.Win32.ZAccess.c C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP219\A0060078.sys
5/28/2011 5:47:46 PM Untreated: Rootkit.Win32.ZAccess.c C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP219\A0060065.sys Postponed
5/28/2011 5:47:46 PM Untreated: Backdoor.Win32.ZAccess.ad C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP219\A0060052.ini Postponed
5/28/2011 5:47:46 PM Untreated: Rootkit.Win32.ZAccess.c C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP219\A0060078.sys Postponed
5/28/2011 5:47:47 PM Detected: Rootkit.Win32.ZAccess.c C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP219\A0060091.sys
5/28/2011 5:47:47 PM Untreated: Rootkit.Win32.ZAccess.c C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP219\A0060091.sys Postponed
5/28/2011 5:47:47 PM Detected: Rootkit.Win32.ZAccess.c C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP219\A0061091.sys
5/28/2011 5:47:47 PM Untreated: Rootkit.Win32.ZAccess.c C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP219\A0061091.sys Postponed
5/28/2011 5:47:47 PM Detected: Backdoor.Win32.ZAccess.ad C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061107.ini
5/28/2011 5:47:47 PM Untreated: Backdoor.Win32.ZAccess.ad C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061107.ini Postponed
5/28/2011 5:47:48 PM Detected: Virus.Win32.Suspic.gen C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061111.exe
5/28/2011 5:47:48 PM Untreated: Virus.Win32.Suspic.gen C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061111.exe Postponed
5/28/2011 5:47:48 PM Detected: Backdoor.Win32.ZAccess.ad C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061117.ini
5/28/2011 5:47:48 PM Untreated: Backdoor.Win32.ZAccess.ad C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061117.ini Postponed
5/28/2011 5:47:48 PM Detected: Rootkit.Win32.ZAccess.c C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061118.sys
5/28/2011 5:47:48 PM Untreated: Rootkit.Win32.ZAccess.c C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061118.sys Postponed
5/28/2011 5:47:49 PM Detected: Virus.Win32.Suspic.gen C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061137.exe
5/28/2011 5:47:49 PM Untreated: Virus.Win32.Suspic.gen C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061137.exe Postponed
5/28/2011 5:47:49 PM Detected: Backdoor.Win32.ZAccess.ad C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061144.ini
5/28/2011 5:47:49 PM Untreated: Backdoor.Win32.ZAccess.ad C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061144.ini Postponed
5/28/2011 5:47:49 PM Detected: Rootkit.Win32.ZAccess.c C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061145.sys
5/28/2011 5:47:49 PM Untreated: Rootkit.Win32.ZAccess.c C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061145.sys Postponed
5/28/2011 5:47:50 PM Detected: Virus.Win32.Suspic.gen C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061143.exe
5/28/2011 5:47:50 PM Untreated: Virus.Win32.Suspic.gen C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061143.exe Postponed
5/28/2011 5:49:18 PM Detected: Backdoor.Win32.ZAccess.ad C:\windows\assembly\GAC_MSIL\Desktop.ini
5/28/2011 5:49:18 PM Untreated: Backdoor.Win32.ZAccess.ad C:\windows\assembly\GAC_MSIL\Desktop.ini Postponed
5/28/2011 5:53:29 PM Detected: Virus.Win32.Suspic.gen C:\windows\system32\msiexec.exe
5/28/2011 5:53:29 PM Untreated: Virus.Win32.Suspic.gen C:\windows\system32\msiexec.exe Postponed
5/28/2011 5:53:37 PM Detected: Virus.Win32.Suspic.gen C:\windows\system32\searchprotocolhost.exe
5/28/2011 5:53:37 PM Untreated: Virus.Win32.Suspic.gen C:\windows\system32\searchprotocolhost.exe Postponed
5/28/2011 5:53:54 PM Detected: Rootkit.Win32.ZAccess.c C:\windows\system32\drivers\i8042prt.sys
5/28/2011 5:53:54 PM Untreated: Rootkit.Win32.ZAccess.c C:\windows\system32\drivers\i8042prt.sys Postponed
5/28/2011 5:56:24 PM Detected: Virus.Win32.Suspic.gen C:\Program Files\ActivIdentity\ActivClient\accoca.exe
5/28/2011 5:56:24 PM Untreated: Virus.Win32.Suspic.gen C:\Program Files\ActivIdentity\ActivClient\accoca.exe Postponed
5/28/2011 5:57:06 PM Detected: Rootkit.Win32.ZAccess.c C:\windows\system32\drivers\i8042prt.sys
5/28/2011 5:57:06 PM Untreated: Rootkit.Win32.ZAccess.c C:\windows\system32\drivers\i8042prt.sys Postponed
5/28/2011 5:57:15 PM Detected: Virus.Win32.Suspic.gen C:\windows\system32\msiexec.exe
