Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zeroaccess rootkit symptoms found


  • This topic is locked This topic is locked
3 replies to this topic

#1 Shardulp

Shardulp

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 25 November 2013 - 10:04 AM

My pc was giving errors when I tried to change my firewall settings: Error code 0x80070424

I ran Rkill t and this is what I got:
Rkill 2.6.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/25/2013 07:52:27 PM in x64 mode.
Windows Version: Windows 8 Pro

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\SysWOW64\ChgService.exe (PID: 1904) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* ALERT: ZEROACCESS rootkit symptoms found!

* C:\Program Files (x86)\Google\Desktop\Install\{6c76f889-4758-ee39-de24-8ad41767c58d}\ [ZA Dir]
* C:\Program Files (x86)\Google\Desktop\Install\{6c76f889-4758-ee39-de24-8ad41767c58d}\ \ [ZA Dir]
* C:\Program Files (x86)\Google\Desktop\Install\{6c76f889-4758-ee39-de24-8ad41767c58d}\ \x002ex002ex002e\ [ZA Dir]
* C:\Program Files (x86)\Google\Desktop\Install\{6c76f889-4758-ee39-de24-8ad41767c58d}\ \x002ex002ex002e\x202exfbf9x0e5b\ [ZA Dir]
* C:\Program Files (x86)\Google\Desktop\Install\{6c76f889-4758-ee39-de24-8ad41767c58d}\ \x002ex002ex002e\x202exfbf9x0e5b\{6c76f889-4758-ee39-de24-8ad41767c58d}\ [ZA Dir]
* C:\Users\Shardul Pawar\AppData\Local\Google\Desktop\Install\{6c76f889-4758-ee39-de24-8ad41767c58d}\ [ZA Dir]
* C:\Users\Shardul Pawar\AppData\Local\Google\Desktop\Install\{6c76f889-4758-ee39-de24-8ad41767c58d}\❤≸⋙\ [ZA Dir]
* C:\Users\Shardul Pawar\AppData\Local\Google\Desktop\Install\{6c76f889-4758-ee39-de24-8ad41767c58d}\❤≸⋙\Ⱒ☠⍨\ [ZA Dir]
* C:\Users\Shardul Pawar\AppData\Local\Google\Desktop\Install\{6c76f889-4758-ee39-de24-8ad41767c58d}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\ [ZA Dir]
* C:\Users\Shardul Pawar\AppData\Local\Google\Desktop\Install\{6c76f889-4758-ee39-de24-8ad41767c58d}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{6c76f889-4758-ee39-de24-8ad41767c58d}\ [ZA Dir]

Checking Windows Service Integrity:

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* BFE [Missing Service]
* BITS [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* PcaSvc [Missing Service]
* PolicyAgent [Missing Service]
* RemoteAccess [Missing Service]
* wscsvc [Missing Service]
* wuauserv [Missing Service]

* SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 11/25/2013 07:54:50 PM
Execution time: 0 hours(s), 2 minute(s), and 22 seconds(s)

BC AdBot (Login to Remove)

 


#2 techdavid

techdavid

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 25 November 2013 - 10:51 AM

Boot to SAFE Mode and run Malwarebytes Anti-Rootkit Beta and restart. After restart continue with other virus removal software such as Combofix (run CCleaner first it'll go faster), ADWCleaner, Malwarebytes, and do a boot-time scan to finish it up. http://www.malwarebytes.org/products/other_tools/



#3 Shardulp

Shardulp
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 25 November 2013 - 11:54 AM

Thanks. It worked. :)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:06 AM

Posted 25 November 2013 - 02:32 PM

@TechDavid

 

Please take note of the instructions for ... Instructions for posting advice in Am I Infected, if you have any questions please contact me or any Staff member.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users