Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

this is the zero access rootkit i got on my computer and i dont know how to fixi t?


  • Please log in to reply
1 reply to this topic

#1 trevor12

trevor12

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 25 August 2012 - 03:02 AM

kay i downloaded rkill.exe and this is what it came up with. i dont know what to do next though, can anyone help me with clear advice on how to remove trj/sirefe.d and generic-trojan permanently off my computer?




http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/25/2012 03:32:31 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Possibly Patched Files.

* C:\Windows\system32\services.exe

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

* HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!


Performing miscellaneous checks.

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 [ZA Reg Hijack]
* C:\Users\Trevor\AppData\Local\{948f769d-8ecb-be56-223b-625f050df477}\ [ZA Dir]
* C:\Users\Trevor\AppData\Local\{948f769d-8ecb-be56-223b-625f050df477}\@ [ZA File]
* C:\Users\Trevor\AppData\Local\{948f769d-8ecb-be56-223b-625f050df477}\L\ [ZA Dir]
* C:\Users\Trevor\AppData\Local\{948f769d-8ecb-be56-223b-625f050df477}\U\ [ZA Dir]
* C:\Windows\installer\{948f769d-8ecb-be56-223b-625f050df477}\ [ZA Dir]
* C:\Windows\installer\{948f769d-8ecb-be56-223b-625f050df477}\@ [ZA File]
* C:\Windows\installer\{948f769d-8ecb-be56-223b-625f050df477}\L\ [ZA Dir]
* C:\Windows\installer\{948f769d-8ecb-be56-223b-625f050df477}\stderr.txt [ZA File]
* C:\Windows\installer\{948f769d-8ecb-be56-223b-625f050df477}\stdout.txt [ZA File]
* C:\Windows\installer\{948f769d-8ecb-be56-223b-625f050df477}\U\ [ZA Dir]
* C:\Windows\installer\{948f769d-8ecb-be56-223b-625f050df477}\U\00000001.@ [ZA File]

Checking Windows Service Integrity:

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* AppMgmt [Missing Service]
* BFE [Missing Service]
* BITS [Missing Service]
* CscService [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* PeerDistSvc [Missing Service]
* UmRdpService [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]
* wuauserv [Missing Service]

* SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

* C:\Windows\System32\services.exe [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe : 328,704 : 07/13/2009 09:39 PM : 24acb7e5be595468e3b9aa488b9b4fcb [Pos Repl]

Program finished at: 08/25/2012 03:33:30 AM
Execution time: 0 hours(s), 0 minute(s), and 59 seconds(s)

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:38 AM

Posted 25 August 2012 - 05:34 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users