5/28/2011 5:57:16 PM Untreated: Virus.Win32.Suspic.gen C:\windows\system32\msiexec.exe Postponed
5/28/2011 6:05:59 PM Detected: Virus.Win32.Suspic.gen C:\Program Files\ActivIdentity\ActivClient\accoca.exe
5/28/2011 6:05:59 PM Untreated: Virus.Win32.Suspic.gen C:\Program Files\ActivIdentity\ActivClient\accoca.exe Postponed
5/28/2011 6:06:00 PM Detected: Rootkit.Win32.ZAccess.c C:\windows\system32\drivers\i8042prt.sys
5/28/2011 6:06:00 PM Untreated: Rootkit.Win32.ZAccess.c C:\windows\system32\drivers\i8042prt.sys Postponed
5/28/2011 6:06:01 PM Detected: Virus.Win32.Suspic.gen C:\windows\system32\msiexec.exe
5/28/2011 6:06:01 PM Untreated: Virus.Win32.Suspic.gen C:\windows\system32\msiexec.exe Postponed
5/28/2011 6:12:09 PM Detected: Virus.Win32.Suspic.gen C:\Program Files\ActivIdentity\ActivClient\accoca.exe
5/28/2011 6:12:09 PM Untreated: Virus.Win32.Suspic.gen C:\Program Files\ActivIdentity\ActivClient\accoca.exe Postponed
5/28/2011 6:19:15 PM Detected: Backdoor.Win32.ZAccess.ad C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP219\A0060052.ini
5/28/2011 6:19:15 PM Untreated: Backdoor.Win32.ZAccess.ad C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP219\A0060052.ini Postponed
5/28/2011 6:19:15 PM Detected: Rootkit.Win32.ZAccess.c C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP219\A0060065.sys
5/28/2011 6:19:15 PM Untreated: Rootkit.Win32.ZAccess.c C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP219\A0060065.sys Postponed
5/28/2011 6:19:15 PM Detected: Rootkit.Win32.ZAccess.c C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP219\A0060078.sys
5/28/2011 6:19:15 PM Untreated: Rootkit.Win32.ZAccess.c C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP219\A0060078.sys Postponed
5/28/2011 6:19:15 PM Detected: Rootkit.Win32.ZAccess.c C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP219\A0060091.sys
5/28/2011 6:19:15 PM Untreated: Rootkit.Win32.ZAccess.c C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP219\A0060091.sys Postponed
5/28/2011 6:19:15 PM Detected: Rootkit.Win32.ZAccess.c C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP219\A0061091.sys
5/28/2011 6:19:15 PM Untreated: Rootkit.Win32.ZAccess.c C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP219\A0061091.sys Postponed
5/28/2011 6:19:17 PM Detected: Backdoor.Win32.ZAccess.ad C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061107.ini
5/28/2011 6:19:17 PM Untreated: Backdoor.Win32.ZAccess.ad C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061107.ini Postponed
5/28/2011 6:19:18 PM Detected: Backdoor.Win32.ZAccess.ad C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061117.ini
5/28/2011 6:19:18 PM Untreated: Backdoor.Win32.ZAccess.ad C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061117.ini Postponed
5/28/2011 6:19:18 PM Detected: Virus.Win32.Suspic.gen C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061111.exe
5/28/2011 6:19:18 PM Untreated: Virus.Win32.Suspic.gen C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061111.exe Postponed
5/28/2011 6:19:18 PM Detected: Rootkit.Win32.ZAccess.c C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061118.sys
5/28/2011 6:19:18 PM Untreated: Rootkit.Win32.ZAccess.c C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061118.sys Postponed
5/28/2011 6:19:18 PM Detected: Virus.Win32.Suspic.gen C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061137.exe
5/28/2011 6:19:18 PM Untreated: Virus.Win32.Suspic.gen C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061137.exe Postponed
5/28/2011 6:19:19 PM Detected: Backdoor.Win32.ZAccess.ad C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061144.ini
5/28/2011 6:19:19 PM Untreated: Backdoor.Win32.ZAccess.ad C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061144.ini Postponed
5/28/2011 6:19:19 PM Detected: Rootkit.Win32.ZAccess.c C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061145.sys
5/28/2011 6:19:19 PM Untreated: Rootkit.Win32.ZAccess.c C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061145.sys Postponed
5/28/2011 6:19:19 PM Detected: Virus.Win32.Suspic.gen C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061143.exe
5/28/2011 6:19:19 PM Untreated: Virus.Win32.Suspic.gen C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061143.exe Postponed
5/28/2011 6:20:08 PM Detected: Backdoor.Win32.ZAccess.ad C:\windows\assembly\GAC_MSIL\Desktop.ini
5/28/2011 6:20:08 PM Untreated: Backdoor.Win32.ZAccess.ad C:\windows\assembly\GAC_MSIL\Desktop.ini Postponed
5/28/2011 6:22:39 PM Detected: Virus.Win32.Suspic.gen C:\windows\system32\msiexec.exe
5/28/2011 6:22:39 PM Untreated: Virus.Win32.Suspic.gen C:\windows\system32\msiexec.exe Postponed
5/28/2011 6:22:42 PM Detected: Virus.Win32.Suspic.gen C:\windows\system32\searchprotocolhost.exe
5/28/2011 6:22:42 PM Untreated: Virus.Win32.Suspic.gen C:\windows\system32\searchprotocolhost.exe Postponed
5/28/2011 6:22:55 PM Detected: Rootkit.Win32.ZAccess.c C:\windows\system32\drivers\i8042prt.sys
5/28/2011 6:22:55 PM Untreated: Rootkit.Win32.ZAccess.c C:\windows\system32\drivers\i8042prt.sys Postponed
5/28/2011 6:25:33 PM Detected: Virus.Win32.Suspic.gen C:\Program Files\ActivIdentity\ActivClient\accoca.exe
5/28/2011 6:25:42 PM Detected: Backdoor.Win32.ZAccess.ad C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP219\A0060052.ini
5/28/2011 6:25:44 PM Detected: Rootkit.Win32.ZAccess.c C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP219\A0060065.sys
5/28/2011 6:25:47 PM Detected: Rootkit.Win32.ZAccess.c C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP219\A0060078.sys
5/28/2011 6:25:49 PM Detected: Rootkit.Win32.ZAccess.c C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP219\A0060091.sys
5/28/2011 6:25:51 PM Detected: Rootkit.Win32.ZAccess.c C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP219\A0061091.sys
5/28/2011 6:25:57 PM Detected: Backdoor.Win32.ZAccess.ad C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061107.ini
5/28/2011 6:26:04 PM Detected: Virus.Win32.Suspic.gen C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061111.exe
5/28/2011 6:26:05 PM Detected: Backdoor.Win32.ZAccess.ad C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061117.ini
5/28/2011 6:26:07 PM Detected: Rootkit.Win32.ZAccess.c C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061118.sys
5/28/2011 6:26:07 PM Detected: Virus.Win32.Suspic.gen C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061137.exe
5/28/2011 6:26:11 PM Detected: Virus.Win32.Suspic.gen C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061143.exe
5/28/2011 6:26:11 PM Detected: Backdoor.Win32.ZAccess.ad C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061144.ini
5/28/2011 6:26:14 PM Detected: Rootkit.Win32.ZAccess.c C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP220\A0061145.sys
5/28/2011 6:26:14 PM Detected: Backdoor.Win32.ZAccess.ad C:\windows\assembly\GAC_MSIL\Desktop.ini
5/28/2011 6:26:16 PM Detected: Rootkit.Win32.ZAccess.c C:\windows\system32\drivers\i8042prt.sys
5/28/2011 6:26:17 PM Detected: Virus.Win32.Suspic.gen C:\windows\system32\msiexec.exe
5/28/2011 6:26:18 PM Detected: Virus.Win32.Suspic.gen C:\windows\system32\searchprotocolhost.exe
5/28/2011 6:26:18 PM Task completed

Edited by Andrew, 24 June 2011 - 12:52 PM.
Mod Edit: Moved From MRL To AII - AA


BC AdBot (Login to Remove)

 


#2 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,259 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:10:29 AM

Posted 24 June 2011 - 12:53 PM

Hi Redwingster and :welcome:

Please follow the instructions in ==>This Guide<==. The guide will step you through the process of generating some diagnostic logs which will help determine the exact nature of the infection. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please be sure to post back here with a link to your new thread in the malware forum.

#3 Redwingster

Redwingster
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 26 June 2011 - 05:18 PM

Thanks, Andrew. I think I may have fixed the problem in the interim. Ran Kaspersky then Dr Web Cureit then Kaspersky again, all in safe mode with networking. Seems to have gotten the root issue, as the freezes and redirects are gone and the second run of Kaspersky found nothing. FYI, it sure seems like Kaspersky takes more stuff out if you set it to disinfect, and delete if it can not disinfect, than it does with user prompt or prompt at end of scan. Perhaps it was coincidence...

This one can be closed. Thanks again.

Frank

#4 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,259 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:10:29 AM

Posted 26 June 2011 - 06:15 PM

Good to hear!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users