Another ZeroAccess Infection

Hi, sorry to bother everyone with yet another ZeroAccess/Sirefef infection, but nothing I've been able to try on my own has worked and I know when to call in the pros. The first thing I noticed about three weeks ago, give or take, was my AVG saying the services.exe in the System32 folder was a trojan and/or virus. About a week ago, it progressed to the desktop.ini file also being labelled a trojan/virus, and a few days ago, the browser redirections began. Now, I can't even access websites like Google and Facebook, though I can still get to sites like here that were restored from a previous Firefox session. I'm including the four logs required and as the other threads I found required a log from FRST, I'm adding that one as well. Anything else you need, don't hesitate to ask, and thank you so much to all the volunteers who are so generous with both time and effort to help those of us not as advanced with computers.

 

Welcome to MajorGeeks, Arianwen

I need the c:\MGlogs.zip (from running MGtools.exe).

Please attach

 

Sorry, I could have sworn I attached that one, too. Here you go, and thanks for the speedy reply!

 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Attached is fixlist.txt

• Save fixlist.txt to your flash drive.
• You should now have both fixlist.txt and FRST.exe on your flash drive.

Now re-enter System Recovery Options.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (How to attach)

Now reboot and let me know what problems remain

 

HitmanPro ran an auto-scan and nothing came up, nor did AVG turn up anything for the first time in weeks! I think you fixed it for me, so I can't thank you enough for that.

 

Update: AVG just picked up FRST as a trojan, but I'm guessing that's the false positive they warn about?

 

FRST is unlikely to be detected as malicious. It was probably something we already quarantined in the C:\FRST\Quarantine folder.
You can delete the entire C:\FRST folder at this time.

You can attach the log from AVG if you want me to review it.

 

It looks like deleting the folder took care of it, but just in case, which AVG log file would you need to check? There are over 250 of them in my folder and I don't know which is the one I'd need. Is there anything else I need to do as far as getting rid of traces, repairing any leftover damage, etc? Thanks yet again for all your help, I really appreciate it!

 

They are typically timestamped. You may just try attaching the latest one created.

 

The Windows Firewall was damaged and isn't running. Try this:

http://img406.imageshack.us/img406/3189/windowsrepair.gif Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.

• Now open Repair_Windows.exe
• Go to the Start Repairs tab.
• Press the Start button
• Create a System Restore point if prompted.
• In the Repair Options window, choose the following repairs:
  • Reset Registry Permissions
  • Repair Windows Firewall
• Place a checkmark in Restart/Shutdown System When Finished
• Fill in the Restart System bubble
• Now click the Start button.
• Be patient while the tool repairs the selected items. Your computer should automatically restart when finished.

__

http://img97.imageshack.us/img97/8120/fss.gif Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure all the options are checked
• Press Scan.
• It will create a log (FSS.txt) in the same directory the tool was run.
• Please attach FSS.txt to your next message. (How to attach)