Jump to content

cordelia

Members
  • Content Count

    7
  • Joined

  • Last visited

Community Reputation

0 Neutral

About cordelia

  • Rank
    New Member
  1. I ran the registry edit (pasted correctly, including REGEDIT4) and it definitely did not go well...I rebooting my computer and all the icons on the taskbar were blank, my wireless internet didn't work and all my files on both the Desktop and My Documents were completely gone. I needed my computer today so I decided to go ahead and run system restore. I had a restore point (after running ComboFix and everything) so it was no big deal, but I'm not sure what my plan of action should be now.
  2. I ran ComboFix and it claimed to have found the ZeroAccess rootkit. Now computer is running quite a bit faster and despite MalwareBytes protection running again, I haven't noticed any rootkit warnings yet. Here's my log: ComboFix 12-05-03.03 - Sophia 03/05/2012 23:45:16.1.2 - x86 Microsoft Windows 7 Starter 6.1.7600.0.1252.2.1033.18.1015.350 [GMT -7:00] Running from: c:\users\Sophia\Desktop\ComboFix.exe AV: avast! antivirus *Enabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308} SP: avast! antivirus *Enabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Windows Defender *Enabled/Updat
  3. Here's attach.txt. Sorry for the multiple posts. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Starter Boot Device: \Device\HarddiskVolume1 Install Date: 06/12/2009 2:01:09 PM System Uptime: 01/05/2012 7:58:16 PM (1 hours ago) . Motherboard: ASUSTeK Computer INC. | | 1005HA Processor: Intel® Atom CPU N270 @ 1.60GHz | PBGA 437 | 1600/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 100 GiB total, 18.867 GiB free. D: is FIXED (NTFS) - 123 GiB total, 90.42 GiB free. . ==
  4. TDSS Log, Part 2: 09:10:16.0140 7864 ============================================================ 09:10:16.0140 7864 Scan finished 09:10:16.0140 7864 ============================================================ 09:10:16.0211 4164 Detected object count: 3 09:10:16.0212 4164 Actual detected object count: 3 09:11:09.0358 4164 AsusService ( UnsignedFile.Multi.Generic ) - skipped by user 09:11:09.0358 4164 AsusService ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:11:09.0361 4164 NetBT ( UnsignedFile.Multi.Generic ) - skipped by user 09:11:09.0362 4164 NetBT ( UnsignedFile.Multi.Gener
  5. Hi Maniac, I couldn't post my TDSS log because the forum kept telling me that the post was too long, or my browser would freeze when I posted it. I'll try to post it over multiple posts, then. Sorry for the inconvenience. TDSS Log, part 1: 09:07:15.0698 1036 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43 09:07:17.0609 1036 ============================================================ 09:07:17.0610 1036 Current date / time: 2012/05/01 09:07:17.0609 09:07:17.0610 1036 SystemInfo: 09:07:17.0610 1036 09:07:17.0610 1036 OS Version: 6.1.7600 ServicePack: 0.0 09:07:17.0610 1036 Product type
  6. Hi Maniac, Thank you so much for your help. I have decided to try and remove the Rootkits before reformatting...I followed your instructions and attached my logs. For the TDSSKiller, none of the three processes found could be cured so I skipped them all. I have attached the log. For MalwareBytes, I followed your instructions and removed the one process found. Here is the log: Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.01.09 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Sophia :: JONAS-NET [administrator] Protection: Enabled 01/05/2012 7
  7. Hello, Yesterday I managed to come down with an ugly mass of malware including Smart Fortress 2012. I downloaded MalwareBytes which thankfully got my computer running again, but is still giving me repeated warnings about blocking Rootkit 0Access.H. Everytime I scan, I find another bunch of the rootkits. Here are my DDS logs: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Sophia at 23:37:53 on 2012-04-30 Microsoft Windows 7 Starter 6.1.7600.0.1252.2.1033.18.1015.80 [GMT -7:00] . AV: avast! antivirus *Enabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308} SP: avas
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.