Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Zeroaccess.B on WIN 7 64 bit


  • This topic is locked This topic is locked
3 replies to this topic

#1 Stefan B.

Stefan B.

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 13 April 2012 - 03:03 AM

Hi,
I some how got infected with the Trojan.Zeroaccess.B
My Symantec Scanner is capable of detecting this trojan, but has currently no tool to remove this.

I found a (now closed) tread on how to deal with this.
So I downloaded Malware bytes Anti-Malware and ran that. On the first run: success. 1 treat found. Second try: nothing!
Additionally I got FNRST64.exe on a USB-Stick and ran that after rebooting my laptop and starting in secure mode.
The result: nothing in the Text-file (see attached).

But my Symantec still discovers the trojan and sends some 20,000 popups on my screen every day with the following text:

Scan type: Auto-Protect Scan
Event: Risk Found!
Security risk detected: Trojan.Zeroaccess.B
File: C:\Users\xxxxx\AppData\Local\c3e1c971\X
Location: C:\Users\xxxxx\AppData\Local\c3e1c971
Computer: LAP-013
User: xxxxxx
Action taken: Pending Side Effects Analysis : Access denied


This is making me feel better, but I can't close these windows, as they reapear faster as I can close them AND they stay on top!!!

Any help is more then welcome!

Thanx
Stefan

Attached Files

  • Attached File  FRST.txt   45.15KB   7 downloads

Edited by hamluis, 13 April 2012 - 05:16 AM.
Moved from Win 7 to Malware Removal Logs.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:06 PM

Posted 15 April 2012 - 08:34 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 Stefan B.

Stefan B.
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 15 April 2012 - 02:05 PM

Hi and many thanks for your support.
I did as requested. There were some threats while running TDSSKiller in secure mode. See attached protocol "Maleware_Scanresults.txt" and I ran aswMBR.
This one was a bit tedious, as I had to make a hardware restet twice due to a stuck lap top...
Therefor I am not sure, if the protocol is complete.

Awaiting next steps
:-)

Thanks again
StefanAttached File  Maleware_Scanresult.txt   84.59KB   2 downloads

Attached Files

  • Attached File  MBR.zip   601bytes   1 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:06 PM

Posted 21 April 2012 - 10:36 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users