Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista Antispyware 2012 - rootkit zaccess


  • This topic is locked This topic is locked
3 replies to this topic

#1 Goldmann

Goldmann

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 31 January 2012 - 05:18 AM

Hello,

In mid-January I unfortunately accept a "flash upgrade" repetitive query and this lead to the activation of the rogue " Vista Anti-spyware 2012" on my computer.
The additional problem except the fact that I have all the scans asking for the deletion of some inexistent virus is that my ventilator got crazy and after some strange acceleration it began to run at maximum, so that i immediately shut down my computer.

After some research from my netbook (not infected) about this problem, i understood that it was probably a rootkit called "zaccess" (not sure) which has taken control of some core processes of my computer. I achieve to install "MalawareByte Anti-malaware" on the computer (despite the virus, preventing me from launching executable files) and ran it. It detected some potential threats which i deleted.

After that, the rogue scans stopped and the computer seemed clear. Nevertheless, the problem wasn't solved. My ventilator had one more time the same problem: after ten minutes, it began to have an unusual behavior and then ran at maximum (and the UC was at 100%). According to me, my computer is still infected and perhaps is used for some calculation or whatever.

I'm now asking for some help to delete this threat from my computer.

Additional information:
My OS is Vista 64 bits.

PS: Would the window "backup system to a previous state" delete the infection?

Edited by Goldmann, 31 January 2012 - 05:18 AM.


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 PM

Posted 31 January 2012 - 04:50 PM

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:18 AM

Posted 04 February 2012 - 09:33 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

If still unable to run .exe files please navigate to this page.

http://www.winhelponline.com/articles/105/1/File-association-fixes-for-Windows-Vista.html

Click on the .exe box and download the .zip file.

You will find under Usage instructions the proper way to execute this file.

p.s. You can download it from a good computer and copy the file to the desktop of the infected computer.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


If ComboFix stalls for more than 30 minutes stop the process. Run the file again. Post the log for my review and let me what problem persists with this computer.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:18 AM

Posted 11 February 2012 - 09:14 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users