Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.ZeroAccess


  • Please log in to reply
4 replies to this topic

#1 Digital Minds

Digital Minds

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 20 August 2011 - 09:42 AM

Laptop infected with Rootkit.ZeroAcess in the TCP/IP Stack according to ComboFix. I am attaching anwMBR log and TDSKiller (which found no infections). In a nutshell, computer connects to networks but does not get an IP address. Laptop has tons of other infections that have been removed but this one is a tough one.

aswMBR log
TDS log

Edit: Moved topic from Am I infected? What do I do? to the more appropriate forum, due to the request for a ComboFix log. ~ Animal

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:47 AM

Posted 20 August 2011 - 09:49 AM

Hello Digital Minds ,

Posted Image

Could you please post me up the ComboFix report? :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Digital Minds

Digital Minds
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 20 August 2011 - 10:58 PM

ComboFix

Combo Quarantined

#4 Digital Minds

Digital Minds
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 21 August 2011 - 05:54 PM

Anyone out there?

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:47 AM

Posted 23 August 2011 - 11:50 AM

Hello,

Sorry for my delay. :(

If this system is new, it's possible that ComboFix threw a false positive for Zero Access. I don't see anything in that log to be alarmed about. :thumbup2: Also, have you gotten an IP addy yet?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users