zero access root kit has got the best of me

Discussion in 'Malware Help (A Specialist Will Reply)' started by njtechguru, Jul 10, 2012.

  1. njtechguru

    njtechguru Private E-2

    recently i got a virus from downloading office 2010 off a torrent. my it guy at work told me to use combofix to clear it. he obviously didnt tell me how much of a complex program it was. i shouldve just went on this site first. at he current time i can boot to windows in safe mode as admin only because my mouse stops working with one click. also keyboard is disabled. what can i do from this point?
     
    njtechguru, Jul 10, 2012
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Did combofix make a log at all? :confused

    If NOT on XP run this

    http://img827.imageshack.us/img827/1263/frst.gif For 32-bit (x86) systems download Farbar Recovery Scan Tool and save it to a flash drive.
    For 64-bit (x64) systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    To enter System Recovery Options by using Windows installation disc:

    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please attach this log to your next reply. (How to attach)
     
    Kestrel13!, Jul 12, 2012
    #2
  3. njtechguru

    njtechguru Private E-2

    the combo fix did make a log if i remember correctly. i went to reboot my computer yesterday to run malwarebytes but it wouldnt let me boot up. i could only boot to safe mode(using a ps/2 keyboard and mouse). i am using a dv6000 windows xp media center laptop.
     
    njtechguru, Jul 12, 2012
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    I think you ought to post about it in the software forum and then when you are back up and running you can return here to begin virus removal.
     
    Kestrel13!, Jul 12, 2012
    #4
  5. njtechguru

    njtechguru Private E-2

    i am currently doing the kaspersky rescue disk from a usb at the moment. it booted up to linux fine and can boot to safe mode also. i may just do the D:Recovery if this doesnt work but im worried that it might also be infected. the scan said theres 2 hours left its at 6%. do you think this way is a good way to approach this?
     
    njtechguru, Jul 12, 2012
    #5
  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Did kaspersky find anything?
     
    Kestrel13!, Jul 12, 2012
    #6
  7. njtechguru

    njtechguru Private E-2

    yes it did find about 9 things. also it found the rootkit in my tdss quarantine. said clean and then delete. did that. shutdown the computer and then rebooted into safe mode with networking. ran malwarebytes and it foudn 35 items. cleared them out. lets me boot into administrator now but doesnt let me into my main user name. also when i got frustrated and went to just do the D: Recovery (i have an hp laptop) it wasnt letting me do the restore or recovery. im baffled.
     
    njtechguru, Jul 13, 2012
    #7
  8. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Look directly on C:\ there should be a combofix log. Let me know. Or search for it. Attach it if you find it.
     
    Kestrel13!, Jul 13, 2012
    #8
  9. njtechguru

    njtechguru Private E-2

    here is the attached log
     

    Attached Files:

    • log.txt
      File size:
      28.5 KB
      Views:
      3
    njtechguru, Jul 15, 2012
    #9
  10. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Kestrel13!, Jul 16, 2012
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds