Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


ZeroAccess, Combofix

  • This topic is locked This topic is locked
2 replies to this topic

#1 mlk42


  • Members
  • 2 posts
  • Local time:09:37 PM

Posted 03 September 2013 - 05:15 PM

EDIT: I got rid of what remained of ZeroAccess using FRST and Unlocker, so at least there's that. Now just need to undo my dumb ComboFix mistakes... waiting for some advice before I attempt anything on that front.



Ouch. Here's my story: I got a ZeroAccess, tried to get rid of it using pretty much every anti-rootkit I could find (RogueKiller, MBAM, MBAR, ... all in safety mode as well), cured most of the symptoms but still had a regkey and files popping up on every reload, so ended up looking at threads on various boards and hastily ran ComboFix without being aware that one... ah... isn't supposed to do that on their own. ComboFix seemingly defeated (but now I understand only quarantined) the ZeroAccess, except I was left unable to connect to the internet (DNS requests hijacked?). I then just as hastily uninstalled ComboFix. Now I'm left with a ZeroAccess still there, and can't even connect on the web with the infected computer. Hopefully the system restore point ComboFix made is still there somewhere, though I don't know if I can even use it since I can't find the "install" (update from vista) CD for this Windows 7 I'm using. Figured I'd better try and ask this time...


tl;dr : Windows 7 32, have leftovers from ZeroAccess + I also installed, ran then uninstalled ComboFix without knowing what I was doing.


Am I screwed? :<


Attached latest RK logs. I was under the impression ComboFix had written a log in C: but there isn't any, guess it was deleted by the uninstall.

Attached Files

Edited by mlk42, 03 September 2013 - 06:45 PM.

BC AdBot (Login to Remove)


#2 mlk42

  • Topic Starter

  • Members
  • 2 posts
  • Local time:09:37 PM

Posted 04 September 2013 - 08:53 PM

Solved by formatting, please nevermind this thread.

(can't edit OP a second time...)

#3 JSntgRvr


    Master Surgeon General

  • Malware Response Team
  • 11,817 posts
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:37 PM

Posted 04 September 2013 - 11:27 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users