ZeroAccess

Welcome to Major Geeks!

What exactly do you have installed from Comodo? Is it the full security suite with antivirus, antispyware and firewall? Or is it just the firewall?

Rerun RogueKiller and run a scan. After it finishes the scan, select the Registry tab and then select the Files tab and if the below exist, click the Delete button[/B]

Then immediately reboot your PC.

After reboot, run a new scan with RogueKiller and save a log as in original instructions and attach the new log.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).
Then attach the below logs:

• the new RogueKiller log
• C:\MGlogs.zip

 

Try shutting down all of Comodo, especially the firewall and then see if MSE will update. If not then continue with the below.


Be patient while doing the below. The fixes can take quite awhile to run. Especially the permissions repairs. It may be best to kick it off and goto bed or do something else. It is better not to run anything while the repairs are going on.

Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.

• Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)
• Now select the Start Repairs tab.
• The click the Start button.
• Create a System Restore point if prompted.
• On the next screen, click the Unselect All button to first deselect all repairs.
• Now select the following repair options:
  • Reset Registry Permissions
  • Reset File Permissions
  • Register System Files
  • Repair WMI
  • Remove Policies Set By Infections
  • Repair Winsock & DNS Cache
  • Repair Proxy Settings
  • Repair Windows Updates
  • Set Windows Services To Default Startup
• Now on the lower right side check the box to Restart/Shutdown System When Finished
• Then make sure the Restart System radio button is enabled.
• Shutdown any other programs that you are running now before continuing.
• Now click the Start button.
• Be patient while the tool repairs the selected items.
• It should reboot automatically when finished.

Now copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.



Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Old info! Just remove all of them.


Are you still having redirection issues? If yes, answer the below:

1. With which browser? Is it occurring on multipe browsers ( test it )? Only have one open at anytime!
2. When exactly do they occur and where are you redirected too?
3. Does it happen in safe boot mode too?

 

Okay then it seems that your problem is not malware but Firefox which is quite common. And one of the easy ways to clear this up is to remove Firefox, remove folders from it, and reinstall. Since you have an old Firefox, we will also install a more current version.



We are going to be uninstalling your old version of FireFox and installing the new version. So do the below to save bookmarks:

• Run FireFox and click Bookmarks.
• Then select Organize Bootmarks.
• Then on the next window click File and then select Export. Save the bookmarks.html file to your Desktop for later use in importing.

Now download and save the installer for the current version of FireFox but DO NOT install it yet. Get it here: Mozilla Firefox 14.0.1 Final


You will need exit FireFox now and use Internet Explorer to continue with the below until we reinstall FireFox.

Start by uninstalling FireFox and then reboot. Do not skip the reboot.

After reboot, delete the below folders:
C:\Program Files\Mozilla Firefox
C:\Documents and Settings\johnjr.MDFRWS03\Local Settings\Application Data\Mozilla

Now reinstall FireFox from the file previously downloaded.
Import your bookmarks file. (similar process to exporting).

Does this fix your problems?

 

Uninstall Firefox and then delete those folders again. Do not reinstall Firefox yet until requested. Then (only after you have uninstalled Firefox and delete the folders ) run the below sets of scans and attach new logs.


Please download OTL by OldTimer.

• Save it to your desktop.
• Right mouse click on the OTL icon on your desktop and select Run as Administrator
• Check the "Scan All Users" checkbox.
• Check the "Standard Output".
• Change the setting of "Drivers" and "Services" to "All"
• Copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.
  
  Code:

  activex
  netsvcs
  

• Now click the http://img171.imageshack.us/img171/2405/runscanotl.png button.
• One report will be created:
  • OTL.txt <-- Will be opened
• Attach OTL.txt to your next message. (How to attach)

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

• OTL.txt
• C:\MGlogs.zip

 

Now shut down your protection software (antivirus, antispyware...etc) to avoid possible conflicts.

• Double-click OTL.exe to run. (Vista/7 right-click and select Run as Administrator)
• Copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.

Code:

:OTL
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - File not found [Disabled | Stopped] --  -- (Ccdroxy)
[2012/08/28 22:00:56 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Firefox.lnk
[2004/08/04 05:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{4146b9ba-c22d-f2da-e831-7727c92df06d}\@
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA5F15C4
:Files
C:\WINDOWS\installer\{4146b9ba-c22d-f2da-e831-7727c92df06d}\U
C:\WINDOWS\installer\{4146b9ba-c22d-f2da-e831-7727c92df06d}
C:\Documents and Settings\All Users\Application Data\036E18DF03CB5D4318636B167B07D287
:Commands
[PURITY]
[EMPTYTEMP] 
[EMPTYFLASH]
[REBOOT]

• Now click the http://img3.imageshack.us/img3/407/otlrunfix.png button.
• If the fix needed a reboot please do it.
• Click the OK button (upon reboot).
• When OTL is finished, Notepad will open. Close Notepad.
• A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
• Attach this log to your next message. (See: How to attach)

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista or Win7, make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

Now attach the below log:

• the log from OTL
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

IF you are not being redirected with Internet Explorer then yes, reinstall Firefox now and test it out.

 

You're welcome.


If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. You can uninstall RogueKiller and HitManPro.
3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

You're welome. Surf safely!