Error: Access is denied (5)

system · October 26, 2013, 9:05pm

Hello.

I’m having this issue and I don’t know what to do.

I just downloaded Avast! Internet Security 2014. I ran a full system scan. I got virus clean but infected by rootkist. I tried to delete them and it said it would in the next boot. I did the restart and checked the history scan result to see if it have worked and it’ll still said it would delete the files in the next boot. I choose then “Delete” and it said “Access is denied (5)” then tried Move To Chest and it said “The request is not supported (50)”

I don’t know what to do. Am I clean or not?

I run 64 bit system. Windows 7.

Secondmineboy · October 26, 2013, 9:09pm

These files are in the Avast Sandbox.

Try to empty out the Sandbox, in the Sandbox settings.

system · October 26, 2013, 9:19pm

There’s nothing in the sandbox

Eddy · October 26, 2013, 9:21pm

Please follow these instructions: http://forum.avast.com/index.php?topic=53253.0

system · October 26, 2013, 10:17pm

Almost done. Posting scan logs in 5

system · October 26, 2013, 10:56pm

Adw cleaner log
Malwarebytes scan log
OTL
aswMBR

system · October 27, 2013, 12:38am

Adwcleaner

AdwCleaner v3.010 - Report created 26/10/2013 at 17:31:19

Updated 20/10/2013 by Xplode

Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

Username : kiddshaw - kiddshaw

Running from : C:\Users\kiddshaw\Downloads\adwcleaner.exe

Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\user.js
File Found : C:\windows\System32\roboot64.exe
Folder Found C:\Program Files (x86)\MyPC Backup
Folder Found C:\Program Files (x86)\MyPC Backup
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\Users\kiddshaw\AppData\Roaming\DriverCure
Folder Found C:\Users\kiddshaw\AppData\Roaming\Systweak

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\ParetoLogic
Key Found : [x64] HKCU\Software\BabSolution
Key Found : [x64] HKCU\Software\ParetoLogic
Key Found : HKLM\SOFTWARE\Classes\CLSID{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DealsPluginROW_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DealsPluginROW_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_atube-catcher_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_atube-catcher_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_messenger-plus_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_messenger-plus_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_windows-live-messenger-2009_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_windows-live-messenger-2009_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_youtube-downloader-hd_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_youtube-downloader-hd_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Found : HKLM\Software\ParetoLogic
Key Found : HKLM\Software\systweak
Key Found : [x64] HKLM\SOFTWARE\IB Updater
Value Found : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]

***** [ Browsers ] *****

-\ Internet Explorer v10.0.9200.16720

-\ Google Chrome v30.0.1599.101

[ File : C:\Users\kiddshaw\AppData\Local\Google\Chrome\User Data\Default\preferences ]

AdwCleaner[R0].txt - [3111 octets] - [26/10/2013 17:31:19]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3171 octets] ##########

system · October 27, 2013, 12:38am

Malwarebytes

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Versión de la Base de Datos: v2013.10.26.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
kiddshaw :: KIDDSHAW [administrador]

10/26/2013 5:47:01 PM
mbam-log-2013-10-26 (17-47-01).txt

Procesos en Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Módulos de Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Claves del Registro Detectados: 2
HKCR\CLSID{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) → En cuarentena y eliminado con éxito.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) → En cuarentena y eliminado con éxito.

Valores del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Carpetas Detectadas: 0
(No se han detectado elementos maliciosos)

Archivos Detectados: 1
C:\Users\kiddshaw\Local Settings\Temporary Internet Files\Content.IE5\34LM103D\Setup[1].exe (PUP.Optional.LuckyLeap.A) → En cuarentena y eliminado con éxito.

fin)

system · October 27, 2013, 12:42am

OTL scan log exceeds the maximun lenght
aswMBR

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-10-26 18:14:17

18:14:17.727 OS Version: Windows x64 6.1.7601 Service Pack 1
18:14:17.727 Number of processors: 4 586 0x2A07
18:14:17.728 ComputerName: kiddshaw UserName:
18:14:19.827 Initialize success
18:14:19.902 AVAST engine defs: 13102602
18:14:30.980 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IAAStorageDevice-1
18:14:30.983 Disk 0 Vendor: WDC_WD75 03.0 Size: 715404MB BusType: 3
18:14:31.137 Disk 0 MBR read successfully
18:14:31.143 Disk 0 MBR scan
18:14:31.150 Disk 0 Windows 7 default MBR code
18:14:31.156 Disk 0 Partition 1 00 DE Dell Utility DELL 8.0 100 MB offset 2048
18:14:31.168 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
18:14:31.183 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 700302 MB offset 30926848
18:14:31.211 Disk 0 scanning C:\windows\system32\drivers
18:14:40.947 Service scanning
18:15:16.498 Modules scanning
18:15:16.516 Disk 0 trace - called modules:
18:15:16.578 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
18:15:16.592 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa8005f58060]
18:15:16.603 3 CLASSPNP.SYS[fffff880011b643f] → nt!IofCallDriver → [0xfffffa8005bf3800]
18:15:16.609 5 ACPI.sys[fffff88000d5c7a1] → nt!IofCallDriver → \Device\Ide\IAAStorageDevice-1[0xfffffa8005bf9050]
18:15:17.958 AVAST engine scan C:\windows
18:15:20.869 AVAST engine scan C:\windows\system32
18:17:33.164 AVAST engine scan C:\windows\system32\drivers
18:17:46.263 AVAST engine scan C:\Users\kiddshaw
18:37:32.943 AVAST engine scan C:\ProgramData
18:43:03.468 Scan finished successfully
18:53:54.648 Disk 0 MBR has been saved successfully to “C:\Users\kiddshaw\Desktop\MBR.dat”
18:53:54.651 The log file has been saved successfully to “C:\Users\kiddshaw\Desktop\aswMBR.txt”

Done

Pondus · October 27, 2013, 1:03am

3. OTL scan log exceeds the maximun lenght

and that is why the OTL instructions say [b]attach[/b] log....

system · October 27, 2013, 1:06am

Look up, I attached it before…

system · October 27, 2013, 1:59am

Any solution guys? x_x

Secondmineboy · October 27, 2013, 10:47am

Under the answer box is an option attachments and other options, attach it there.

TwinHeadedEagle · October 27, 2013, 11:48am

Hello,

Please download Farbar Recovery Scan Tool by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

system · October 27, 2013, 8:55pm

Hellooo

Here they are!

TwinHeadedEagle · October 27, 2013, 9:20pm

I found no malware in the logs, do you still have detections?

system · October 27, 2013, 9:23pm

Yes :l I did the full system scan again and the rootkits still show up in the results

TwinHeadedEagle · October 27, 2013, 9:26pm

It is a False Positive detection, happened to lot people using Avast 2014…

system · October 27, 2013, 9:32pm

I was coming to that conclusion too! Well, thank you very much to all for your help!

system · October 27, 2013, 9:38pm

I have a questioooooooooooonn

I didn’t clean up the results from neither adwcleaner and otl. Should I? Or should I leave it like that?