Ok, so I have a problem that I do not know how to get rid of. First off I get something called av security 2012. I’ve seen this before on other computers and can be a pain in the backside sometimes. I’ve tried Malwarebytes and avast, both gotten rid of what appeared to be the culprits, but windows still ran slow, firewall disabled, and avast kept blocking a url and some other thing called ping.exe saying it was malware. after searching around for more answers to my dilemma I figured I’d use another program called Superantispyware. the scan turned up nothing but I used some features of the program(superantispyware) to reset and/or restore certain settings that could have been changed by malware and the like. so afterwards I start up windows again and it finally runs like before all this happened.
but I still got a problem, the avast window keeps popping up saying it has blocked a url, and that it was coming from ping.exe every 3 or so minutes. I also cannot enter safe mode as it pauses at mup.sys on loading.
OK 'tis our old mate consrv.dll I will fix that first and then once it has gone look for remnants
Download and Install Combofix
Download ComboFix from one of the following locations: Link 1 Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
I have a question, does this process with combofix take a while? it seems to me that it looks like it finished but did not produce a log.
nvm it took forever to load up th cmd screen.
ok so it seems i’ve made an error, avast has blocked and quarantined a file called serial.sys from the combofix folder on my hd after combofix had found something. just messed the who scan up now as my comp froze.
I await your guy’s instructions. I hope nothing bad happens.
Did you read the first line in essexboys instructions ?
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
I honestly did not see avast in there, I should of looked over that list more carefully.
I should have looked through the avast user panel more carefully as well.
I will be running it over again.
I am having trouble disabling Avast. I’ve seen the link on how to disable security programs but does not show how to disable the avast program that I have…Am I missing something?
Edit: I’ve figured it out I guess ::)… I’m trying not to be a bonehead or anything, these things just happen
So it is frozen @ the scanning cmd screen. kudos to my fault. My laptop seems to run better now though, I don’t get that annoying ping.exe blocked message anymore.
if I remember, ComboFix came up with my laptop having ZeroAccess rootkit.
Did as you said. It was almost done producing the log when it froze up. waited nearly an hour then gave up. also, combofix has expired, went to “reduced functionality mode”. And I had avast turned off, shields off, and it still reported it to be running.
OK lets get my other analysis tool onto this - The main part I am interested in is the analysis report - I have a link to megaupload at the end as you cannot attach zip files in this forum
Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post
Now the Analysis
Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information
