rootkit.win32.z Access.C

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by wrightm99, Aug 30, 2011.

  1. wrightm99

    wrightm99 Private E-2

    I recently got a virus that is not allowing me to use any anti-virus, redirects google searches, and is corrupting .exe files.

    I ran ComboFix and here are my results are attached

    Can somebody please help me
     

    Attached Files:

    • log.txt
      File size:
      24 KB
      Views:
      6
    wrightm99, Aug 30, 2011
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You have a lot of system files that are corrupted. Do you have your XP disc? If so, first go to start / run / and type:
    sfc /scannow and have your disc handy.

    Then re-run Combo and also download the latest version of MGtools and save it to your root folder. Run the exe file and attach the C:\MGLogs.zip.

    If you are still having issues with exe files working, download this:
    Fix Exe Association

    Scroll down to the ninth (?) file fix.
     
    TimW, Aug 30, 2011
    #2
  3. wrightm99

    wrightm99 Private E-2

    I lost my copy of XP pro, but when I ran ComboFix I downloaded XP Pro Boot Disk ENU and dragged it over the ComboFix.

    I ran MgTools and have attached the results. After running combofix my searches aren't redirected, I can access antivirus programs now, it did let me do a Hijack this now. I just want to make sure I get rid of the virus completely.
     

    Attached Files:

    Last edited: Aug 30, 2011
    wrightm99, Aug 30, 2011
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Re-run ComboFix and get me a new log. You may need to uninstall/reinstall these programs:
    c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe . . . is infected!!
    .
    c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe . . . is infected!!
    .
    c:\program files\Common Files\Rockwell\EventClientMultiplexer.exe . . . is infected!!
    .
    c:\program files\Common Files\Rockwell\EventServer.exe . . . is infected!!
    .
    c:\program files\Intel\Wireless\Bin\EvtEng.exe . . . is infected!!
    .
    c:\program files\Rockwell Software\RSCommon\RSOBSERV.EXE . . . is infected!!
    .
    c:\program files\Java\jre6\bin\jqs.exe . . . is infected!!
    .
    c:\program files\LogMeIn\x86\LMIGuardianSvc.exe . . . is infected!!
    .
    c:\program files\LogMeIn\x86\RaMaint.exe . . . is infected!!
    .
    c:\program files\LogMeIn\x86\LogMeIn.exe . . . is infected!!
    .
    c:\program files\Common Files\Rockwell\NmspHost.exe . . . is infected!!
    .
    c:\program files\Common Files\Rockwell\RdcyHost.exe . . . is infected!!
    .
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe . . . is infected!!
    .
    c:\program files\Common Files\Rockwell\RnaDirServer.exe . . . is infected!!
    .
    c:\program files\Common Files\Rockwell\RNADirMultiplexor.exe . . . is infected!!
    .
    c:\progra~1\ROCKWE~2\RSLinx\RSLINX.EXE . . . is infected!!
    .
    c:\program files\Common Files\Rockwell\RsvcHost.exe . . . is infected!!
    .
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe . . . is infected!!
    .
    c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe . . . is infected!!
    .
    c:\program files\Intel\Wireless\Bin\WLKeeper.exe . . . is infected!!
     
    TimW, Aug 30, 2011
    #4
  5. wrightm99

    wrightm99 Private E-2

    Here is the latest ComboFix log. I appreciate all of your help. Thanks
     

    Attached Files:

    wrightm99, Aug 30, 2011
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Combo is no longer showing those infected files. You can use windows explorer to find and delete:
    c:\windows\system32\dllcache\OLD59.tmp
    c:\windows\system32\dllcache\OLD56.tmp
    c:\windows\system32\dllcache\OLD53.tmp
    c:\windows\system32\dllcache\OLD50.tmp
    c:\windows\system32\dllcache\OLD4D.tmp
    c:\windows\system32\dllcache\OLD4A.tmp

    Then use add/remove programs to uninstall:
    J2SE Runtime Environment 5.0 Update 6
    Java(TM) 6 Update 20

    Reboot and download and install:
    Java Runtime 7

    Tell me how things are running now.
     
    TimW, Aug 30, 2011
    #6
  7. wrightm99

    wrightm99 Private E-2

    Everything seems to be running fine now. Only thing wrong is I can't uninstall
    AVG 10. Won't allow me access to the files. I would like to uninstall it and then reinstall so I have protection.

    Again thanks for all of your help.
     
    wrightm99, Aug 30, 2011
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, Aug 30, 2011
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds