Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspecting of ZeroAccess Rootkit


  • Please log in to reply
1 reply to this topic

#1 kingJulian

kingJulian

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 28 March 2014 - 10:31 AM

Hello!

I'm encountering a big problem on my Windows 7 x32 PC operating system. I suspect that somehow I got this zeroacces rootkit in my PC. The issues are the following:
Cannot turn on my windows firewall
Cannot find Windows Firewall in Services
Cannot run Chrome
Cannot go on any website that relates to virus cures (I'm posting this from my Android device)
I also followed advices from another posts, Combofix. I know I should have not done it without expert advice, but I thought it will be a walk in the park. Anyway, Combofix didn't seem to cause any damage, but nothing positive either. It doesn't even seem to work properly, it stalls at "your computer will be scanned, it will take about 10 mins...", etc.
I've also run Sirefix and ServicesRepair few days ago, no improvement, but this: a new.proccess revealrd in taskmanager, catchme.3xe, but it dissapeared at the next reboot, but now I have this process, rmbr.3XE.
So, I really need aome help, since I have a lot of important data on my PC, and erasing everything is not an option.
Thank you very much, hope to hear from anyone soon!


Edited by hamluis, 28 March 2014 - 10:32 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:16 AM

Posted 28 March 2014 - 03:35 PM


ZEROACCESS rootkit is a serious malware infection. Disinfection will probably require the use of more powerful tools than we can recommend in this forum. Before that can be done you will need to create and post a DDS log for further investigation.

Further, since you already ran Combofix due to possible malware infection, its log should be thoroughly reviewed by trained experts in order to ascertain what was detected/removed and what malware you're dealing with. A log should have been created and saved to the root directory, usually C:\ComboFix.txt.

Please follow the instructions in the Preparation Guide For Requesting Help starting at Step 6.
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running DDS which will create two logs. (Note: Windows 8.1 Users will not be able run DDS and create a log)
When you have done that, start a new topic and post the required logs to include your ComboFix log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts.
-- ComboFix logs are not permitted in this forum.

After doing this, please reply back in this thread with a link to the new topic so we can closed this one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users