ZeroAcess and GAC_32\Desktop.ini and GAC_64 Problems

Discussion in 'Malware Help (A Specialist Will Reply)' started by warock, Jul 30, 2012.

  1. warock

    warock Private E-2

    I came back from work on Sunday night (yesturday) and I noticed AVG telling me it found a trojan named GAC_32 and _64 along with System32\services.exe being infected. I ran MAlwarebytes and AVG both around 2AM and eliminated infected files. Then rebooted. I checked my Firewall after reboot and it was off and I got an Error when trying to turn it on, Error code 0x80070424, and my Chrome browser kept on opening random tabs. I turned off my computer and tried again this morning. First I followed the Fixing google redirection/hijacking and other redirection problems post, then I proceeded to Read & RUN ME FIRST post. I have all the logs. My computer is a Windows 7 x64 bit 4GB of Ram and runs an Intel Core i5 2.5 GHz if that helps in anyway. Sorry I'm completely new to malware removal and I wish to learn thanks for your time! BTW I also have problems with Chrome (Using Firefox at this moment) Chrome says "The site's security certificate is signed using a weak signature algorithm!
    You attempted to reach www.google.com, but the server presented a certificate signed using a weak signature algorithm. This means that the security credentials the server presented could have been forged, and the server may not be the server you expected (you may be communicating with an attacker).
    You cannot proceed because the website operator has requested heightened security for this domain."
     

    Attached Files:

    warock, Jul 30, 2012
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    http://img827.imageshack.us/img827/1263/frst.gif For 32-bit (x86) systems download Farbar Recovery Scan Tool and save it to a flash drive.
    For 64-bit (x64) systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    To enter System Recovery Options by using Windows installation disc:

    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please attach this log to your next reply. (How to attach)
     
    Kestrel13!, Jul 30, 2012
    #2
  3. warock

    warock Private E-2

    I'm having issues finding a Flash drive any other way I can download this program without the use of a Flash Drive?
     
    warock, Jul 30, 2012
    #3
  4. warock

    warock Private E-2

    Ok well I found a Flash drive after all and I saved the Frst64 into my flash drive but when I had to locate it in the notepad step I wasn't able to find it. I rebooted and saved the FRST into my C disk and went into repair my computer once again and I located it and ran it from CMD using C:\Frst64 and pressed enter so I don't know if this will cause any problems later on. HEre is the log.
     

    Attached Files:

    warock, Jul 30, 2012
    #4
  5. warock

    warock Private E-2

    Never mind I was able to fix the issue with KillZA and D7 tool. Also used Complete Internet Repair program to restore firewall. Then ran scans and nothing there so yeah, thanks anyways.
     
    warock, Jul 30, 2012
    #5
  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    And what of the infected services.exe that you have? :) Sorted that out too?
     
    Kestrel13!, Jul 31, 2012
    #6
  7. warock

    warock Private E-2

    Yup kills a tool is really good it replaced the infected services file and my computer is running as good as new, ran TDSS killer and hitman and both came up clean
     
    warock, Jul 31, 2012
    #7
  8. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    OK, so you don't need any more help? Thread done and dusted? :)
     
    Kestrel13!, Jul 31, 2012
    #8
  9. warock

    warock Private E-2

    Yup Thread is done thanks again.
     
    warock, Aug 2, 2012
    #9
  10. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    No problem, I am glad you are running smoothly again. ;)
     
    Kestrel13!, Aug 2, 2012
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds