Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected w/Rootkit.ZeroAccess


  • This topic is locked This topic is locked
2 replies to this topic

#1 Andrews222

Andrews222

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 20 July 2011 - 02:59 PM

Hello all,

I read, with great interest a thread where the various log generation utilities were run, resulted submitted and analyzed, leading to a successful removal.
I'm afraid, I tried ComboFix before I even thought to read through this forum to see what the experience on this was.

Bottom line, after many attempts to run ComboFix, it finally ran through stage 50 and generated a log file - ending successfully (without crashing like it had on earlier runs). However, that successful run was preceded by the message saying that "rootkit.zeroaccess is detected". After the successful run, I rebooted and ran it again hoping not to get the message, unfortunately, I gave me the same message, but ran through the 50 stages very quickly, again, resulting in a log file and success.

My Symantec endpoint protection software seems to have been clobbered, so I just uninstalled that, and everything else that looks to be wasted electrons.

I have now, after the fact, run the prescribed sequence of utilities and I'm hoping someone wouldn't mind taking a quick look to see if I've slain the monster. GMER is running (10 items listed) as I type this, and I don't know what it's telling me.

Thanks in advance

Hello again,

I've attached the log files. Just for kicks I re-ran combofix to see it the infection was gone, it pops up with "There's a newer version of ComboFix available, Would you like to update ComboFix?"

Not sure what this is all about...

EDIT: Posts merged ~Budapest

Attached Files


Edited by Budapest, 20 July 2011 - 05:15 PM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:31 PM

Posted 23 July 2011 - 09:11 PM

Please post the ComboFix log(s)

then run the following:

Please download exeHelper to your desktop.
  • Double-click on exeHelper.com to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).



NEXT



Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:31 PM

Posted 29 July 2011 - 09:03 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users