ZeroAccess cannot run TDSKiller or MBAB Redirecting Issues

[TimW]

Go to start / run / type in:
services.msc
When the window opens, scroll down to the Base Filtering service and tell me what it is set to.

[nyt]

The BSE Service is set for Startup Type Automatic. It is not started.

[TimW]

Set it to manual and then do the fix again.

[nyt]

Set the BFE Service to Manual.

Rebooted. Reran the BFE.reg. Opened Command prompt and tried to start BFE Service.

Same results. System Error 5. Access is denied.

Update: I checked the Services again and the BFE Service was set back to Automatic. Looks like it happened when I reran bfe.reg. I am positive I set it to Manual. Going to repeat again just in case.

Just reset BFE Service back to Manual. Reopened Services to verify. Did not rerun bfe.reg. Rebooted. Tried to Start BFE services. Same errors.

[nyt]

Got BFE Started.

Followed these instructions to get it running.

Use Regedit and goto key HLKM\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy key, and modifying the Permissions on the key to add a user “NT Service\BFE” and give it Full Control.

[nyt]

Update to BFE Fix using better instructions.

Run regedit:
1. Browse to the location for the BFE service in the registry (HKLM\System\CurrentControlSet\Services\BFE\Parameters\Policy), right click and select permissions. (note: HKLM is short for HKEY_LOCAL_MACHINE_
2. In the “Permissions for Policy” window, click advanced | Add.
3. Once the “Select Users, Computers or Group” box appears, change the “From this location:” to point to the local machine name.
4. After changing the search location, enter “NT Service\BFE” in the “Enter the object name to select” box and click “Check names” – this will allow you to add the BFE account.

5. Give the following privileges to the BFE account:
Query Value
Set Value
Create Subkey
Enumerate Subkeys
Notify
Read Control

After adding the BFE account to the registry key, please try to start the Base Filtering Engine service.

[nyt]

Noticed the Security Center Service was also missing. Followed another forum's instructions to download the appropriate missing registry entries. Rebooted and it is back and running.

Still cannot get Windows Firewall or Windows Defender running. Just installed Microsoft Security Essentials so I believe I do not need Windows Defender. Still poking around for a fix on the Firewall Issue.

Thanks!

[nyt]

Windows Firewall is now running. Followed same procedure as BFE.

Imported Registry Keys for mpssvc and sharedaccess.

Gave mpssvc account same privileges as described in BFE post below in SharedAccess registry key.

That allows me to start Windows Firewall.

What do I do now to see what else needs to be done?

Thanks again for your help TimW!!

[TimW]

Quote:

Originally Posted by nyt

What do I do now to see what else needs to be done?

You should be good to go now.

Quote:

Originally Posted by nyt

Thanks again for your help TimW!!

You are most welcome.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. You can uninstall RogueKiller and HitManPro.
2. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
4. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Go to add/remove programs and uninstall HijackThis.
6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
7. After doing the above, you should work thru the below link:
   
   • How to Protect yourself from malware!
   
   

Malware removal from a National Chain = $149
Malware removal from MajorGeeks = $0