Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zero Access Rootkit Symptoms?


  • This topic is locked This topic is locked
3 replies to this topic

#1 kenrock

kenrock

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 23 April 2012 - 01:28 PM

Hello,
My little sister came to the states for a mini vacation from her internship abroad. She told me her laptop was acting funny, so I took a look at it. All the programs that have to do with system security were turned off or in 'red' or 'orange' status, something that raised my eyebrows. I could not, even as admin, change the settings in any of these. The errors I kept seeing were:
  • "Windows Firewall can't change some of your settings. Error code 0x80070424."
  • When I try to turn on Windows Defender: "This program is turned off." In the same prompt, it gives me a link to turn the program on, which brings up this error code: "The specified service does not exist as an installed service. (Error Code 0x80070424)."
  • Windows Update window has a red shield with an x in it, and checking for updates brings this error code: 80072F78 - Windows Update encountered an unknown error.
  • Windows Security, as mentioned before, is turned off. When I click turn on now, an Action Center pop up says the Windows Security Center service can't be started. This pop up goes away after about a minute.
  • What's odd is that when I tried googling the error codes from my computer, which is totally clean, it lead me to the websites displaying info about zero access rootkit stuff. I tried this on the infected laptop. When trying to open links to sites like this one or others like major geeks, I would end up at fashion or home make-over websites at first. A couple of times, I even tried to type in the URL to the letter, and it did the same thing. Its not doing that now though.
I downloaded and tried to run GMer (which at first didn't work), but I had to leave the computer to do something else and it timed out. Another thing, when this computer times out, the power and network access buttons blink every 5 seconds. However, no matter how long or how many times I hit the power button, It won't turn back on, like its frozen in time out mode. My sister says unless it is manually timed out or put in hibernate state, it will turn back on, but not when it does it on its own. She has to remove the battery and put it back in to restart. So upon restarting, everything looked normal at first but then all the errors came back. Also, after every startup, a Registry Editor prompt comes up asking if I would allow this program to make changes on the computer. Not sure why it's doing that either.

Thats everything. I looked up other sites but all say to use trained professional help. My sister leaves to go back on Thursday. Hopefully this won't take more than a couple of days to resolve, so I'm trying to help her out before she leaves as the last good thing I can do while she's here. I don't have any logs to attach, sorry.

Edited by kenrock, 23 April 2012 - 01:38 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:02 PM

Posted 28 April 2012 - 06:18 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

I don't have any logs to attach, sorry.


Can you run aswMBR for me

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#3 kenrock

kenrock
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 30 April 2012 - 06:29 PM

Hi m0le,
Thanks for taking my case. Unfortunately, as I stated in the initial breakdown, it was my sister's computer and she has left the country. Couldn't get her to leave it.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:02 PM

Posted 30 April 2012 - 07:30 PM

Ah, shame.

Thanks for letting me know :thumbup2:

-----------------------------------------------

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users