Help, I have zeroaccess rootkit / GAC_32 desktop.ini virus

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by masumane, May 24, 2012.

  1. masumane

    masumane Private E-2

    OK i did read the official "read me" topic but the reason it won't help, is because I've tried mostly everything in there already.... I'm running Windows 7, and I fully updated MBAM, TDSSKiller, Spybot S&D and SuperAntiSpyware. None of them can find the problem.

    However, Hitman Pro is able to find it... It's desktop.ini in Windows/assembly/GAC_32 and also Windows/assembly/GAC_64. It just can't seem to get rid of it, even when I allow it to reboot my computer. I've tried running all these programs in safe mode too, but they can't get rid of whatever seems to be redirecting my google searches and constant popups.

    And finally, the last thing I should mention is I have tried Combofix (in safe mode, too) but the problem with it is it finishes extracting files and then it just closes. I think it's time I bust out the heavy weapons and get some advice from you guys. I would greatly appreciate any help, and hope to be rootkit free by tomorrow.
     
  2. masumane

    masumane Private E-2

    I just ran ENODs online scanner, it found 26 infected files, automatically quarantined them and I saved a log.. Here it is (Im using windows 7 64 bit)

    By the way I'm guessing all the other topics I'm seeing on the front page about desktop.ini and whatnot are people who also got the virus from some jerk who posted on demonoid... At least he's banned now I think :b
     

    Attached Files:

    • e32.txt
      File size:
      3.4 KB
      Views:
      2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

  4. masumane

    masumane Private E-2

    Thanks Tim. Here are the logs that were requested on that page, from Goored and MBRcheck... Also, Kapersky TDSSKiller did not fix the redirecting (and yep I ran it as administrator)
     

    Attached Files:

  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I need the following logs:
    TDSSKiller
    SAS
    MBAM
    ComboFix
    C:\MGLogs.zip
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds