HELP - Infected with possible Zero Access and several other unknowns...

Fhoosa · Dec 29, 2013

Several days ago, Malwarebytes discovered a PUP, Open Candy, if I recall correctly. Although it was quarantined and removed, I know that there is something else infecting my computer. And then in the last day or two I've noticed my computer getting pop-up windows stating that some of my programs/applications are in need of updating. (Don't worry, I didn't fall for that.) And today, not all day, my Windows Explorer has stopped working.

And then there's this. A couple of days ago, I was trying to install some codecs for my Windows Media Player. During the install, I was asked if I wanted several apps that were being offered. I declined and made sure the box was unchecked. Well, that didn't work. I got a couple of apps that were no problem to uninstall (The Weather Bug, for instance). BUT, there was one that got installed and won't come out. It's called We-Care. I've tried uninstalling every which way but it won't budge. I did some research and found out that it's a virus. Great, just what I needed.

And on more thing. I've noticed a new folder on my desktop. I can't get any info off of it and when I try to delete it, it says "Are you sure you want to delete these icons from your desktop?" It also says "To restore it later, go to Control Panel".

I think that should do it. I've attached the reports, like you requested.

Thank you for your help.

Fhoosa

Kestrel13! · Dec 29, 2013

C:\Users\Debbie\AppData\Roaming\die.bat <<< Delete this unless you know what it is.

http://img805.imageshack.us/img805/9659/rktigzy.gif Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the file/folder tab and locate this 1 detection:

[ZeroAccess][Folder] Install : C:\Program Files (x86)\Google\Desktop\Install [-] --> FOUND

Place a checkmark next to this item, leave the others unchecked.
Now press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Reboot the machine.

Re run Hitman Pro and have it delete the Potential Unwanted Programs.

Re run RogueKiller again, and attach the log.

Explain how things are running.

Fhoosa · Dec 29, 2013

I ran the programs you requested and the files are attached.

The pop-ups have gone away but I still have that folder on my desktop I was telling you about in my first e-mail. And I noticed that I still show "CWA Reminder by We-Care.com, v4.1.24.3", Publisher: "We-Care.com" in my Add/Remove Programs. I still can't get rid of it.

Fhoosa

Kestrel13! · Dec 30, 2013

What folder are you referring to on your desktop?

CWA Reminder by We-Care.com v4.1.24.3 <<< You can uninstall this using Revo Uninstaller.

Hitman still shows two PUP's (Rocket fuel and Claro items) Have it delete them.

Fhoosa · Dec 30, 2013

Hi...

I had HitmanPro delete the two remaining items and REVO Uninstaller took care of the We-Care problem.

The desktop item I'm referring to is a file folder icon that seems to have nothing in it. I can't pull up any properties on it. When I right click, I have the options of CUT, CREATE SHORTCUT or DELETE. When I click on delete it says, "Are you sure you want to delete these icons from your desktop"? And then it says. "To restore it later, go to Control Panel".

Kestrel13! · Dec 30, 2013

Yes, can you tell me the actual name of the file or folder in question pleease?

Fhoosa · Dec 30, 2013

Apparently there was nothing to worry about. I clicked DELETE and it was removed from the desktop without any problems occurring.

So. I guess that does it. All seems fine now.

Kestrel13! · Dec 31, 2013

Excellent.

If you are not having any other malware problems, it is time to do our final steps:

We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.

Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.

Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.

If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

Fhoosa · Dec 31, 2013

Well, I did all you asked so I guess it's time to bide you fond farewell.

Thank you ever so much for your help. You guys are ALWAYS appreciated...!!!
And have a very, very HAPPY NEW YEAR...!!!

Fhoosa
(Signing out of 2013 and stepping into a brand year...)

Kestrel13! · Jan 1, 2014

Happy New Year Fhoosa!

Log in or Sign up

HELP - Infected with possible Zero Access and several other unknowns...

Fhoosa Private E-2

Attached Files:

RKreport[0]_S_12282013_221706.txt

HitmanPro_20131228_2234.log

mbam-log-2013-12-28 (06-10-08).txt

MGlogsR.zip

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Fhoosa Private E-2

Attached Files:

RKreport[0]_D_12292013_101950.txt

RKreport[0]_S_12292013_101831.txt

RKreport[0]_S_12292013_120441.txt

HitmanPro_20131229_1156.log

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Fhoosa Private E-2

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Fhoosa Private E-2

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Fhoosa Private E-2

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member