0i763f66bz.exe . . . . Failed to delete

Viruses and worms
1

Hello there, Ive been struggling the whole day trying to fix this issue with my computer, and after using the Combofix and everything it wont get deleted.

0i763f66bz.exe . . . . Failed to delete

If anyone can help me out here…

2

follow this guide and attach (not copy and paste) logs from Malwarebytes / OTL / aswMBR
http://forum.avast.com/index.php?topic=53253.0

3

Combofix logs there…

4

OTL There… and thanks for helping me out~

5

here are the malware logs
and asw

thanks again for help.

6

I see you run TDSSKiller. Please attach here log.
In your system is active ZeroAccess powerful rootkit that in some cases may be difficult to remove.
During the rootkit removal it is unlikely but it may happen to lose your internet connection and than you may need to reinstall the operating system.

Delete old Combofix and download a fresh copy of Combofix.
Open notepad and copy/paste the text present inside the code box below:

ClearJavaCache::

Folder::
c:\windows\Installer\{c8737c00-e545-f33e-6065-5642b648d67c}

FileLook::
c:\windows\system32\services.exe

File::
c:\users\cuquito\0i763f66bz.exe
c:\windows\system32\DRIVERS\f33a07894d9ade51.sys

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"0i763f66bz"=-

Driver::
f33a07894d9ade51

Save this as CFScript.

http://img213.imageshack.us/img213/1218/cfscript1.gif

Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )

7

sorry prior to using combofix i deleted all tdsskiller files since i read that i should be doing too many scans and such.
just finished following the instructions. file is still there, posting my logs . Thanks for helping this thing is hard to delete.
If there is anything else i can do plz let me know.

8

o i forgot to mention that after the combofix log was done i got an error stating illegal registry attempt and had been targeted for deletion so i did what i read in other posts to restart my computer , then i sent the log.

9

It is malware. Because there was not successfully deleted, again exercised their settings.
We will now use a far more aggressive tool - AVZ.

Step 1

Download AVZ Antiviral Toolkit and save it to your Desktop from here:
http://devbuilds.kaspersky-labs.com/devbuilds/AVZ/avz4.zip

Extract the archive to a folder.

Run AVZ double-click on this icon:

http://blog.brothersoft.com/wp-content/uploads/2008/11/avz_antiviral_toolkit_logo.jpg

In the menu choose:
File > Custom Scripts

In the window that opens copy/paste everything inside the quotebox below


begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('c:\users\cuquito\0i763f66bz.exe');
TerminateProcessByName('c:\windows\system32\DRIVERS\f33a07894d9ade51.sys');
StopService('f33a07894d9ade51');
DeleteService('f33a07894d9ade51');
QuarantineFile('c:\users\cuquito\0i763f66bz.exe','');
QuarantineFile('c:\windows\system32\DRIVERS\f33a07894d9ade51.sys','');
DeleteFile('c:\users\cuquito\0i763f66bz.exe');
DeleteFile('c:\windows\system32\DRIVERS\f33a07894d9ade51.sys');
DeleteDirectory('c:\windows\Installer\{c8737c00-e545-f33e-6065-5642b648d67c}');
DeleteFileMask('%Tmp%' , '*.*' , true) ;
BC_ImportDeletedList;
BC_Activate;
ExecuteSysClean;
RebootWindows(true);
end.

Click on the Run and wait for the script execute.
The system will restart.

Step 2

Please download Malwarebytes’ AntiMalware.

Double click mbam-setup.exe to install the application.

[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select Perform Full Scan, then click Scan.
The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[*]When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.
[*]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy and paste the entire report in your next reply.

Step 3

Re-run Combofix and attach here fresh log.