C:\Windows\System32\drivers\smb.sys

[mooth]

Hi

I've gone through the malware removal guide up to step 4 but AVG is still popping up telling me I have Trojans in System32 and it can't do anything about the smb.sys one. I havent had the internet for a few weeks and as soon as I got internet access at home these things kept on popping up. Just before I lost internet access I downloaded some games a few of which never worked, that's the only place I can think it would have come from but I've never had a problem before.

I've attached 3 of the 4 files but the Hitman Pro log says it's an invalid file so I've had to paste it below

<?xml version="1.0"?>
-<Log filesProcessed="18020" timeSpentInSecs="292" date="2012-07-04T18:33:00" version="3.6.0.160" scan="Normal" computer="HOME-PC">-<Item status="None" score="119.0" malwareName="Malware" type="Malware">-<Scanners><Scanner name="Gen:Variant.Barys.2378 (Engine A)" id="G Data"/><Scanner name="Trojan.Hosts.5758" id="DrWeb"/><Scanner name="Trojan.ZeroAccess!IK" id="Ikarus"/></Scanners><File hash="C24D0F2ADF13FC5AC12F3EACD3D155AE368CD542BFA6CAF1A958DAD0C596A359" path="C:\Windows\system32\drivers\smb.sys"/></Item></Log

Thanks a lot for any help.

[thisisu]

Welcome to MajorGeeks, mooth

Let HitmanPro Replace this detection.
Then rescan with HitmanPro and attach the latest log. You need to attach it as a .zip as the forum does not allow .xml. This is explained in the instructions on how to obtain the log.

Reviewing the rest of your logs now.

[thisisu]

From Programs and Features (via Control Panel), please uninstall the below:

• AVG 2012
• Java(TM) 6 Update 31
• Java(TM) 7 Update 4
• Java(TM) SE Development Kit 7 Update 2

__

Please download and run AVG Remover

__

Please download and run ComboFix and attach its log.
Read these instructions on how to use it: How to use ComboFix
Do not uninstall ComboFix yet as we may need it to fix remaining malware issues.

[mooth]

I did what you said but combofix sat doing nothing for ages, it said it was scanning and would normally take ten minutes but could easily take double but I left it for 40 minutes and it didn't say anything else and now my recycle bin keeps telling me it's corrupted for some reason.
I've attached the HitmanPro log, I don't seem to be having any problems but it's not been that long.
Why have I got rid of AVG?

[thisisu]

Did you uninstall AVG?
The reason I requested this is to increase the chance of ComboFix running successfully.

__

Try deleting these manually:

• C:\ProgramData\Ask <-- Folder
• C:\Windows\$NtUninstallKB14204$ <-- ZeroAccess folder

__

Let me know if you were successful or not and then experiment with the PC some more and let me know if there are any other problems.

[mooth]

I did uninstall AVG. I deleted Ask but I couldn't delete $NtUninstallKB14204$ but it seems to have been on my computer for ages. ComboFix still didn't run but it's been a few days now and I havn't had any problems so it looks like it's fixed.

Thanks

[thisisu]

I understand the computer is working fine but that folder is actually a trace of ZeroAccess. These types of folders do not belong on Vista/7 computers.

Here is the recommended action:

Please download BlitzBlank to your desktop.

• Double-click BlitzBlank.exe to open (Vista/7 right-click and select Run as Administrator)
• Press OK at the warning prompt.
• Click the Script tab
• Copy the text inside the code box below and paste it into the text-field.

Code:

DeleteFolder:
C:\Windows\$NtUninstallKB14204$

• Now click the Execute Now button.
• The fix will require a reboot in order to complete successfully.
• Upon reboot, locate C:\blitzblank.log and attach this log to your next message. (How to attach)