Possible zero access infection?

Hi,

Since last weekend I’ve been unable to use my desktop computer due to getting only the option of windows repair, which does nothing. In safe mode it stops to aswrvrt.sys file and hits bsod. I am able to use recovery mode via usb-stick and removing the .sys file made computer only to bsod with another file. And from what I can see, this has happened alot lately.

My OS is Win7 64-bit. I do not remember installing anything new or windows updates last time I used it. I am trying to avoid doing clean install so I’ve tried all sorts of stuff with no result. After reading some other topics of the subject, I ran Farbar and the log file is included here. Appreciate the help.

hey and welcome to the avast forum.

i suggest you follow this guide and attach your logs.

http://forum.avast.com/index.php?topic=53253.0

we need the logs from adwclener, malwarebytes,otl and aswmbr.

if problems running any of the programs in the guide Mikaelrask gave you, try run it from safe mode

malware removers are notified…

I’m not able to access windows at all. Only able to use command prompt via windows recovery disc.
In addition, startup repair and system restore didn’t help.

OK…wait for the malware specialists to arrive…it may take hours so be patient

Download attached file.fixlist.txt, it’s a script for FRST tool.

[*] Save it to your USB flashdrive ( as fixlist.txt )
[*] You should now have both fixlist.txt and FRST64.exe on your flash drive.

fixlist.txt must be in the same location where FRST.exe tool is!

Boot into Recovery Environment

Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens …

[*] Press the Fix button once and wait.
[*] FRST will process fixlist.txt
[*] When finished, it will produce a log fixlog.txt on your USB flashdrive.

Exit out of Recovery Environment and attach the log please.


Try to boot windows into safe mode or normal mode. If you succeed in this, just for test, temporarily uninstall Avast antivirus.

And my windows seems to be working so far! Thank you so much, I wish I could understand what just happened :smiley:

For anyone else with the issue, after I ran the fix and restarted computer, I did get the same “start windows repair” screen, but after hitting “start windows normally” it worked. Awesome :slight_smile:

hey if windows works again for you please follow the guide i posted. from there magna86 will check the logs and help you from there.

Here are the logs requested. All but malfware, which I ran in my native language and doubt it would make any sense to you. Also it didn’t find anything with quickscan.

All but malfware, which I ran in my native language and doubt it would make any sense to you.
you mean Malwarebytes..... detections should be in English ....but if nothing was detected, no need for the log

magna should be back here later today

Aye, ment Malwarebytes :smiley:

For anyone else with the issue, after I ran the fix and restarted computer
Just to point some facts for Google search. This script for FRST is written compared via attached FRST logs, and it's script is specific only to this users. For all others with the same problem, you need to open a new topic and post your problems. ;)

@ Mylkkari
FRST not even showed the presence of active malware and nothing can be hidden from FRST when is running in recovery environment. Above posted logs looks good too.

In logs I see you have installed Advanced SystemCare from IObit company.
“C:\Program Files (x86)\IObit\Advanced SystemCare 5”
My personal suggestion is to uninstall this software. Of course, the decision is yours.
Why? You may read this official info:
http://forums.malwarebytes.org/index.php?showtopic=29681

Also I see s.k MountPoints2 regkeys created. This is a sign to check the USB memory device.

Check USB storage devices / removable drives

Download MCShield from one of the following links:

MyCity - Official download link
Softpedija - Mirror download link

[*] Double click MCShield-Setup to install the application.
[*] Wait a few seconds to MCShield finish initial scan.
Recommendation to under General and Scanner tab you click on Defaults button to choose recommended options.
[*] Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.

When all scanning is done, you need to attach a logreport that has made MCShield.

Start → All Programs → MCShield → Logs

Attach here → AllScans.txt

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.


AdwCleaner did a good job. I see some entries in AdwCleaner log that require further checking. Let’s check if there are any malicious extensions present.

http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool to your desktop.

[]Shut down your protection software now to avoid potential conflicts.
[
]Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select “Run as Administrator”.
[]The tool will open and start scanning your system.
[
]Please be patient as this can take a while to complete depending on your system’s specifications.
[]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
[
]Post the contents of JRT.txt into your next message.

I’ve done as requested. One of the usb-drives had something found and fixed.

This post exceeded max length with what was in JRT log, so it’s also attached as a file.

That’s it. Feel free to remove used tools:

Please download DelFix by “Xplode” to your Desktop.

Run the tool and check the following boxes below;

[] Remove disinfection tools
[
] Create registry backup
[*] Purge System Restore

Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt

I don’t need DelFix log report.

======== Next ===========

I recommended to keep Malwarebytes and to use MCShield if you will.
You may download MCShield from one of the following links:
http://www.mcshield.net/
It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.

All done. A very big thanks for all your help guys.