Hello i’m new here, and i need help in getting rid of the virus that are listed in the title i know one is a Rootkit, and the other one is a Trojan. i have Avast anti virus[Free year version], MalwareBytes, Comodo Firewall, and Sophos Virus Removal (i think is like MalwareBytes). now can some one tell me how can i get rid of it, had to put the Avast warning thing into gaming mode or was it silent mode. this Rootkit, and Trojan appear after Microsoft Security Essential stop working along with the Microsoft updates. Avast, Malwarebytes and Sophos is picking it up with the same name and/or Title.
follow this guide and attach the logs…not copy and paste
http://forum.avast.com/index.php?topic=53253.0
AdwCleaner
Malwarebytes
OTL
aswMBR
when done, malware experts will be notified and check your logs. it may take hours before one arrive so be patient
this is AdwCleaner
P.S How do you paste MBAM log
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.12.20.10
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]
12/20/2012 3:26:13 PM
mbam-log-2012-12-20 (15-26-13).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 253558
Time elapsed: 5 minute(s), 5 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\Installer{79b4ade0-86a3-3e75-55f8-a79105d77739}\U\trz3201.tmp (Rootkit.0Access) → Quarantined and deleted successfully.
(end)
wait never mind about what i say about MBAM
OTL documents.
OK lets get at it
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
IE - HKU\S-1-5-21-3367399483-3720647409-1122917799-1000\..\URLSearchHook: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - No CLSID value found
FF - prefs.js..extensions.enabledAddons: yvszkhredt%40yvszkhredt.org:1.0
[2008/01/20 21:23:50 | 000,004,819 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\f1yr7yx7.default\extensions\yvszkhredt@yvszkhredt.org.xpi
O3 - HKU\S-1-5-21-3367399483-3720647409-1122917799-1000\..\Toolbar\WebBrowser: (no name) - {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - No CLSID value found.
:Files
C:\Windows\Installer\{79b4ade0-86a3-3e75-55f8-a79105d77739}
C:\Users\Owner\AppData\Local\{79b4ade0-86a3-3e75-55f8-a79105d77739}
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
- IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
- Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
- Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
- If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
finaly here is aswmbr
Continue with OTL and Combofix
OTL part 2
After a while when I start combofix it comes to a blue notepad saying:
“Administrator autorun
Scanning for infected files . . .
This typically doesn’t take more the 10 minutes
however scan sometimes badly infected files make take double”
The a couple of minutes later a microsoft window appear and it say:
freeware implementation of XCACLS has stopped working
Also it show another box saying that I’m disconnect from the Internet but I’m not disconnect.
P.S sorry about the late half of the post I using the iPad to communicate in this forum.
Ok now a new message appear and it say:
You are infected with Rootkit.ZeroAccess! It has inserted itself into the tcp/ip stack this is particularly difficult infection. The rest of the message says that if I can’t access the Internet after combofix is done then I should restart the computer.
Ok so whats next, realy would like to turn back on Avast and comodo firewall.
Fist of all I decided to turn on avast & comodo firewall.
The good part: the random links when I used google or bing has stop appearing so I’m getting straight to the links that I’m clicking on, second the mouse seems to have stop jump or leapning around. Avast is showing up that the computer is clean with the popup messega.
Weird part: another shortcut of Internet explorer has appear (I don’t trust it).
Bad part: windows update is started to show up saying that there’s updates, but when I update it fails. I think that’s from when Microsoft security essentials stop working. MSE is still with the same error code 0x80070424, I know how to fix it but don’t have a USB to use to restore the back broad or something like that.
Essexboy want me to do another scan with malware bytes and avast?
nfected copy of c:\windows\system32\Services.exe was found and disinfectedThis was the bad boy .. Fixt
Weird part: another shortcut of Internet explorer has appear (I don't trust it).Combofix put it there, you can delete it
Reinstall MSE and see if that cures it
Download and run farbar service scanner
http://i1224.photobucket.com/albums/ee362/Essexboy3/Farbar/FSS-1.jpg
Tick “All” options.
Press “Scan”.
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
here’s FSS text
Did MSE re-install properly ?
Could you run the MS Fixit on this page http://support.microsoft.com/kb/971058
Still getting the same error code for Microsoft security essentials (0x80070424) while the windows update gets error code 80096001. Fixit say that windows update has been fix but nothing has been fix, not going to bother with this problem.
Use this … I have a fairly good success rate with it
Download Windows Repair (all in one) from this site
Install the programme then run
https://dl.dropbox.com/u/73555776/waio%20start.JPG
Go to step 3 and allow it to run SFC
https://dl.dropbox.com/u/73555776/waio%20step3.JPG
On the start repairs tab click start
https://dl.dropbox.com/u/73555776/waiostart%20rep.JPG
Select the following items and tick restart system when finished
it seems that work, but only one update keep failing which is call:
Definition Update for Windows Defender - KB915597 (Definition 1.141.2350.0)
along with this message:
Error found:
Code 80240016 Windows Update is currently installing other updates. Please try again in a few minutes.
the link that it has for help is useless.
never mind, re-install microsoft security essentail and well that seems to fix it by doing manually through MSE ??? now lets hope that tomorrow avast well work perfectly and not pick up those 3 threat that are located in the temporary internet file, hope that program form that other user work.