Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


zero access trojan

  • Please log in to reply
1 reply to this topic

#1 ttabby25


  • Members
  • 1 posts
  • Local time:09:09 AM

Posted 11 July 2012 - 04:12 PM

Mod Edit:Moved from Win7 to the Am I Infected forum.~~boopme

i got infected with a trojan zeroaccess virus and everytime i log in it takes my firewall down and it stops me from accessing the internet and basically freezes everything up.Please help me get rid of this i did a aswMBR data log, idk if it helps but its something---
aswMBR version Copyright© 2011 AVAST Software
Run date: 2012-07-11 14:49:10
14:49:10.879 OS Version: Windows x64 6.1.7601 Service Pack 1
14:49:10.879 Number of processors: 1 586 0x602
14:49:10.879 ComputerName: MINE UserName: T
14:49:12.205 Initialize success
14:50:35.861 AVAST engine defs: 12071102
14:50:48.747 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:50:48.747 Disk 0 Vendor: TOSHIBA_MK2555GSX FG002C Size: 238475MB BusType: 11
14:50:48.778 Disk 0 MBR read successfully
14:50:48.778 Disk 0 MBR scan
14:50:48.778 Disk 0 unknown MBR code
14:50:48.794 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
14:50:48.887 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 224745 MB offset 409600
14:50:48.950 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13426 MB offset 460687360
14:50:50.104 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
14:50:50.182 Disk 0 scanning C:\Windows\system32\drivers
14:51:14.144 Service scanning
14:53:10.618 Modules scanning
14:53:10.618 Disk 0 trace - called modules:
14:53:11.195 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
14:53:11.195 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003123060]
14:53:11.195 3 CLASSPNP.SYS[fffff8800110543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80030c7060]
14:53:20.618 AVAST engine scan C:\Windows
14:53:27.279 AVAST engine scan C:\Windows\system32
15:00:35.972 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
15:00:48.172 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
15:04:03.297 AVAST engine scan C:\Windows\system32\drivers
15:04:40.768 AVAST engine scan C:\Users\T
15:12:23.026 Disk 0 MBR has been saved successfully to "C:\Users\T\Desktop\MBR.dat"
15:12:23.073 The log file has been saved successfully to "C:\Users\T\Desktop\aswMBR.txt"

Edited by boopme, 11 July 2012 - 07:37 PM.

BC AdBot (Login to Remove)


#2 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,530 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:09:09 AM

Posted 11 July 2012 - 07:39 PM

Hello ttabby25

We nee to post that log and a DDS log in a new topic.

We need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users