Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess Rootkit Removal/Google Redirection Virus?


  • This topic is locked This topic is locked
5 replies to this topic

#1 6-1 6-3 6-0

6-1 6-3 6-0

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 10 August 2013 - 05:30 PM

EDIT: Managed to remove this. I used RogueKiller (the newest version) once, restarted PC, did the scan again and removed all files. Problem is now fixed. Apparently the problem is a relatively new version of the ZeroAccess virus. I'll keep the rest of the post here in case anyone else has this problem in future.

 

Hello;

 

Recently I've been infected with something that is redirecting me to a random page when I do a google search and click on an innocent link.

 

I've run CCleaner, MalwareBytes, SUPERAntiSpyware, Registry Mechanic, McAfee, TDSSKiller, and none of them seem to be able to deal with the problem. MalwareBytes does find the ZeroAccess virus and removes two files, but not permanently (they reappear upon reboot).

 

Rkill seems to find what the problems are; I've attached a log of this, including the attach.txt file I was instructed to attach.

 

TDSSKiller and McAfee in particular do not find anything at all. (I think I am using their latest updates.)

 

As seen in the Rkill 10-08-2013.txt file, there are numerous sub-folders nested within each other in the "C:\Program Files\Google\Desktop\Install" folder, which I am unable to delete. If I keep entering these sub-folders, eventually I reach a folder (that is apparently "empty") but I can't enter nor delete.

 

For some reason, it isn't letting me do a system restore.

 

I would really appreciate help with this.

Thanks in advance.

Attached Files


Edited by 6-1 6-3 6-0, 10 August 2013 - 06:56 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:15 AM

Posted 10 August 2013 - 06:55 PM



Hello 6-1 6-3 6-0

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 6-1 6-3 6-0

6-1 6-3 6-0
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 10 August 2013 - 06:59 PM

Hello;

 

Thanks for the reply. Apologies for being a nuisance, but I think I have just got rid of the problem (the Google redirects are gone). I used RogueKiller and a tutorial I found online which dealt with the issue. Supposedly, it was a newer version of the ZeroAccess virus which couldn't be dealt with in the same way the previous versions were.

 

I will follow your instructions also, just to be safe.


Edited by 6-1 6-3 6-0, 10 August 2013 - 06:59 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:15 AM

Posted 10 August 2013 - 07:15 PM

I will be waiting for the reports



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:15 AM

Posted 14 August 2013 - 09:32 PM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:15 AM

Posted 20 August 2013 - 10:23 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users