Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.Win32.Zaccess.e Infection


  • This topic is locked This topic is locked
3 replies to this topic

#1 Cendy

Cendy

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 29 September 2011 - 12:06 PM

Hello!

I would be very grateful to receive any help on this problem that started a few days ago on Tuesday.

Computer basic info:
  • Windows 7 Starter
  • Service Pack 1
  • 32-bit OS
  • Gateway LT20

The first problem that I noticed was, based on other posts on this forum, a Google Redirect virus. This problem appeared about a week ago, but I didn't do anything about it. :wacko:

On Tuesday, I was surfing the web using Mozilla as usual. I stepped away from the comp for a little while, but when I came back, the Blue Screen of Death was up. I thought it was because I had too many tabs up and overloaded my computer, so I restarted it.

Upon restarting, it would load about halfway (no desktop, no task bar), and then BSOD. After several restarts, it loaded to the desktop, and I was able to save a few important documents. But after a few minutes, it would crash and BSOD would be up again.

I left it off for a few hours. When I turned it back on, the program OpenCloud Security appeared. After several minutes, my computer would crash again. I looked up how to remove this virus on another computer, so I downloaded and transferred Rkill and attempted to use it with no luck. It would keep shutting down. I went on SafeMode but OpenCloud no longer appeared. I ran Malwarebytes in SafeMode, and deleted 4 or 5 infections. I went back into Normal mode, OpenCloud still opened. Malwarebytes kept notifying that it blocked access to malicious websites, and I don't know how, but OpenCloud stopped running.

I then downloaded and used TDSS rootkit removing tool. It detected 2 threats, but was able to cure only 1. The one that remains is

Rootkit.Win32.ZAccess.e

Service: DfsC
Service type: File sytem drive (0x2)
Service start: System (0x1)
File: C:\Windows\system32\Drivers\dfsc.sys
MD5: 2077b7cb788948a9c94ee33216a16f96

The good news is that I don't have the Google redirect or OpenCloud problems anymore. However, I am worried about this infection and what it could be doing to my computer security-wise.

Other possible related info: Recycle bin is suddenly empty (I don't remember emptying it). I also kept getting messages from Windows that asked me for permission for certain applications to make changes to my computer. They popped up when OpenCloud was running but they no longer appear. They were always similar programs asking for permission: win_lotsof#s_.exe

I hope I gave enough detail to be able to get some help on this problem. Please let me know if you have any questions or suggestions. Thank you so much for your time and expertise!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:12 AM

Posted 29 September 2011 - 12:14 PM

Hi Cendy, to remove the ZeroAccess kit.

We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
If you still have the TDSS report include that also.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Cendy

Cendy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 30 September 2011 - 12:12 AM

Hi Boopme, thank you so much for your guidance. I posted a new topic in the logs forum. Everything went smoothly. Hopefully it can provide some answers! Thank you once again.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:12 AM

Posted 30 September 2011 - 09:22 AM

They will,it will be a couple days for a reply(volume) but all logs are answered.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users