ZeroAccess

My computer has ZeroAccess according to Malwarebytes Anti-malware.
I started noticing it when my Microsoft Security Essentials started to try to "update" itself, and my Flash Player tried to as well. (both failed)
Then, there was a weird sound in my computer, so I thought something was funny. The Microsoft Security icon disappeared, so I dug it out, and found that it was disabled. I couldn't enable it, as I got this error: 0x80070424

 

Hello davidchu,

http://img805.imageshack.us/img805/9659/rktigzy.gif Delete items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Once the scan is complete, go to the Registry tab and checkmark everything except the below items:

• [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0)
• [HJ] HKLM\[...]\System : EnableLUA (0)

Now press the Delete button.
RogueKiller typically requires a reboot in order to fully remove some of the offending entries, please do so if prompted
Upon reboot (if you did reboot), rescan and press Delete again with RogueKiller.
Attach the latest RogueKiller logs from your desktop to your next message. (How to attach)

 

Thanks!
I did as you asked, and RogueKiller didn't need me to reboot, so I skipped that part.
I unchecked 4 items in total, since there were 2 that were ConsentPromptBehaviorAdmin (0)
and 2 that were
EnableLUA (0)

 

http://img805.imageshack.us/img805/9659/rktigzy.gif Run one more Scan only with RogueKiller and attach that log here.


http://img17.imageshack.us/img17/3214/baticonvista7.gif After that, run C:\MGtools\GetLogs.bat by right-mouse clicking it and then selecting Run as Administrator
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)

 

Done~
btw
just so you know
MSE still can't open

 

http://img850.imageshack.us/img850/4746/programsandfeatureswin7.gif From Programs and Features (via Control Panel), please uninstall the below:

• 1ClickDownloader
• Java(TM) 7 Update 5

__

http://img97.imageshack.us/img97/8120/fss.gif Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure all the options are checked
• Press Scan.
• It will create a log (FSS.txt) in the same directory the tool was run.
• Please attach FSS.txt to your next message. (How to attach)

 

Did as asked....though there's a little problem
I couldn't find the 1ClickDownloader in program files
and I searched online, but most sites were red in WOT
and MSE was down
so I didn't do anything about it...

 

http://img406.imageshack.us/img406/3189/windowsrepair.gif Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.

• Now open Repair_Windows.exe
• Go to the Start Repairs tab.
• Press the Start button
• Create a System Restore point if prompted.
• In the Repair Options window, choose the following repairs:
  • Reset Registry Permissions
  • Repair Windows Firewall
• Place a checkmark in Restart/Shutdown System When Finished
• Fill in the Restart System bubble
• Now click the Start button.
• Be patient while the tool repairs the selected items. Your computer should automatically restart when finished.

__

• Download each of the 3 files below onto the desktop of the computer with the issues:
  • BITS.reg
  • WinDefend.reg
  • SharedAccess.reg
• Now double-click each of them, one at a time, and allow each one to merge into the Windows registry.
• Let me know if you received a successful message for all four files.
  • If all were successful, reboot your computer and rescan with Farbar Service Scanner. Attach its latest log.
  • If they weren't successful, let me know but rescan with Farbar Service Scanner too.

 

Everything worked (except MSE)
thanks for the trouble though
(and wow you're fast!)

 

A couple more registry merges, see below. Retry MSE afterwards.

• Download both of the files below onto the desktop of the computer with the issues:
  • wuauserv.reg
  • wscsvc.reg
• Now double-click each of them, one at a time, and allow each one to merge into the Windows registry.
• Let me know if you received a successful message for both files.
  • If all were successful, reboot your computer and rescan with Farbar Service Scanner. Attach its latest log.
  • If they weren't successful, let me know but rescan with Farbar Service Scanner too.

 

both worked, MSE still down

 

Download and install Revo Uninstaller

Open Revo Uninstaller and find and locate these items (if they appear):

• Microsoft Security Client
• Microsoft Security Essentials

Uninstall both of them (if they appeared) using the Moderate selection.

__

• Now run the attached services.bat file (it's inside services.zip). Extract services.bat onto your desktop and then Right-mouse click it and select "Run as Administrator".
• When it is complete, there will be a file on your desktop entitled "ATTACH.txt".
• Please attach this to your next post.

__

Now redownload and install MSE from here.

 

MSE didn't appear within Revo Uninstaller, so I uninstalled it using Program and Features.
I ran the .bat file, and reinstalled MSE.
MSE updated itself, and it is currently scanning.
It says that the computer is protected though.

EDIT: MSE is done scanning, and it is looking good.

 

That's good

If you are not having any other malware related problems, it is time to do our final steps:

• Any programs we had you download and/or install can be removed at this time.
• If we had you download and run ComboFix, here is how to uninstall it:
  • Press and hold the Windows key http://i1106.photobucket.com/albums/h363/debojyotidas/Windows_Logo_key.gif and then press the letter R on your keyboard.
  • This opens the Run dialog box.
  • Copy and paste the below text inside the text-field:
    • "%userprofile%\desktop\ComboFix" /uninstall
  • Now press ENTER
  • ComboFix will extract its files one last time and you should receive a notification that ComboFix has been uninstalled shortly after.
• You can re-enable your Disk Emulation software at this time via DeFogger.
• If we had you create or download a registry patch or "fix" script, these can be deleted at this time.
• Go into the C:\MGtools folder and run the MGclean.bat file to remove additional traces of our tools.
• Now we will toggle System Restore to remove any infected system restore points.
  • Read this: How to Disable And Enable System Restore
• Lastly, here is a guide to protect you from future infections: How to Protect yourself from malware!
• Be safe

 

Thanks for your help!!!

 

You're welcome