Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zero Access Rootkit & Guard Online Infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 slamminshaun

slamminshaun

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 10 October 2011 - 10:24 AM

My wife and I have a desktop (Dell 8400) and a laptop (Lenovo) within our home. Yesterday, her laptop began showing symptoms of a Guard Online infection (pop ups, prompts to pay for software, etc). The laptop's firewall system was also deactivated. In researching the issue online, I used my desktop, which was running normally. After a few hours of research and downloading Malwarebytes onto her laptop, the symptoms on her laptop were mostly gone. The firewall continues to be an issue, so it seems the infection is still present.

The desktop, however, is now also infected!! I'm trying to understand how the infection spread from the laptop to the desktop, considering we did not email anything from her laptop to the desktop or do anything else that might have spread the problem (that we know of). Perhaps it's possible that since both are connected to the same Internet connection, that it spread that way? The desktop is now having Google redirect issues and deactivated firewalls. I am able to download, but unable to run Malwarebytes. It begins to scan, then shuts down and denies access to the program after that. I have Sophos as my anti-virus, but it has been rendered useless for its firewall and scanning. Windows firewall is also deactivated. I tried downloading Avira, thinking perhaps another anti-virus might work better, but it's scanning/firewall capabilites are also deactivated. I have not experienced any of the Guard Online pop-ups that my wife's laptop experienced initially.

First things first, I'd like to remove the malware on the desktop (which I believe is Zero Access Rootkit, based on everything I've read here). But should I cure both computers (desktop and laptop) at the same time to ensure a spreading of the malware doesn't happen again?

What do I do? Should I post a DDS log in order to get started? Thank you in advance!

Edited by slamminshaun, 10 October 2011 - 11:04 AM.


BC AdBot (Login to Remove)

 


#2 slamminshaun

slamminshaun
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 11 October 2011 - 05:47 AM

Great news! I am 99.9% certain that I smashed the malware off both computers.

I owe this site a big "thank you" for having these forums. I applied a few remedies that I learned about from various threads, and applied them in a specific order, and it seems to have wiped the malware out. No more Google redirects, all firewalls are working, no pop ups, and Malwarebytes and Avira both indicate a clean computer. I have regained control of my PC!

I will DEFINITELY be making a donation to this website later tonight. :)

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:28 PM

Posted 12 October 2011 - 05:22 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users