ZeroAccess webpage redirect and more

Discussion in 'Malware Help (A Specialist Will Reply)' started by Anjelier, Jul 25, 2012.

  1. Anjelier

    Anjelier Private E-2

    Hello!

    I am having several problems that I first noticed when McAfee firewall was auto turning off after I tried to turn it back on. This started about 24 hours ago. Then I noticed Zeroaccess, Artemis! and some other files constantly being found by McAfee and quarantined every few seconds.

    I went online to find answers but any website associated with mcafee got redirected to random sites. Later, things like facebook and twitter were shown to have insecure signatures and I was not allowed to access. Now, while going through this site for instructions, every once in a while a facebook tab will open but it will redirect to some direct finance page.

    Before coming to this site I downloaded and ran Malware Bytes and some other things a friend of mine suggested. That didn't work. I stumbled upon this site (Thank god) and followed all the directions for the webpage redirect but I am still having the same issues.

    Finally, I completed the Malware Removal instructions. I didn't remove/"fix" anything due to multiple warnings and took all logs. Malware Bytes did find something and did an instant reboot so I hope that doesn't interfere.


    *note: I uninstalled McAfee and am currently using Malware Bytes as my only program.

    Here are my logs, I greatly appreciate your time.
     

    Attached Files:

    Anjelier, Jul 25, 2012
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!


    Rescan with HitmanPro
    • When it finds services.exe - Virus, allow it to Replace by clicking the down arrow next to the detection and choosing Replace.
    • Leave any other detections alone (Ignore them).
    • Afterwards, click the Next button.
    • HitmanPro may want to reboot the PC in order for the changes to take affect, please do so.
    • After reboot and when you are back in Windows, run another scan with HitmanPro and then attach the latest hitmanpro.zip log. (See[COLOR=blue[/URL]] How to attach files[/COLOR][/URL])
    See if you can get RogueKiller to run. If you can then run a scan and after it finishes, select the Registry tab and then select any of the below that exist and then click the Delete button.
    Then select the Files tab and if the below exist, click the Delete button again.

    Then immediately reboot your PC.

    After reboot, run a new scan with RogueKiller and save a log as in original instructions and attach the new log.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • the new Hitman log
    • the new RogueKiller log
    • C:\MGlogs.zip
     
    chaslang, Jul 26, 2012
    #2
  3. Anjelier

    Anjelier Private E-2

    Thank you for the reply!

    After following instructions I tested websites that constantly got redirected/blocked and they all seem to be fine now.

    One things I noticed is on my desktop there are 2 translucent desktop.ini one icon looks normal, the other one has a padlock. I'm not sure what that means.

    Finally, I was wondering if you would recommend re installing mcafee and turning the user account controls back on once everything is in order.


    here are the updated logs
     

    Attached Files:

    Anjelier, Jul 26, 2012
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Normal! You just never saw them before when system files were hidden. After we complete final instructions ( which will be after we finish malware removal ), they should be hidden again.

    McAfee never actually fully uninstalled as can be seen in your logs. However if you are going to reuse McAfee you should uninstall Browser Defender 2.0.6.15

    Also uninstall the below now:
    Ask Toolbar
    Java(TM) 6 Update 29

    Also delete below two folders. Let me know if you do this successfully:
    C:\Windows\installer\{c3bdd4bb-319b-bbf1-ac0e-ef7d5fd99dca}
    C:\Users\Rocco\AppData\Local\{c3bdd4bb-319b-bbf1-ac0e-ef7d5fd99dca}

    You have a ton of stuff disabled via MSConfig. You shoud not be using MSconfig to control startups and services. Put your PC into normal Startup mode.
     
    chaslang, Jul 26, 2012
    #4
  5. Anjelier

    Anjelier Private E-2

    Alrighty~

    I was successfully able to delete both folders as well as uninstall Ask Toolbar,
    Java(TM) 6 Update 29, as we as change the msconfig to normal start up.

    I didn't even realize I had Browser Defender 2.0.6.15 and just uninstalled that to prep for re installing mcafee.

    One curiosity that started happening after I removed Zeroaccess files from previous instruction was that the router I was using seems to have been effected by something that is slowing down the internet speed.

    The router is a linksys EA3500 and the whole time I have trouble I was using powershell to ping it and got consistent <1 ms ping for 20 pings straight.

    Usually with any type of speed test I would get 18-20mb/s download with it but when I do the tests now it is insanely spotty. It will jump from 1mb/s to 18 and stutter around and the result will have an average of 2mb/s or less usually.

    There is a separate router everyone else in my house uses and when I connect to that one I get a smooth 14mb/s down 2mb/s up.

    I have had the EA3500 for about 2 months now and it has been running smoothly without any drops or anything and since the ping between my computer and the router itself is fine I am starting to get worried that my router might be infected with something.

    I did factory reset it prior to posting here in accordance with the troubleshooting threat for redirects and such. But I do remember it working fine while I was waiting for the first reply.
     
    Anjelier, Jul 27, 2012
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You have to separate internet connections coming into the house? That is you pay for two connections from your ISP.

    If you cannot other PCs to this router, do they also appear to have slower connections when connected to this router?

    Also if you connect your PC to the other router, how is your performance?
     
    chaslang, Jul 29, 2012
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds