Rootkit.ZeroAcess Infection- No internet/DVD drive

OS- Windows XP Professional SP3


This has been haunting me for about 3 days. Posted on 3 different websites, no help at all.


*Application ran to detect rootkit- UnHackMe + Combofix. After running Combofix, I received ""Rootkit.ZeroAcess! is in tcp/ip stack". I am sorry, the log for Combofix was not saved, or I am unsure where it was sent to by default. Yes, I am aware I should not have run it. But I do not nothing was deleted, or nothing was asked to be deleted.


This all started 3 days ago. I noticed in the taskbar that "XP Antispyware 2012" was running. Immediately I knew it was an infection, so I attempted to run a scan using Avast, which of course did not detect. I then attempted to try out Firefox, to no avail. So I proceeded to search Google using my laptop, and found this website.


I also tried "ipconfig", and it showed the following" Ethernet adapter Hamachi:
Connection-specific DNS suffix . :
IP Address...................... : 0.0.0.0
Subnet Mask..................... : 0.0.0.0
Deafult Gateway................. :





I do recall before this issue, that the above was not Hamachi, it was "Local Area Connection".

Also tried: ipconfig /renew and got the following:

An error occurred while renewing interface Local Area Connection : The RPC server is unavailable.




Looking at the services, I do see the Remote Procedure Call is in fact started.

I am also unable to start DHCP. After attempting to, I get the following:


Could not start the DHCP Client service on Local Computer.
Error 1075:The dependency service does not exist or has been marked for deletion.

I hope I have listed all that needs to be listed, as per the rules of the forums. Thank you for reading.


Also, I was going to attempt to upgrade Windows, possibly saving a lot of trouble. But I when I go to install, it tells me theres no room on C: , which has just 99.9 mbs. I use J: as my main drive, it has Windows installed. Someone had actually told me to scrap the HDD. I couldnt believe it. I mean, it would be no big deal if I wasnt broke. I need to use this because its the only PC I have, I am using a laptop now.

 

im sorry i dont mean to bump this to be a jerk. its just that i use the pc thats messed up, to make a living and its been like this for 3 days. this whole time ive been looking for help and , on other sites, i get a reply and they ask me to do certain things and then never reply again. its just stressing me out . again im sorry for bumping this. i am trying, not just relying on others. just dont want to make it any worse.

 

Hi and welcome to Major Geeks, haiden!

I'm sorry to hear this, but we do not do this here. As long as you do your part, we will do ours

Can you retry attaching the requested log files from the READ & RUN ME FIRST Malware Removal Guide?

When you do that we can get started

 

hi thanks for the reply. I was told by another to use combofix, this person being a volunteer, qualified I guess. after I did it my pc hung on 49th stage for many hrs, then when I got back it rebooted and said was missing bootmgr? I use xp not win7, weird? guess it meant ntldr... think that's the name. anyway, my pc no longer boots. just ran PeToUSB and am going to try and get back on. I'm hoping to perhaps get to the "upgrade" option. or maybe repair option.

 

Ok, thanks for the heads up. Yes, ntldr is for windows xp. bootmgr is vista/7
ComboFix is usually pretty safe to run but I wouldn't recommend running it without some supervision as you need to be able to backtrack if things go wrong.

 

I only did it because I was told to. I'd definitely not otherwise. Also, been looking around not much that touches on something that could help me here. So I've got no working DVD drive due to the rootkit, it wrecked a lot. So Im trying to put together a USB install. I've got it ready to boot, in bios, etc... now problem is I get errors about corrupt or missing files. I replace, then another pops up. Think perhaps I should just replace the /I386 folder on the USB or ? When I boot it gies on saying it's inspecting hardware, so I know I'm close. Never done this before, but I'm getting the hang of it. If I must I'll post this in another section. Don't know where to. I'm thinking my Reaerved Disc was compromised on my original OS. Hoping to do an upgrade and keep all files, etc.

 

You aren't even allowed to boot from your regular CD/DVD drive?

 

no not at all. im trying this again today. right now its tells me INF file txtsetup.inf is corrupt. ugh. 4 times with 3 different usbs and i cant get a single one to work. ive also used 3 different sources for my copies of windows. 2 of which i made from brand new pcs.

 

am i supposed to wait for someone to approve every single post made? i thought last evening it allowed me to post straight away.


edit*
what the? i just posted a response and it said it needed approval, but then it allowed me to post this? anyway...

no, i cannot even use my dvd drive anymore. not sure why. ive tried installing/upgrading 4 times already with 4 different sources for the windows files. oh, and 3 different , brand new usbs. when preparing the usbs, i do not even touch the laptop im using, so there's no stalling, possible errors. but i get errors anyway. even a single file. it gets to "inspecting hardware", then i get the error.

 

Hi,

I think your concerns would be better addressed in the Software forum.

And the reason why your posts get moderated is because you are using file names like "txtsetup.inf" which was probably flagged by whichever spam detection software we use.

 

Hmm , thats weird. Words being flagged? Strong words I guess, haha. No, I understand. I am glad I wasnt able to get a direction solution, not that people havent helped. Was forced to not be so lazy lol. Im learning quite a bit, its awesome. Beats the heck out of drugs I managed to install Windows XP so I am all set. Now I am going to tun MobaliveCD, and test out "Windows 8 Developer Preview", which I got from Micro$oft. Then if its any good, I'll dual-boot. God, learning is incredible. Thanks to anyone who offered help!

edit* ugh, still says I need approval. Im watching what I say, whats with this? I created the thread, and I am a member, so why am I being basically censored???

 

Oh, dont get me wrong. I wasnt questioning the ways of the board, per-say. It was an actual, serious question. I wasnt sure if I messed up whilst posting, and did not wish to double post.


side note:


Btw, I am using Win 8 (via VMware, iso is from MS), the developers version. Its like Im using a tablet, its rubbishy.

 

Cool!