Trojan.0access

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Kmcc88, Aug 28, 2012.

  1. Kmcc88

    Kmcc88 Private E-2

    I've ran malwarebytes and tried every way I can think of to get rid of it from what things I've read it varies by each computer. I've been dealing with this for weeks thinking it was just another crappy outbreak of spyware or whatever I've paid bills, checked my bank account and etc. Now that I'm tired of dealing with it I am freaking out cause I've done all of that!
     
  2. Kmcc88

    Kmcc88 Private E-2

    Log from malwarebytes
     

    Attached Files:

  3. Kmcc88

    Kmcc88 Private E-2

    Now I've got all of the logs properly attached and ran in the correct order
     

    Attached Files:

  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    [​IMG] Fix items using RogueKiller.

    Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now click the Registry tab and locate these 6 detections:
    • [ZeroAccess][FILE] @ : C:\Windows\Installer\{deb07f10-e9c1-7dde-d580-6807b8622f3e}\@ --> FOUND
    • [ZeroAccess][FILE] @ : C:\Users\Administrator\AppData\Local\{deb07f10-e9c1-7dde-d580-6807b8622f3e}\@ --> FOUND
    • [ZeroAccess][FOLDER] U : C:\Users\Administrator\AppData\Local\{deb07f10-e9c1-7dde-d580-6807b8622f3e}\U --> FOUND
    • [ZeroAccess][FOLDER] L : C:\Users\Administrator\AppData\Local\{deb07f10-e9c1-7dde-d580-6807b8622f3e}\L --> FOUND
    • [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC\Desktop.ini --> FOUND
    • [Susp.ASLR|Sig - ZeroAccess][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND
    Place a checkmark each of these items, leave the others unchecked.
    Now press the Delete button.
    When it is finished, there will be a log on your desktop called: RKreport[2].txt
    Attach RKreport[2].txt to your next message. (How to attach)
    Do not reboot your computer yet.


    Rescan with HitmanPro

    • When it finds services.exe - Virusallow it to Replace by clicking the down arrow next to the detection and choosing Replace.
    • Leave any other detections alone (Ignore them).
    • Afterwards, click the Next button.
    • HitmanPro may want to reboot the PC in order for the changes to take affect, please do so.
    • After reboot and when you are back in Windows, run another scan with HitmanPro and then attach the latest hitmanpro.zip log.

    • Re run TDSSKiller and attach the resulting log.
    • Now rescan with RogueKiller - no fix - just a scan and attach log.

    We then have a few broken services to deal with, but we'll focus on removing malware first.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds