copied FRST64.exe over. it says not a valid win32 application when I try to run it from the flash drive.
I’m going ahead with USB option, WinToBootic.
yeah, C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess, then it says ATTENTION!
found this: http://www.doitscared.com/1259/recover-from-the-sirefef-y-virus-infection/
(checked comments, and used vt, the file(s) are clean)
OK if you could post the FRST log I will craft a fix for you
ok
Got it
Download fixlist.txt to the same USB as FRST
Run FRST as before but this time select FIX
After the fix has completed reboot to normal windows
If that fails then I will search and replace the services file
got it.
If you achieve normal windows then do the following
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
- IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
- Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
- Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
- If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
opened fixlog from notepad*, the 1st item was “moved successfully”, the other 3 were “not found”.
edit: *this is from system recovery options → command prompt.
about a minute or two after the desktop is done loading, MSE still tries to remove it, and says it has to reboot. it’s services.exe.
OK lets replace it via FRST
Start FRST and in the search box Type:
services.exe
Then press search … It will then list the locations of all instances of that file
Copy that here and I will make a replace fix
ok.
Same again to switch … Download fixlist.txt to the USB
Allow it to over write then again press Fix
You should now get into windows to start combofix
in Windows now. that error message is gone now. trying to disable all security software when it told me it found something running (which I thought I disabled already), then clicked OK. No window popped up from combofix or anything, so I went to see if it was running. everything froze up.
OK lets skip combofix now as I was going to use that to replace the services.exe ;D
If you could run an OTL quick scan selecting all users and attach the log
Also let me know how the computer is behaving at the moment … Any anomolies
after killed some security tasks (old av that didn’t do anything), and clicked OK, I can’t get to task manager, start menu, or anything, but the widgets appear to be running. so is combofix running or should I reboot?
If you have hard drive activity and the balck/green box is counting through the stages then it is working
If not then reboot
ok, rebooted. running OTL scan now.