Need help w/ Malware removal

Welcome to Major Geeks!

Sounds similar to problems cause by ZeroAccess infections which is the current major cause of problems these days. One of the common signs of this infection is seeing a process running that is made up of two longs sets of numbers with a colon in between them. For example a process similar to below will be seen in Task Manager:

4187824115:216031750.exe


If you try to kill it, it will just restart in a few seconds. This is just one piece of the infection. Please see if you can do the below:

• Goto the below link and follow the instructions for running TDSSKiller from Kaspersky
  • TDSSkiller - How to run
• Be sure to attach your log from TDSSKiller

Now please also download MBRCheck to your desktop.


See the download links under this icon http://forums.majorgeeks.com/chaslang/images/MGDownloadLoc.gif

• Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
• It will show a Black screen with some information that will contain either the below line if no problem is found:
  • Done! Press ENTER to exit...
• Or you will see more information like below if a problem is found:
  • Found non-standard or infected MBR.
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
• Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
• MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
• Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )

Now please we will try using two tools designed especially for this kind of infection.

• Download AntiZeroAccess to Desktop
  
• Also download and save this >> ESETSirefefRemover to your Desktop
• Now double click on AntiZeroAccess to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Type y and press enter to run the scan
  • Please attach the AntiZeroAccess_Log.txt log to your next message. This file is saved in the same location as AntiZeroAccess program.
• Now run the Win32/Sirefef tool while in Normal Mode and follow the prompts as directed

Now download and run MGtools ( from the READ & RUN ME ) and run it as per the below instructions and attach the MGlogs.zip file that is requested.

Using MGtools

 

I was right. You have a ZeroAccess infection. Let's see if we can get lucky and get ComboFix to run which can be quite helpful in removing this infection.

Please download combofix.exe and save it to your Desktop. Then disable all protection software.

Then double click on combofix.exe and see if it will run.


If ComboFix runs, then finish the below. If it does not run in normal boot mode try safe boot mode.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!