I keep getting threat alerts 8000000032 and 8000000064 which appear to be Win32:ZAccess-PB virus. Please help!!
follow guide and attach logs (not copy and paste). http://forum.avast.com/index.php?topic=53253.0
AdwCleaner
Malwarebytes
OTL
aswMBR
run in the order listed…when done removal experts will be notified
Adware log:
AdwCleaner v2.304 - Logfile created 07/08/2013 at 17:46:51
Updated 03/07/2013 by Xplode
Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
User : Nate - NATE-PC
Boot Mode : Normal
Running from : C:\Users\Nate\Desktop\adwcleaner.exe
Option [Search]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [Internet Browsers] *****
-\ Internet Explorer v9.0.8112.16476
[OK] Registry is clean.
-\ Google Chrome v27.0.1453.116
File : C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
File : C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
AdwCleaner[R1].txt - [2630 octets] - [08/07/2013 15:41:00]
AdwCleaner[R2].txt - [1005 octets] - [08/07/2013 16:18:35]
AdwCleaner[R3].txt - [878 octets] - [08/07/2013 17:46:51]
AdwCleaner[S1].txt - [2736 octets] - [08/07/2013 15:41:34]
AdwCleaner[S2].txt - [1065 octets] - [08/07/2013 16:19:35]
########## EOF - C:\AdwCleaner[R3].txt - [1057 octets] ##########
Malwarebytes log:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.07.08.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Nate :: NATE-PC [administrator]
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-08 17:29:17
17:29:17.688 OS Version: Windows x64 6.1.7601 Service Pack 1
17:29:17.688 Number of processors: 1 586 0x170A
17:29:17.688 ComputerName: NATE-PC UserName: Nate
17:29:21.479 Initialize success
17:29:22.665 AVAST engine defs: 13070800
17:29:24.365 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-0
17:29:24.365 Disk 0 Vendor: ST9250315AS 0005HPM1 Size: 238475MB BusType: 11
17:29:24.490 Disk 0 MBR read successfully
17:29:24.490 Disk 0 MBR scan
17:29:24.490 Disk 0 unknown MBR code
17:29:24.506 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
17:29:24.521 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 226085 MB offset 409600
17:29:24.552 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12189 MB offset 463431680
17:29:24.599 Disk 0 scanning C:\Windows\system32\drivers
17:29:46.954 Service scanning
17:30:21.399 Modules scanning
17:30:21.399 Disk 0 trace - called modules:
17:30:21.430 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:30:21.929 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa800333e660]
17:30:21.929 3 CLASSPNP.SYS[fffff8800109043f] → nt!IofCallDriver → \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002e74060]
17:30:22.663 AVAST engine scan C:\Windows
17:30:25.798 AVAST engine scan C:\Windows\system32
17:32:29.053 File: C:\Windows\system32\services.exe INFECTED Win32:Sirefef-ZT [Trj]
17:33:30.173 File: C:\Windows\assembly\GAC_32\Desktop.ini INFECTED Win32:Sirefef-PL [Rtk]
17:33:35.321 File: C:\Windows\assembly\GAC_64\Desktop.ini INFECTED Win32:Sirefef-PL [Rtk]
17:35:44.356 AVAST engine scan C:\Windows\system32\drivers
17:36:05.166 AVAST engine scan C:\Users\Nate
17:45:33.723 Disk 0 MBR has been saved successfully to “C:\Users\Nate\Desktop\MBR.dat”
17:45:33.739 The log file has been saved successfully to “C:\Users\Nate\Desktop\aswMBR.txt”
The otl log is dozens of pages in length. Is all of it required or just part(s)?
did you read first sentece in my first post?..attach logs… not copy and paste
you dont have to repost the ones already posted, but OTL must be attached, as you just found out.
well…malwarebytes log…you have only pasted part of it, so attach that
removers are notified, they are all in bed now so check back tomorrow
Sorry I did misunderstand. This is way out of my norm…
Hi and Welcome!!
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I’d be grateful if you would note the following:
[] The fixes are specific to your problem and should only be used for the issues on this machine.
[] It’s often worth reading through these instructions and printing them for ease of reference.
[] If you don’t know or understand something, please don’t hesitate to say or ask!! It’s better to be sure and safe than sorry.
[] Please reply to this thread. Do not start a new topic.
[] If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
[]Please be sure to subscribe to the topic if you have not already done so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.
Having said that…
http://i1224.photobucket.com/albums/ee380/jeffce74/vegeta_zps7f4345cf.gif
Let’s get going!!
ComboFix
Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2
Note: It is important that it is saved directly to your desktop
If you get a message saying “Illegal operation attempted on a registry key that has been marked for deletion”, please restart your computer.
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
When finished, it will produce a report for you.
[*]Please post the C:\ComboFix.txt for further review.
Here is the log
Much better…how is your system running?
Working great! Thank you so much!
Good to hear…let’s get some updates and check for anything else hiding.
http://i1224.photobucket.com/albums/ee380/jeffce74/java-1.jpg
Java
Please go to Start > Control Panel > Programs and Features > uninstall all the Java Programs you see, now download the latest Java from the following link and install it:
http://java.com/en/download/index.jsp
http://i1224.photobucket.com/albums/ee380/jeffce74/java-1.jpg
See this page for instructions on how to clear java’s cache.
Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
[*]Under Temporary Internet Files, click the Delete Files button.[*]There are three options in the window to clear the cache - Leave ALL 3 Checked
Downloaded Applets
Downloaded Applications
Installed Applications and Applets[*]Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.[*]Click OK to leave the Java Control Panel.
http://i1224.photobucket.com/albums/ee380/jeffce74/mbam-3.jpg
Malwarebytes
Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
ESET Online Scanner