MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Closed Thread
 
Thread Tools Display Modes
  #1  
Old 10-22-11, 11:55
deeps deeps is offline
Private E-2
 
Join Date: Oct 2011
Posts: 24
Thanks: 3
Thanked 0 Times in 0 Posts
Default rootkit.0access and other malware

I've been dealing with zero access rootkit and other malware for a week now..

Can't run most programs, or get online and can't seem to access ip configuration address. Any help would be greatly appreciated.

Ran malware, super antivirus and combo fix...results below.
Attached Files
File Type: txt combofixlog.txt (13.7 KB, 5 views)
File Type: txt mbam-log-2011-10-22 (11-00-15).txt (900 Bytes, 1 views)
File Type: log SUPERAntiSpyware Scan Log - 10-22-2011 - 11-40-30.log (704 Bytes, 2 views)
Sponsored links
  #2  
Old 10-22-11, 14:08
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,179
Thanks: 270
Thanked 1,437 Times in 1,356 Posts
Default Re: rootkit.0access and other malware

Hi and welcome to Major Geeks, deeps!

Now we need to run TDSSKiller by Kaspersky
Follow the instructions here and attach your log when you are finished. (How to attach items to your post)

Have you attempted going through this yet? READ & RUN ME FIRST. Malware Removal Guide

If not, you need to at this time. Let me know what did not run. You don't have to complete the scans you have already completed again.
__________________
Facebook . Twitter . Blog . VirusTotal
  #3  
Old 10-22-11, 18:59
deeps deeps is offline
Private E-2
 
Join Date: Oct 2011
Posts: 24
Thanks: 3
Thanked 0 Times in 0 Posts
Default Re: rootkit.0access and other malware

Yes, i have done the read and run me malware removal...followed the steps.

Here is the tdsskiller log...thanks again.
Attached Files
File Type: txt tdsskiller.txt (31.4 KB, 5 views)
  #4  
Old 10-22-11, 19:33
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,179
Thanks: 270
Thanked 1,437 Times in 1,356 Posts
Default Re: rootkit.0access and other malware

You made no mention of MGlogs.zip. Please attach that file if you were able to run MGtools.exe

Also attach the log from running DeFogger.

Then complete the following:

Please download OTL by Old Timer to your desktop.
  • See the download links under this icon:
  • Double-click OTL.exe to run (Vista and Win7 right click and select Run as administrator)
  • When the window appears, underneath Output at the top-right, make sure Standard Output is selected.
  • Select Scan All Users.
  • Check the boxes beside LOP Check and Purity Check.
  • Copy the text in the code box below and paste it into the text-field.
    Code:
    netsvcs
    %systemdrive%\*.exe
    /md5start
    afd.sys
    atapi.sys
    csrss.exe
    explorer.exe
    ipnat.sys
    ipsec.sys
    regedit.exe
    services.exe
    svchost.exe
    tcpip.sys
    userinit.exe
    winlogon.exe
    /md5stop
    %systemroot%\*. /mp /s
    %windir%\assembly\GAC\*.ini
    %windir%\assembly\GAC_MSIL\*.ini
    %windir%\assembly\gac_32\*.ini
    %windir%\assembly\gac_64\*.ini
    %windir%\assembly\temp\*.ini
    %windir%\assembly\tmp\u /s
    %allusersprofile%\application data\*.exe
    %systemdrive%\MGtools\
    %systemdrive%\
    %userprofile%\desktop\
    hklm\software\microsoft\windows\currentversion\run|exe /rs
    hklm\software\microsoft\windows\currentversion\runonce|exe /rs
  • Now click the button.
  • When the scan is complete, Notepad will open with the results of the OTL scan.
  • Close Notepad.
  • There will be two log files on your desktop entitled OTL.txt and Extras.txt.
  • Attach both OTL.txt and Extras.txt to your next message. (How to attach items to your post)
__________________
Facebook . Twitter . Blog . VirusTotal
  #5  
Old 10-24-11, 21:35
deeps deeps is offline
Private E-2
 
Join Date: Oct 2011
Posts: 24
Thanks: 3
Thanked 0 Times in 0 Posts
Default Re: rootkit.0access and other malware

Apologize for the missing files...thanks again for all the help.
Attached Files
File Type: log defogger_disable.log (470 Bytes, 1 views)
File Type: zip MGlogs.zip (123.0 KB, 6 views)
File Type: txt Extras.Txt (35.8 KB, 2 views)
File Type: txt OTL.Txt (103.9 KB, 4 views)
Sponsored links
  #6  
Old 10-24-11, 22:55
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,179
Thanks: 270
Thanked 1,437 Times in 1,356 Posts
Default Re: rootkit.0access and other malware

From Add/Remove Programs (via Control Panel), please uninstall the below:
  • J2SE Runtime Environment 5.0 Update 6
  • Java(TM) 6 Update 18
  • Java(TM) 6 Update 2
  • Java(TM) 6 Update 3
  • Java(TM) 6 Update 5
  • Java(TM) 6 Update 7

Please download Disable/Remove Windows Messenger by Doug Knox to your desktop.
  • See the download links under this icon:
  • Double-click MessengerDisable.exe
  • Place a check-mark in Uninstall Windows Messenger
  • Click Apply
  • Click Exit

Now we need to make use of OTL by Old Timer.
  • Double-click OTL.exe to run (Vista and Win7 right-click and select Run as administrator)
  • When OTL opens, copy the text in the code box below and paste it into the text-field.
    Code:
    :processes
    killallprocesses
    :otl
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O29 - HKLM SecurityProviders - (digeste.dll) - File not found
    O33 - MountPoints2\{e1412540-3cbe-11df-814a-001676bc312a}\Shell - "" = AutoRun
    O33 - MountPoints2\{e1412540-3cbe-11df-814a-001676bc312a}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{e1412540-3cbe-11df-814a-001676bc312a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O33 - MountPoints2\{e1412541-3cbe-11df-814a-001676bc312a}\Shell\AutoRun\command - "" = setupSNK.exe
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2011/10/09 11:08:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\2329406891
    [2011/10/08 10:19:49 | 000,662,349 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
    [2011/10/09 10:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2010/10/15 07:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2007/12/12 23:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2009/04/01 10:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2010/04/20 08:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/09/17 09:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/04/18 16:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2011/09/23 08:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\AVG2012
    [C:\WINDOWS\$NtUninstallKB33688$] -> Error: Cannot create file handle -> Unknown point type
    @Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
    :services 
    abedd78a
    :files
    C:\$AVG
    C:\WINDOWS\$NtUninstallKB33688$ /d
    C:\WINDOWS\system32\drivers\ipsec.sys|C:\WINDOWS\system32\dllcache\ipsec.sys /replace
    ipconfig /flushdns /c
    netsh int ip reset resetlog.txt /c
    netsh winsock reset /c
    :reg
    :commands
    [purity]
    [emptyjava]
    [emptytemp]
    [emptyflash]
    [resethosts]
  • Now click the button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • When complete, Notepad will open.
  • Close Notepad.
  • A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Attach this log to your next message. (How to attach items to your post)

Now install the current version of Sun Java from: Sun Java Runtime Environment

Put your computer back into Normal Startup Mode and reboot before proceeding to the next step >> Use MSconfig to setup for Normal Startup Mode


Now open OTL again and click the button
Note: This automatically updates the OTL.txt log on your desktop.
Attach OTL.txt to your next message. (How to attach items to your post


Now run C:\MGtools\GetLogs.bat by double-clicking it (Vista and Win7 right-click and select Run as Administrator)
Then attach C:\MGlogs.zip to your next message. (How to attach items to your post)
Notes:
  • This will automatically update all the logs inside MGlogs.zip
  • Make sure you click Accept on the License Agreement from Trend Micro HiJackThis - v2.0.4 twice if prompted.

LET ME KNOW HOW THE PC IS RUNNING AFTER YOU HAVE COMPLETED THESE STEPS
__________________
Facebook . Twitter . Blog . VirusTotal

Last edited by thisisu; 10-24-11 at 23:04.. Reason: ipsec entry
  #7  
Old 10-25-11, 19:23
deeps deeps is offline
Private E-2
 
Join Date: Oct 2011
Posts: 24
Thanks: 3
Thanked 0 Times in 0 Posts
Default Re: rootkit.0access and other malware

Attached the OTL run fix and scans but can't access C:\MGtools\GetLogs.bat

Getting an error stating 'Windows cannot find 'C:\MGtools\GetLogs.Bat'. Make sure you typed the name correctly, and then try again.'

Still can't access the internet.
Attached Files
File Type: txt New Text Document (2).txt (4.9 KB, 6 views)
File Type: txt New Text Document (3).txt (15.8 KB, 8 views)
File Type: txt OTL.Txt (62.8 KB, 9 views)
  #8  
Old 10-25-11, 20:36
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,179
Thanks: 270
Thanked 1,437 Times in 1,356 Posts
Default Re: rootkit.0access and other malware

Quote:
Attached the OTL run fix and scans but can't access C:\MGtools\GetLogs.bat

Getting an error stating 'Windows cannot find 'C:\MGtools\GetLogs.Bat'. Make sure you typed the name correctly, and then try again.'
I need you to open this folder using Windows Explorer: C:\MGtools
Inside you will see a bunch of files, look for the one named GetLogs.bat
Then double-click GetLogs.bat. Let this run unhindered.

Afterwards, attach the MGlogs.zip file -- It's at C:\MGlogs.zip
__________________
Facebook . Twitter . Blog . VirusTotal
  #9  
Old 10-25-11, 20:41
deeps deeps is offline
Private E-2
 
Join Date: Oct 2011
Posts: 24
Thanks: 3
Thanked 0 Times in 0 Posts
Default Re: rootkit.0access and other malware

Quote:
Originally Posted by thisisu View Post
I need you to open this folder using Windows Explorer: C:\MGtools
Inside you will see a bunch of files, look for the one named GetLogs.bat
Then double-click GetLogs.bat. Let this run unhindered.

Afterwards, attach the MGlogs.zip file -- It's at C:\MGlogs.zip
I understand, i tried that, when i double click the file GetLogs.Bat in the MGTools folder, that's the error prompt i get.
  #10  
Old 10-25-11, 21:07
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,179
Thanks: 270
Thanked 1,437 Times in 1,356 Posts
Default Re: rootkit.0access and other malware

Please download Tweaking.com - Windows Repair by Tweaking.com to your desktop.
  • See the download links under this icon:
  • Double-click tweaking.com_windows_repair_aio.zip and extract the Tweaking.com - Windows Repair folder to your desktop.
  • Now open this folder and double-click Repair_Windows.exe.
  • Click the Start Repairs tab on the far right.
  • Click Custom Mode so there is a bullet in it.
  • Click the Start button (bottom right)
    Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.
  • Click Unselect All
  • Put a checkmark in the following items:
    • Reset Registry Permissions
    • Reset File Permissions
    • Register System Files
    • Remove Policies Set By Infections
    • Repair Winsock and DNS Cache
    Note: Leave everything else unchecked
  • Put a checkmark in Restart System When Finished
  • Now click the Start button (bottom right)
  • Let this run unhindered, then reboot afterwards.

Now we need to make use of ComboFix by sUBs
  • Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop but do not run it!
    • If it is not on your desktop, the below will not work.
  • Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
  • Open Notepad and copy/paste the text in the below code box into Notepad:
Code:
KillAll::
DirLook::
c:\mgtools
FileLook::
c:\mgtools\getlogs.bat
c:\mgtools.exe
C:\WINDOWS\system32\drivers\ipsec.sys
C:\WINDOWS\system32\dllcache\ipsec.sys
Folder::
C:\WINDOWS\$NtUninstallKB33688$
  • Save the above as CFScript.txt and make sure you save it to the same location (should be on your desktop) as ComboFix.exe
  • At this point, you must exit all browsers now before continuing!
  • You should have both the ComboFix.exe and CFScript.txt icons on your desktop.
  • Now use your mouse to drag CFScript.txt on top of ComboFix.exe.
  • This shall launch ComboFix.
    Note: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
  • Allow ComboFix to update itself if prompted.
  • When it finishes, a log will be produced at C:\ComboFix.txt
    Note: If after running ComboFix you discover none of your programs will open up because you receive the following error: Illegal operation attempted on a registry key that has been marked for deletion then you will need to reboot your computer which will normally fix this problem.
  • Attach this log to your next message. (How to attach items to your post)

Please download SystemLook by jpshortstuff to your desktop.
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:
    :reg
    ipsec
    regfind:
    *ipsec*
    :filefind
    ipsec.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. (How to attach items to your post)
    Note: The log be found on your desktop entitled SystemLook.txt
__________________
Facebook . Twitter . Blog . VirusTotal
Sponsored links
  #11  
Old 10-25-11, 21:44
deeps deeps is offline
Private E-2
 
Join Date: Oct 2011
Posts: 24
Thanks: 3
Thanked 0 Times in 0 Posts
Default Re: rootkit.0access and other malware

Ran tweaking window repair unhindered even though a prompt box kept telling me 'execute processes remotely has encountered a problem and needs to close.'
...rebooted after program finished.

Dragged CF Script file into combofix and froze up on last command Output folder C:\32788R22FWJFW

Rebooted manually in safe mode w/ networking.
  #12  
Old 10-25-11, 21:56
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,179
Thanks: 270
Thanked 1,437 Times in 1,356 Posts
Default Re: rootkit.0access and other malware

Quote:
Originally Posted by deeps View Post
Dragged CF Script file into combofix and froze up on last command Output folder C:\32788R22FWJFW
What do you mean here?

Quote:
Ran tweaking window repair unhindered even though a prompt box kept telling me 'execute processes remotely has encountered a problem and needs to close.'
...rebooted after program finished.
I am not familiar with the error message you are saying you received. Can you take a screenshot?

Quote:
Rebooted manually in safe mode w/ networking.
Are you unable to boot into Normal Mode now?

You can try the same steps from Safe Mode with Networking if you need to.
__________________
Facebook . Twitter . Blog . VirusTotal
  #13  
Old 10-25-11, 22:09
deeps deeps is offline
Private E-2
 
Join Date: Oct 2011
Posts: 24
Thanks: 3
Thanked 0 Times in 0 Posts
Default Re: rootkit.0access and other malware

Quote:
Originally Posted by thisisu View Post
What do you mean here?

After i created the CFScript.txt file and dragged it into combo fix, running fine, then stalled at that last file name that i mentioned. Did not continue to run.

I am not familiar with the error message you are saying you received. Can you take a screenshot?

attached the screenshot.

Are you unable to boot into Normal Mode now?

You can try the same steps from Safe Mode with Networking if you need to.
I can still boot up in normal mode but opted to run it in safe mode w/ networking...tried running windows repair again in safe mode, but same prompt box kept appearing.
Attached Images
File Type: jpg untitled.jpg (91.0 KB, 4 views)
  #14  
Old 10-25-11, 22:19
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,179
Thanks: 270
Thanked 1,437 Times in 1,356 Posts
Default Re: rootkit.0access and other malware

Quote:
Originally Posted by deeps View Post
I can still boot up in normal mode but opted to run it in safe mode w/ networking...tried running windows repair again in safe mode, but same prompt box kept appearing.
Looks like a bug with the Windows Repair program.

Let's try the some of the same fixes another way.

Now download exeHelper by Raktor.
  • Double-click on exeHelper.com to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • A log file named exeHelperlog.txt will be created in the directory where you ran exeHelper.com
  • Attach the exeHelperlog.txt file to your next message. (How to attach items to your post)
    Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Please download Win32kDiag to the root of your C:\ drive. It must be saved here or the below will not work!
  • Now press and hold the Windows key on your keyboard, then press the letter r on your keyboard.
  • This opens the Run dialog box.
  • Then copy the below bold text and paste it into the Open: text-field and press ENTER.
    C:\win32kdiag.exe -f -r
  • When it's finished, there will be a log called Win32kDiag.txt on your desktop.
  • Attach this log to your next message. (How to attach items to your post)



Download Junction by Mark Russinovich to your desktop.
  • Extract junction.exe to your desktop.
  • Now press and hold the Windows key on your keyboard, then press the letter r on your keyboard.
  • This opens the Run dialog box.
  • Then copy the below bold text and paste it into the Open: text-field and press ENTER.
    cmd /c %userprofile%\desktop\junction -s c:\ >%userprofile%\desktop\junction.txt
  • When it's finished, there will be a log called junction.txt on your desktop.
  • Attach this log to your next message. (How to attach items to your post)

After junction, try the CFScript and SystemLook directions again.

Please download Microsoft Fix it 50199 to your desktop.
  • Double-click it to run.
  • Reboot when asked to.
__________________
Facebook . Twitter . Blog . VirusTotal
  #15  
Old 10-25-11, 22:24
deeps deeps is offline
Private E-2
 
Join Date: Oct 2011
Posts: 24
Thanks: 3
Thanked 0 Times in 0 Posts
Default Re: rootkit.0access and other malware

the exe.helper DL came up as a trojan threat and was quarantined by AVG
Sponsored links
  #16  
Old 10-25-11, 22:29
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,179
Thanks: 270
Thanked 1,437 Times in 1,356 Posts
Default Re: rootkit.0access and other malware

Did you install AVG or any other AntiVirus recently?
__________________
Facebook . Twitter . Blog . VirusTotal
  #17  
Old 10-25-11, 22:32
deeps deeps is offline
Private E-2
 
Join Date: Oct 2011
Posts: 24
Thanks: 3
Thanked 0 Times in 0 Posts
Default Re: rootkit.0access and other malware

Quote:
Originally Posted by thisisu View Post
Did you install AVG or any other AntiVirus recently?
No, i'm Dling all the files through a separate laptop and using thumb drive to my infected desktop.
  #18  
Old 10-25-11, 22:34
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,179
Thanks: 270
Thanked 1,437 Times in 1,356 Posts
Default Re: rootkit.0access and other malware

Quote:
Originally Posted by deeps View Post
No, i'm Dling all the files through a separate laptop and using thumb drive to my infected desktop.
Ok, proceed to the next steps.

Run the Microsoft FixIt tool from Normal Mode whenever you get to that step
__________________
Facebook . Twitter . Blog . VirusTotal
  #19  
Old 10-25-11, 22:36
deeps deeps is offline
Private E-2
 
Join Date: Oct 2011
Posts: 24
Thanks: 3
Thanked 0 Times in 0 Posts
Default Re: rootkit.0access and other malware

Quote:
Originally Posted by thisisu View Post
Ok, proceed to the next steps.

Run the Microsoft FixIt tool from Normal Mode whenever you get to that step
So just bypass the exehelper command?
  #20  
Old 10-25-11, 22:37
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,179
Thanks: 270
Thanked 1,437 Times in 1,356 Posts
Default Re: rootkit.0access and other malware

Quote:
Originally Posted by deeps View Post
So just bypass the exehelper command?
Yes.
__________________
Facebook . Twitter . Blog . VirusTotal
Sponsored links
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Rootkit or malware. chappychapman Malware Removal 9 11-18-10 11:25
malware and rootkit infection BigDatC Malware Removal 14 10-08-10 19:19
May have malware/rootkit but not sure itshothere Malware Removal 3 01-16-10 18:39
help ! rootkit, malware, spyware ? mattmatt Malware Removal 3 11-30-09 23:23
Is this malware/rootkit? Hum Malware Removal 1 01-08-09 12:45


All times are GMT -5. The time now is 02:14.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger