Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zero Access & Internet Security 2013 & Root Kits & SysWOW64 file problem


  • This topic is locked This topic is locked
4 replies to this topic

#1 jillmarten

jillmarten

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 21 January 2014 - 02:59 PM

Hello, Sorry if this is jumbled, I am helping a friend with there computer when they gave it to me they were unable to get into windows because there password didn't work. So I fixed that and got into windows and then I saw the root of the problem... TONS of malware and viruses. It wouldn't connect to the internet even. So the first step was booted in safemode with networking, used RKILL, then used TDSKILLER, after it found things( I don't have the logs sorry) I then was able to install and update MALWAREBYTES before this I couldn't get a connection after running TDSkiller i was able to get a connection but it would only hold for like 5 min at a time. So I installed MALWAREBYTES, updated it and ran a full scan which took 6hrs by the way which spent most of the time in a folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\WIndows\Temporyinternetfiles and same thing with the ending content.ie5....(byt the way I have never seen a folder scan this long) I scan my own computer all the time and it never does this)  I even went to look for this folder on here and the tempfilefolder isn't there or the content.ie5.... going on...SORRY. what Malwarebytes found I removed it was a lot of Zero Access and the Internet security2013. I then rebooted the computer. don't have this log either. I then ran malwarebytes rootkit and it also found stuff. removed them as well. I then ran superanti spyware it found about 29 items. removed them. and I then ran CCLEANER.. restarted the computer I have been updating the windows files and everything because that was turned off and there was also no antivirus on this Computer either. But It still doesn't seem right because everyscan I ran takes FOREVER. and I have never noticed the SYSWOW64 folder like that before.  I am now running a full scan with microsoft security essentials I started it before I went to bed and here I am 14hrs later it is still running where I know for a fact it spent the majority of its time in the syswow64 tempinternet folder and syswow64\temp\content.ie5. what is that? I know that is a system folder but why is  there a hidden temporary internet folder in there that I can't see. ( I have view hidden folders on). I just don't understand what is going on....My computer that I have has a bigger harddrive and more files on it than the infected computer and it never ever ever takes this long for a scan... So there is something up with that hidden temp folder in the syswow64 folder... PLEASE HELP... 

 

Oh I also ran combofix... that is one log I do have....

 

and the microsoft security essentials that is still running that finally now just got out of the syswow64 folder says Prelimanry scan rsults show that malicious or ptentially unwanted software might exist on your system. You can view detected items when the scan has completed.


Jill M***Butterfly Kisses


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,339 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:31 AM

Posted 21 January 2014 - 03:04 PM

Hello. Having run ComboFix you need to repost this post with that Combo log and a DDS log from here,....

Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 jillmarten

jillmarten
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 21 January 2014 - 03:23 PM

Okay i will sorry... Do I post it here?


Jill M***Butterfly Kisses


#4 jillmarten

jillmarten
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 21 January 2014 - 03:58 PM

I did it with almost no problem i posted it in the http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/ forum. And for some reason it was taking awhile to post and I had an error message pop up on my machine that there was something wrong with the servers. then i refreshed my computer and noticed it posted twice in that forum....


Jill M***Butterfly Kisses


#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,899 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:31 AM

Posted 21 January 2014 - 05:09 PM

Reference:  http://www.bleepingcomputer.com/forums/t/521606/zero-accessinternet-security-2013root-kitssyswow64-file-combo-dds-log-attach/

 

Now that you have properly posted a malware log topic, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on, the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users