Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


New Virus Maybe

  • Please log in to reply
2 replies to this topic

#1 Dougprince72


  • Members
  • 1 posts
  • Local time:08:32 PM

Posted 23 December 2011 - 12:14 PM

Been dealing with a virus removal from a customer. To make a long story short wound up reformatting. Here is the virus description: everything gets disabled I have seen it twice now, once on XP pro machine, Once on win 7. I can get past the shut down internet issues run Combofix, it updates runs says there is a rootkit it restarts then dies, an the fix for the internet gets over ruled. If i remove the drive an try scan on my bench machine it is an instant infection seemingly. I mean it infests my work machine with the speed of ten diamond core processors. I tried running SmitfraudFix from this web site. An it crashes almost instantly after it starts. I have tried to capture the Process to forward or describe here, no luck. Any tips or programs would be very much appreciated

Edit: Moved topic from AntiVirus, Firewall and Privacy Products and Protection Methods to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)


#2 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,493 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:09:32 PM

Posted 23 December 2011 - 09:39 PM

It sounds a lot like a Zeroaccess Rootkit.
1.Open the Task Manager by pressing Ctrl + Shift + Esc on your keyboard.

2.Be sure that Show processes from all users is selected at the bottom left-hand corner of the window. Click Image Name to sort this column alphabetically and then look at the top of the list.

3.If you see a running process such as 1077238835:3433286335.exe (example only; your computer may display different numbers). You have it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,780 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:32 PM

Posted 23 December 2011 - 11:41 PM

I tried running SmitfraudFix from this web site. An it crashes almost instantly after it starts.

SmithfraudFix is an older specialized tool that was designed to remove certain rogue anti-spyware applications responsible for infecting Windows XP, 2000, and Vista machines. SmitFraudFix was intended to be used under the guidance and supervision of a trained malware removal expert who could interpret the logs...it was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware which scan individual drives or different folders on a computer for viruses. The developer no longer supports the tool and has not updated it since mid-2009 so its not effective against newer types of rogue anti-spyware programs.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users