Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with ZeroAccess can't update windows, can't change firewall help


  • This topic is locked This topic is locked
24 replies to this topic

#16 agarrison23

agarrison23
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 06 November 2013 - 02:21 PM

I had already done the fix with FRST a few days ago when I saw it had an error with DeleteJunctionsIndirectory.

 

It is definetly running faster. I haven't tried to update Windows or the Firewall yet.

 

Will we just leave those files in quarantine or is there a way to remove them?

 

What else do I need to do?



BC AdBot (Login to Remove)

 


#17 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:12:34 PM

Posted 06 November 2013 - 03:55 PM

Hi agarrison23
 

I had already done the fix with FRST a few days ago when I saw it had an error with DeleteJunctionsIndirectory.




Yes i need to be sure we have removed all of the infection and ZA does target Windows Defender. Please run the Fix for FRST to remove any infection that it was unable to get when we did it a couple days ago.

When we have completed the removal then we can clean up and remove the quarantine folders.

Thanks

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#18 agarrison23

agarrison23
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 07 November 2013 - 12:25 AM

FRST files

Attached Files



#19 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:12:34 PM

Posted 07 November 2013 - 01:54 PM

Hi Argarrison23

Step 1

Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it on the Desktop as fixlist.txt
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAC8A4D3A6BAECA01
BHO: Search Results Toolbar - {348bd83c-b2cd-4319-a605-c96bb458dd80} - C:\Program Files\toolbar2\searchresultsDx.dll No File
Toolbar: HKLM - Search Results Toolbar - {348bd83c-b2cd-4319-a605-c96bb458dd80} - C:\Program Files\toolbar2\searchresultsDx.dll No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.

Step 2
  • Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe. If you run Windows Vista or 7, right click and choose 'Run as Administrator'.
  • If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
  • When you see a console window, press any key to continue scanning.
  • Wait while it scans.
  • If your firewall alerts you of Security Check, please press 'Allow' or similar.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#20 agarrison23

agarrison23
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 07 November 2013 - 03:13 PM

Logs

Attached Files



#21 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:12:34 PM

Posted 09 November 2013 - 11:33 AM

Hi Argarrison23

Step 1

Run updates to Adobe Reader:

Close all programs and windows.

Open Adobe Reader (click on "Start". Click on "All Programs". Click on "Adobe Reader"). When Adobe Reader is loaded, click on "Help". Click on "Check for updates now" (or "Updates").

You will see available updates in the left window. Select all updates or critical items in the left window and click the "Add" icon between the windows. click on the "Update" icon at the bottom. The system will start processing the update. If there are more that 2 or more updates, you will probably have to reboot between updates.

Step 2

Do you have any further issues with your machine?

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#22 agarrison23

agarrison23
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 09 November 2013 - 09:15 PM

Don't we still need to remove the quarantine folders? Or did we do that I didn't realize it.



#23 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:12:34 PM

Posted 13 November 2013 - 05:24 AM

Don't we still need to remove the quarantine folders? Or did we do that I didn't realize it.


Yes we are going to complete this now if you dont have any further issues.

Remove Tools Used :

Clean up with Delfix

Download "Delfix by Xplode" and save it to your desktop.

Double Click to start the program
If you are using Vista or higher, please right-click and choose run as administrator
Make Sure the following items are checked:
  • Activate UAC
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click on " Run " and wait patiently until the tool have completed.
The tool will create a log when it has completed. We dont need you to post this.



Clean up with OTC
  • Download OTC by OldTimer and save it to your desktop.
  • Double click OTC_Icon.jpg icon to start the program.
    If you are using Vista, please right-click and choose run as administrator
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
Clean up with TFC

Please download TFC.exe - Temp File Cleaner by OldTimer:
Alternate link: www.itxassociates.com/OT-Tools/TFC.exe
  • Save it to your Desktop.
  • Close any open windows, save your work.
  • Double click the TFC icon to run the program. ] (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process,
  • Allow TFC to run uninterrupted,
  • The program should not take long to finish its job.
  • Once it's finished, click OK to reboot.
Turn On Automatic Updates:

Turn On Automatic Updates

1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them


Make your Internet Explorer more secure:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Under Security Level for this Zone make sure that you are set to Medium -High as seen in the image below:-

    IE10%20Rec%20Settings.jpg
  • Also verify that Enable Protected Mode is checked
  • Next press the Apply button and then the OK to exit the Internet Properties page.
If you have any problems you know where we are :)

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#24 agarrison23

agarrison23
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 13 November 2013 - 09:52 AM

I had already done most of this prior to your last message. I did have a problem with missing services for Windows updates and Windows Defender but have them working. I used tweaking.com tool to restore the registry and the services. Everything works now. I updated the security for IE. I had already used CCleaner to clean up any temp files. I removed all the programs and folders except FRST. The exe is on the thumb drive but it created a folder on C: with a quarantine folder I cannot get rid of. I will try Delfix and OTC to see if that does the trick.

Thanks for your help.



#25 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,057 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:34 AM

Posted 08 March 2014 - 01:07 PM

As the issue appears to be resolved, this Topic is closed. Should you need it reopened, please contact a Forum Moderator or member of the Malware Response Team. Include the address of this thread in your request. If you have a new issue, please start a New Topic. This applies only to the original poster. Everyone else please begin a New Topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users