ZeroAccess Rootkit

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by zq1, Dec 2, 2011.

  1. zq1

    zq1 Private E-2

    The keyboard on my laptop is inoperable. Can access the internet.

    I tried using the onscreen keyboard to select the drivers in the RootRepeal scan but could not get them all to highlight. I tried to scan each individual one but it crashed at #6.

    I thought I had disabled virus protection and firewall, apparently, I did not. I apologize for that.

    Before you even look at my logs, I want to thank each and every one of you guys for the work you do helping others to try to rid of these virus's. It's stressful just trying to run all the scans properly but then you guys have to deal with those of us that mess them up and I applaud you for dealing with us!
     

    Attached Files:

  2. zq1

    zq1 Private E-2

    Here is the MGtools log
     

    Attached Files:

  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It looks like ComboFix took care of the Zero Access infection, but let's run a couple additional scans.



    Goto the below link and follow the instructions for running TDSSKiller from Kaspersky
    • Be sure to attach your log from TDSSKiller
    Now please also download MBRCheck to your desktop.

    See the download links under this icon [​IMG]
    • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
    • It will show a Black screen with some information that will contain either the below line if no problem is found:
      • Done! Press ENTER to exit...
    • Or you will see more information like below if a problem is found:
      • Found non-standard or infected MBR.
      • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
    • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
    • Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )
     
  4. zq1

    zq1 Private E-2

    nice and short scans
     

    Attached Files:

  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your MBRcheck log indicates that you have an unknown type Master Boot Record. This does not always mean it is an infection, but in some cases it does. Let's get a few questions answered.
    1. Are you are having problems? If yes, it is likely that in your case this is an infection.
    2. Do you have your Windows XP boot CD?
    3. Also, do you have all important data backed up which is advisable before continuing to fix your problem?
     
  6. zq1

    zq1 Private E-2

    I do not have access to the computer any longer using a mouse or the touch pad/keyboard. When I was able to access the computer, everything else seemed to work fine, albeit a bit slow, which I attribute to low memory.

    I don't have a boot cd and after considering the risks of loosing everything, I'm going to pull the hard drive to try to recover my files at a later time.

    Thank you for your time, I really appreciate your help. I was given another computer to use but it has issues too and I'll start another thread for that.

    Thanks again!
     
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds