Jump to content

david777

Members
 View Profile  See their activity

  • Posts

    3

  • Joined

  • Last visited

 Content Type 

Posts posted by david777

    Rootkit.0Access infection + browser hijack + can't install new programs

    in Resolved Malware Removal Logs

    Posted

    I just ran a scan using rogue killer. Here are the results:

    -----------------------------

    RogueKiller V7.6.2 [07/02/2012] by Tigzy

    mail: tigzyRK<at>gmail<dot>com

    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version

    Started in : Normal mode

    User: David Moerschel [Admin rights]

    Mode: Scan -- Date: 07/05/2012 10:04:10

    ¤¤¤ Bad processes: 1 ¤¤¤

    [sVCHOST] svchost.exe -- C:\Windows\system32\svchost.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries: 13 ¤¤¤

    [sUSP PATH] HKCU\[...]\Run : Utiroqo ("C:\Users\David Moerschel\AppData\Roaming\Ocozaf\ozygo.exe") -> FOUND

    [sUSP PATH] HKCU\[...]\Run : Fyhiz ("C:\Users\David Moerschel\AppData\Roaming\Binaur\opip.exe") -> FOUND

    [bLACKLIST DLL] HKLM\[...]\Run : izinec ("C:\Windows\System32\rundll32.exe" "C:\Users\David Moerschel\AppData\Roaming\izinec.dll",SHRotateZ) -> FOUND

    [sUSP PATH] HKUS\S-1-5-21-3822217949-1633032186-3584141650-1000[...]\Run : Utiroqo ("C:\Users\David Moerschel\AppData\Roaming\Ocozaf\ozygo.exe") -> FOUND

    [sUSP PATH] HKUS\S-1-5-21-3822217949-1633032186-3584141650-1000[...]\Run : Fyhiz ("C:\Users\David Moerschel\AppData\Roaming\Binaur\opip.exe") -> FOUND

    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

    [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

    [HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

    [HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND

    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    [HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    [ZeroAccess][FILE] @ : c:\windows\installer\{4ed2900c-4d83-6285-2c40-4ecb334c4f32}\@ --> FOUND

    [ZeroAccess][FOLDER] U : c:\windows\installer\{4ed2900c-4d83-6285-2c40-4ecb334c4f32}\U --> FOUND

    [ZeroAccess][FOLDER] L : c:\windows\installer\{4ed2900c-4d83-6285-2c40-4ecb334c4f32}\L --> FOUND

    [ZeroAccess][FILE] @ : c:\users\david moerschel\appdata\local\{4ed2900c-4d83-6285-2c40-4ecb334c4f32}\@ --> FOUND

    [ZeroAccess][FOLDER] U : c:\users\david moerschel\appdata\local\{4ed2900c-4d83-6285-2c40-4ecb334c4f32}\U --> FOUND

    [ZeroAccess][FOLDER] L : c:\users\david moerschel\appdata\local\{4ed2900c-4d83-6285-2c40-4ecb334c4f32}\L --> FOUND

    [susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> CANNOT FIX

    [ZeroAccess][sig found] services.exe : c:\windows\system32\services.exe --> CANNOT FIX

    ¤¤¤ Driver: [LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤

    127.0.0.1 localhost

    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HTS541660J9SA00 ATA Device +++++

    --- User ---

    [MBR] a5907dab3341c17ef95b627731c3eec1

    [bSP] 6e09ef48b2e89b0ce36ecc338d6f2192 : Windows Vista MBR Code

    Partition table:

    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 Mo

    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 145408 | Size: 2048 Mo

    2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 4339712 | Size: 55111 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>

    RKreport[1].txt

    Rootkit.0Access infection + browser hijack + can't install new programs

    in Resolved Malware Removal Logs

    Posted

    Hi,

    I've got some issues:

    1) Browser hijack: I do a search and sometimes (not every) it will redirect to some ad page. I always get redirected to a windows live login page when trying to access site (e.g., Microsoft, or malwarebytes) that will help get rid of viruses. P.S. I'm accessing this forum from a 2nd computer.

    2) Can't install programs: I tried to install various programs and an error pops up immediately saying the installer has stopped working and will close.

    I've already run the dds and attached the two files.

    Also attached are 2 MWB logs. One shows a couple viruses from an early scan run in regular vista mode. The other is a log running from safe mode and shows the Rootkit.0Access.

    Other than the hassle of browser hijack and not installing programs, the computer runs fine (albeit a little slowly). Occasionally I get a command line interface error, which ends itself. And maybe 3 times it has spontaneously restarted. But no black or blue screens, etc.

    Any suggestions?

    Thanks!

    David

    attach.txt

    dds.txt

    mbam-log-2012-07-01.txt

    mbam-log-2012-07-04_SAFE-MODE.txt

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.