MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 05-24-12, 20:41
masumane masumane is offline
Private E-2
 
Join Date: May 2012
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Help, I have zeroaccess rootkit / GAC_32 desktop.ini virus

OK i did read the official "read me" topic but the reason it won't help, is because I've tried mostly everything in there already.... I'm running Windows 7, and I fully updated MBAM, TDSSKiller, Spybot S&D and SuperAntiSpyware. None of them can find the problem.

However, Hitman Pro is able to find it... It's desktop.ini in Windows/assembly/GAC_32 and also Windows/assembly/GAC_64. It just can't seem to get rid of it, even when I allow it to reboot my computer. I've tried running all these programs in safe mode too, but they can't get rid of whatever seems to be redirecting my google searches and constant popups.

And finally, the last thing I should mention is I have tried Combofix (in safe mode, too) but the problem with it is it finishes extracting files and then it just closes. I think it's time I bust out the heavy weapons and get some advice from you guys. I would greatly appreciate any help, and hope to be rootkit free by tomorrow.
Reply With Quote
Sponsored links
  #2  
Old 05-25-12, 00:09
masumane masumane is offline
Private E-2
 
Join Date: May 2012
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Help, I have zeroaccess rootkit / GAC_32 desktop.ini virus

I just ran ENODs online scanner, it found 26 infected files, automatically quarantined them and I saved a log.. Here it is (Im using windows 7 64 bit)

By the way I'm guessing all the other topics I'm seeing on the front page about desktop.ini and whatnot are people who also got the virus from some jerk who posted on demonoid... At least he's banned now I think :b
Attached Files
File Type: txt e32.txt (3.4 KB, 2 views)
Reply With Quote
  #3  
Old 05-25-12, 16:21
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 46,699
Thanks: 449
Thanked 4,651 Times in 4,390 Posts
Default Re: Help, I have zeroaccess rootkit / GAC_32 desktop.ini virus

Please follow these instructions:

READ & RUN ME FIRST. Malware Removal Guide
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Reply With Quote
  #4  
Old 05-25-12, 20:58
masumane masumane is offline
Private E-2
 
Join Date: May 2012
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Help, I have zeroaccess rootkit / GAC_32 desktop.ini virus

Thanks Tim. Here are the logs that were requested on that page, from Goored and MBRcheck... Also, Kapersky TDSSKiller did not fix the redirecting (and yep I ran it as administrator)
Attached Files
File Type: txt GooredFix.txt (1.2 KB, 0 views)
File Type: txt MBRCheck_05.25.12_18.52.14.txt (11.7 KB, 1 views)
Reply With Quote
  #5  
Old 05-26-12, 12:55
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 46,699
Thanks: 449
Thanked 4,651 Times in 4,390 Posts
Default Re: Help, I have zeroaccess rootkit / GAC_32 desktop.ini virus

I need the following logs:
TDSSKiller
SAS
MBAM
ComboFix
C:\MGLogs.zip
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Reply With Quote
Sponsored links
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
GAC_32/GAC_64 desktop.ini help thepspgamer Malware Removal 38 05-29-12 15:46
Removing GAC_32 and 64\Desktop.ini dislocatedkarma Malware Removal 16 05-24-12 21:08
Infected with Rootkit.ZeroAccess on desktop zamorazeke Malware Removal 25 04-26-12 22:28
(c:\Windows\assembly\GAC_32\Desktop.ini) Keeps me off Internet: Partially Removed? talent4theworld Malware Removal 22 02-09-12 14:54
Help for a NOOB - Rootkit.ZeroAccess Virus riveraider Malware Removal 1 01-26-12 19:36


All times are GMT -5. The time now is 19:32.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger