Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

zero access rootkit


  • This topic is locked This topic is locked
14 replies to this topic

#1 Civicboy

Civicboy

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 16 September 2013 - 01:38 AM

Help - I have Zero Access Rootkit virus - Unable to download anything at all

menus, maps, software etc. I use ASC Pro and Malware Bytes.

Neither will find and delete the virus. I am not very technical and have

read all the forums e.g. TDS Killer etc.

 

How can I remedy this problem when I am unable to download?.

Will a system restore fix the problem?.


Edited by hamluis, 16 September 2013 - 07:09 AM.
Moved from AII to MRL - Hamluis.


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:55 AM

Posted 16 September 2013 - 04:30 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

First please navigate to C:\Program Files, then right-click the Windows Defender folder and select Rename from the context menu.

Add a unique variation to the filename, such as .old (for example, Windows Defender.old).

 

 

 

Next please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • If the download complete successfully, make sure to rename the Windows Defender folder back to its original filename before running FRST.

    Double-click to run it. When the tool opens click Yes to disclaimer.

  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,
Georgi


cXfZ4wS.png


#3 Civicboy

Civicboy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 16 September 2013 - 08:17 AM

Georgi, Regret carried out a system restore back to 2md Sept 2013

before you had replied. It seems to have worked in that I can now download files

with no problem.  Is there a simple way to see if I have this virus (only one of my spyware

said I had it.

 

I have carried out FRST and produced a log - I don't know how to

paste the log to this reply.

 

Please advise me how to carry this out.

 

Civicboy



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:55 AM

Posted 16 September 2013 - 08:21 AM

Hi Civicboy,

 

 

Simple attach the logs to your next reply.

See here how to do this.

 

 

Regards,

Georgi


cXfZ4wS.png


#5 Civicboy

Civicboy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 16 September 2013 - 09:05 AM

Attached File  FRST.txt   41.96KB   2 downloads

 

FRST file attached

 

Civicboy



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:55 AM

Posted 16 September 2013 - 09:12 AM

Hi,

 

Please attach the other log - Addition.txt as well. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#7 Civicboy

Civicboy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 16 September 2013 - 09:27 AM

Sorry Georgi - I must be thick - cannot find additions.txt

 

Can I redo it

 

Civicboy



#8 Civicboy

Civicboy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 16 September 2013 - 09:32 AM

Attached File  Additioncivicboy.txt   28.98KB   1 downloads

 

Georgi now found it (box was not ticked)

 

attached now

 

Civicboy



#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:55 AM

Posted 16 September 2013 - 09:44 AM

Hi Civicboy,

 

 

 

  • I don't see an Anti Virus Program running on your machine. (I can see only a few leftovers from MSE and some anti-spyware applications like Iobit Malware Fighter, SUPERAntispyware and Enigna SpyHunter).
    Download and install an antivirus program, and make sure that you keep it updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    You can find many freeware alternatives here and here. Keep in mind to choose carefully in order to avoid conflicts or instability caused by incompatible security programs.
    Also having more than one "real-time" program can be a drain on your PC's efficiency...

     

    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

 

 

 

Registry Editor / Cleaner Warning !!



The following is referring to Advanced SystemCare.
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:

  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.

This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.


For more information about why you should avoid using a such programs please take a look here => Registry Cleaners and System Tweaking Tools

 

 

 

 

Next let's remove the leftovers from ZeroAccess and other baddies:

 

Now please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 03 February 2016 - 05:56 AM.
typo.

cXfZ4wS.png


#10 Civicboy

Civicboy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 16 September 2013 - 10:14 AM

I'm sorry Georgi, A lot of this is beyond me - I do not know how to get FRST and fixlist.txt into the SAME location.

 

I have them on the PC - when I run FRST it says fixlist.txt is not in the same location.

 

advise please

 

Civicboy



#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:55 AM

Posted 16 September 2013 - 10:30 AM

Hi Civicboy,

 

 

Please copy fixlist.txt to the folder where you run FRST.exe

 

 

Regards,

Georgi


cXfZ4wS.png


#12 Civicboy

Civicboy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 16 September 2013 - 11:15 AM

Sorry Georgi thanks for your patience - I cannot follow you.

 

I CANNOT PUT FRST AND FIXLIST.TXT IN THE SAME PLACE

 

I THINK WE SHOULD CALL IT A DAY

 

CIVICBOY



#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:55 AM

Posted 16 September 2013 - 12:16 PM

Hi,

 

 

It's not so difficult. Open Mozilla Firefox and from Tools => Options => General => put a checkbox beside Always ask me where to save files.

 

1zlXabW.png

 

Now download FRST and fixlist.txt again (one by one) and when prompted where to save them choose Desktop and select Save.

 

nPtwjZI.png

 

Or simple copy fixlist.txt and FRST to the same folder then start FRST and click on the Fix button and then attach the fixlog.txt to your next reply.

 

DYpiUEb.png

 

Regards,

Georgi

 


cXfZ4wS.png


#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:55 AM

Posted 18 September 2013 - 03:39 AM

Hi ,

It's been several days. Do you still need help on this?
This thread will be closed if you don't respond within 72 hours.


Regards,
Georgi


cXfZ4wS.png


#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:55 AM

Posted 23 September 2013 - 02:30 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users