Malware - Zeroacces/Sirefef

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by ddodo69, Aug 4, 2012.

  1. ddodo69

    ddodo69 Private E-2

    Was running Mcafee, an all of a sudden started seeing hits that Mcafee was removing, but coming right back.

    I deleted Mcafee and installed Micrsoft SE, and got another series of hits, and then the Critical error message and the system shutting down after 1 minute.

    This happened after booting in Safe and Safe Mode with Command prompt.

    One last try by opening a command window and executing shutdown -a, and it still shut down, but upon restarting didn't have any additional shutdowns.

    Ran the series of programs, logs attached. Not sure if there is still an issue, but there were a number of remnants left after the Hitman Pro scan. Also, Microsoft Security Essentials will not update. THought I'd check before deleting and reinstalling.

    Not sure if anything else needs to be done, but I would like to know whether to kill those entries that were identified.

    Thanks so much,

    Dave
     

    Attached Files:

    ddodo69, Aug 4, 2012
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now click the Files/folders tab and locate these detections:


    • [ZeroAccess][FILE] @ : c:\windows\installer\{e93b3b8a-99ac-8885-4bdc-206218132391}\@ --> FOUND
      [ZeroAccess][FOLDER] U : c:\windows\installer\{e93b3b8a-99ac-8885-4bdc-206218132391}\U --> FOUND
      [ZeroAccess][FOLDER] L : c:\windows\installer\{e93b3b8a-99ac-8885-4bdc-206218132391}\L --> FOUND

    Place a checkmark each of these items, leave the others unchecked.
    Now press the Delete button.
    When it is finished, there will be a log on your desktop called: RKreport[2].txt
    Attach RKreport[2].txt to your next message. (How to attach)
    Do not reboot your computer yet.

    Rescan with HitmanPro.
    Choose to Delete these files if they are detected:


    • C:\Windows\Installer\{e93b3b8a-99ac-8885-4bdc-206218132391}\@ (ZeroAccess)
      C:\Windows\Installer\{e93b3b8a-99ac-8885-4bdc-206218132391}\L\ (ZeroAccess)
      C:\Windows\Installer\{e93b3b8a-99ac-8885-4bdc-206218132391}\L\00000004.@ (ZeroAccess)
      C:\Windows\Installer\{e93b3b8a-99ac-8885-4bdc-206218132391}\L\201d3dde (ZeroAccess)
      C:\Windows\Installer\{e93b3b8a-99ac-8885-4bdc-206218132391}\U\ (ZeroAccess)

    Ignore all other detections.
    Afterwards, click the Next button.
    HitmanPro may want to reboot the PC in order for the changes to take affect, please do so.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * RKill log
    * Hitmanpro log
    * C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
    TimW, Aug 4, 2012
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds