I’m having a pretty bad case of zero acess and haven’t found a way to delete it, help is needed !
Follow this Thread and attach logs: http://forum.avast.com/index.php?topic=53253.0
When malware removers arrive follow their instructions.
Monitoring…
LOGS
more logs
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
- IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
- Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
- Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
- If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
here’s the combofix log
Avast hasn’t signed anything yet and the computer seems to be running pretty well
Thank you
i forgot the log, here it is
Download TDSSKiller and save it to your desktop
Execute TDSSKiller.exe by doubleclicking on it.
Confirm “End user Licence Agreement” and “KSN Statement” dialog box by clicking on Accept button.
[*] Press Start Scan
[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
Please post the contents of that log in your next reply.
here’s the log
Please go to: VirusTotal
[*] Click the Choose File button.
[*] Please copy/paste the following text into the ‘File name:’ box:
c:\windows\SysWow64\Drivers\atapi.sys
[*] Click Open then click the Scan it! button just below.
[*] This will scan the file. Please be patient.
[*] If you get a message saying File already analyzed: click Reanalyse
[*] Once scanned, copy and paste the URL from your browser address bar in your next reply.
Then…
Please download SystemLook from one of the links below and save it to your desktop.
http://jpshortstuff.247fixes.com/SystemLook_x64.exe
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Double-click [b]SystemLook.exe[/b] to run it.
Copy the contents of the following codebox into the main textfield.
:filefind
atapi.sys
Click the [b]Look [/b]button to start the scan.
[b]Note[/b]: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).
When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled [b]SystemLook.txt[/b]
VirusTotal says the file doesn’t exist
Can you find that file manually, without copying?
No
Ok, we’re nearly done here, let’s run additional scans…
Please download Farbar Recovery Scan Tool by Farbar and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
=====================================================
Please download Farbar Service Scanner and run it on the computer with the issue.
[*]Make sure the following options are checked:
[*]Internet Services
[*]Windows Firewall
[*]System Restore
[*]Security Center/Action Center
[*]Windows Update
[*]Windows Defender
[*]Press “Scan”.
[]It will create a log (FSS.txt) in the same directory the tool is run.
[]Please copy and paste the log to your reply.
logs
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
CHR RestoreOnStartup: "hxxp://search.babylon.com/?affID=113480&tt=3212_4&babsrc=HP_ss&mntrId=30a178d90000000000000022151ed89a", "hxxp://www.google.com", "hxxp://search.babylon.com/?affID=110824&tt=071012_17_4112_6&babsrc=HP_ss&mntrId=4ea385c100000000000094dbc9b3f9f6", "hxxp://www.google.com/"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\zé\AppData\Local\Google\Desktop\Install
cmd: netsh winsock reset
cmd: ipconfig /flushdns
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
logs
OK, virus is now completely clean…
How is the system running?
Pretty well, thanks a lot.