MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Software
Register FAQ Members List Calendar Casino Mark Forums Read

Software Software such as operating systems like Windows XP, Windows Vista, Windows 7 etc., or specific programs.


Reply
 
Thread Tools Display Modes
  #1  
Old 11-17-11, 07:25
Tarifa_Pirate Tarifa_Pirate is offline
Private E-2
 
Join Date: Nov 2011
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default Xp damaged after removing rootkit.zeroaccess

Hi all, This is my first post and I am sure will not be my last lol

I have a friends XP SP3 pro desktop that got infected with the Rootkit.zeroaccess virus plus a few others.
I removed them using a kaspersky boot rescue cd and also ran malwarebytes and combofix.
My problems started after rebooting back into xp the explorer.exe errored and even trying to start using task manager run command gave the same error i tried for hours to find a way to fix this error but gave up and did a xp repair using a XP SP2 pro disk that he had.
the repair errored on access denied copying the following xp files during the repair install:
cmmgr32.exe
migwix.exe
muzapp.exe
xpsviewer.exe
when the repair finished xp booted to the desktop all icons were back but no taskbar (or off the bottom of the screen)
my problem now is I cannot install SP 3 because the cryptograghic service is not running also the RPC service is not running (could not start the RPC service access is denied error 5)
Opening services i can see that alot of services are not running infact only about 12 are running.

It is not possible to right click properties on the services (nothing happens).
I managed to get the pc back on the internet using winsockfix
I think also the nvidia drivers are now damaged or corrupted but cannot install or uninstall nearly anything because i get the error windows installer may be running in safe mode.
error your version of vbalsgrid6.ocx may be outdated now when trying to run malwarebytes.

basically its a big mess and i dont know where to go from here. I cannot do a fresh re-install as my friend has loads of programs that he has had for years that he cannot get again. and a lot of user settings for those programs.

any suggestions please.

I have at my disposal a UBCD4win and another xp pro sp3 desktop that im typing this on.

I was thinking of running a repair using my oem xp pro sp3 cd to see if it improves anything?
Reply With Quote
Sponsored links
  #2  
Old 11-17-11, 08:04
tgell tgell is offline
Major Geek Extraordinaire
 
Join Date: Oct 2010
Posts: 3,598
Thanks: 208
Thanked 938 Times in 883 Posts
Default Re: Xp damaged after removing rootkit.zeroaccess

With the UBCD disk try and get the Windows XP pro key if he does not have it. I believe it includes a keyfinder. Then instead of using the OEM disk, slipstream SP3 into your friends SP2 pro disk. But, since you did a repair install of SP2 over SP3, I am not sure what the result will be if you try another repair.

http://www.winsupersite.com/article/...ice-pack-3-sp3
Reply With Quote
  #3  
Old 11-17-11, 09:30
Tarifa_Pirate Tarifa_Pirate is offline
Private E-2
 
Join Date: Nov 2011
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Xp damaged after removing rootkit.zeroaccess

Ok did the XP repair using my SP3 pro oem cd but during the copying files part the following files could not be copied and I pressed Esc to bypass them. CD is not scratched and the dvd drive is ok.
so I assume there is another reason these particular files were not allowed to be copied onto the drive?

Can anybody see a pattern here as to why these files were not copied.

@25%
Cmnicfg.xml
dwil1033.dll
ipcfg.xml
kodak_dc.icm
osinfo.xml
potscfg.xml
pppcfg.xml
srgb.icm
is330.icm

@70%
cscript.mui
jscript.mui
mmc3or.dll
mmcexr.dll
mmcfxcr.dll
msscript.mui

@80%
ndisnpp.dll
nppagent.exe
scrobj.mui
scrun.mui
vbscript.mui
wscript.mui

wshext.mui
wshom.mui
archvapp.inf
cobramsg.dll
guitrn.dll
guitrna.dll
iconlib.dll
log.dll
migapp.inf
migism.inf
migism.dll
migload.exe
migsys.inf
miguser.inf
migwix.exe
migwiza.exe
migwiz.inf
migwiz.man
script.dll
scripta.dll
sysfiles.inf
sysmod.dll

surprised it loads with that lot missing lol
Reply With Quote
  #4  
Old 11-17-11, 10:55
Tarifa_Pirate Tarifa_Pirate is offline
Private E-2
 
Join Date: Nov 2011
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Xp damaged after removing rootkit.zeroaccess

upon reboot says could not load installer for cd, disk, wireless card, nvidia,
also a copy error
an error ocurred while copying file migregdb.ex_
lhmstsc.mui

now a whole load of files failed to copy during installing start menu items
Reply With Quote
  #5  
Old 11-21-11, 04:28
Tarifa_Pirate Tarifa_Pirate is offline
Private E-2
 
Join Date: Nov 2011
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Smile Re: Xp damaged after removing rootkit.zeroaccess

I ended up backing up everything using UBCD and then format and re-installing just for other people reference these virus's are a nightmare to remove and even if you do you can be sometimes left with a OS full of errors. I have recommended to my friends he pays 40euros and puts Eset smart security on his system like i use its much better than the free ones.

thanks everyone for help.
Reply With Quote
Sponsored links
  #6  
Old 11-21-11, 04:46
BILLMCC66's Avatar
BILLMCC66 BILLMCC66 is offline
Bionic Belgian
 
Join Date: Jan 2007
Location: BRUGGE BELGIUM
Posts: 5,410
Thanks: 351
Thanked 641 Times in 538 Posts
Default Re: Xp damaged after removing rootkit.zeroaccess

There is no need to pay 40$ for Eset all you need is one of the free Antivirus that most of us use.
I use Avast free on one PC and Microsoft security essentials on the other that combined with microsofts own firewall give me excellent protection but the need for safe surfing can not be stressed enough as this is the main cause of malware.

http://www.majorgeeks.com/Avast_Free_Edition_d1968.html

http://windows.microsoft.com/en-US/w...ity-essentials

This is worth a read.

http://forums.majorgeeks.com/showthread.php?t=44525
__________________
You canít teach a new mouse old clicks
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
HELP please - Rootkit.Zeroaccess argentia Malware Removal 15 10-02-11 00:19
ZeroAccess Rootkit Removal saige45 Malware Removal 10 09-29-11 10:34
Removing rootkit.zeroaccess blinkh2 Malware Removal 11 09-10-11 15:00
infected wit rootkit.zeroaccess. plz help joeygats Malware Removal 9 09-03-11 13:52


All times are GMT -5. The time now is 16:52.


MajorGeeks.Com Home Page
| Admin Tools | All In One | Anti-Spyware | Anti-Virus | Appearance | Backup | Benchmarking | BIOS | Browsers | Covert Ops |
Data Recovery | Diagnostics | Drive Cleaners | Drive Utilities | Drivers | Driver Tools Ergonomics | Firewalls | Games | Game Tweaks | Graphics | Input Devices | Internet Tools | Macintosh | Mail Utilities | Memory | Messaging | Monitoring | Microsoft | Multimedia | Networking | Office Tools | Process Management | Processor | Registry | Security | System Info | Toys | Video | Miscellaneous
|
Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger