ZeroAccess in Windows 8

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Mollering, Apr 28, 2013.

  1. Mollering

    Mollering Private E-2

    Hello.

    Four days ago, when I tried to access internet pages with Google Chrome, the browser showed a message before certain pages. That message said that I had in the laptop some kind of Sirefef.!C or something like that.
    Windows Update also stopped working.

    I made a look up in google regarding that and used KillZA to remove it. But KillZA said that no version of Sirefef/ZeroAccess was found on the computer. But there's an option in KillZA to perform changes in order to solve problems... And that fixed the Windows Update thing.

    Some time later, the internet connection wasn't working. The icon of wireless connection in the taskbar showed that all was fine with the internet connection, but trying to access internet pages on Chrome or IE didn't result. (The message about Sirefef on Chrome didn't appear again)

    Now, I'm accessing MajorGeeks in Safety Mode with Networking, and I already made all the scans of the http://forums.majorgeeks.com/showthread.php?t=139681

    In attachments, there's the logs... Hope you can help me.
     

    Attached Files:

    Mollering, Apr 28, 2013
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am not finding much in the way of malware in your logs.

    Rerun RogueKiller and have it fix these:
    [RUN][SUSP PATH] HKCU\[...]\Run : MaxDownloadMgr ("C:\Users\Joel\AppData\Local\Temp\StpE418_TMP.EXE") [x] -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-2294020624-1680514448-31797470-1001[...]\Run : MaxDownloadMgr ("C:\Users\Joel\AppData\Local\Temp\StpE418_TMP.EXE") [x] -> FOUND

    Reboot and rescan with RogueKiller and attach the new log.
     
    TimW, Apr 29, 2013
    #2
  3. Mollering

    Mollering Private E-2

    Ok, I did what you said. Last log of RK is in attachments...

    I was wondering... I only ran the scans in Safety Mode, maybe in Normal mode the scans will find anything else?

    Also, in the despair of find the malware I also ran one program named ESETSirefefEVCleaner... The log is attached too.

    Thanks for answering me ;)
     

    Attached Files:

    Mollering, Apr 29, 2013
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please download ComboFix to your desktop. Turn off any AV software you have before you run it. Attach the log when finished. Do not do anything while it is running or it may stall the program.
     
    TimW, Apr 30, 2013
    #4
  5. Mollering

    Mollering Private E-2

    Sorry, Tim, but ComboFix doesn't run on Windows 8, even with the Compatibility Mode of Windows. What do I do now?
     
    Mollering, Apr 30, 2013
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Let me consult with my colleagues and get back to you.
     
    TimW, May 1, 2013
    #6
  7. Mollering

    Mollering Private E-2

    Of course, no problem.
     
    Mollering, May 1, 2013
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    The consensus is that it is a false positive from Eset. Rerun both RogueKiller and Hitman in normal start up mode. Attach the logs.
     
    TimW, May 2, 2013
    #8
  9. Mollering

    Mollering Private E-2

    Ok, done. Logs are attached.
     

    Attached Files:

    Mollering, May 2, 2013
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Looks good. What issues remain, if any?
     
    TimW, May 2, 2013
    #10
  11. Mollering

    Mollering Private E-2

    Well, in Normal mode all is running fine, except I don't have any connection to internet. As I said in first post, the icon of Wireless in taskbar shows the status "Connected". Also, Windows Network Diagnostics tool doesn't show any problem...

    To come here (internet) I have to reboot the computer and start in Safety Mode, which has no sound, and even the videos are pretty crapy to watch (maybe codecs and so that don't start in this mode).
     
    Mollering, May 2, 2013
    #11
  12. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Nothing in your logs show a problem with your internet. I suggest you pursue that in the networking forum.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. You can uninstall RogueKiller and HitManPro.
    2. Go back to step 4 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    7. After doing the above, you should work thru the below link


    Malware removal from a National Chain = $149
    Malware removal from MajorGeeks = $0
     
    TimW, May 2, 2013
    #12
  13. Mollering

    Mollering Private E-2

    Well, I'm glad that I don't have the Sirefef on my laptop anymore. Thanks for that.

    Regarding the networking, on my way to that.

    Thanks, Tim.
     
    Mollering, May 2, 2013
    #13
  14. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are most welcome. Safe surfing. :)
     
    TimW, May 3, 2013
    #14

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds