Jump to content

sasikanth

Members
  • Posts

    12
  • Joined

  • Last visited

Reputation

0 Neutral
  1. MrC you are really a genius and a kind hearted person. Thanks a lot for your support to get rid of zeroaccess trogen from my laptop.

  2. Results of screen317's Security Check version 0.99.50 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! McAfee VirusScan Enterprise Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` McAfee AntiSpyware Enterprise Module Malwarebytes Anti-Malware version 1.62.0.1300 JavaFX 2.1.1 Java 7 Update 5 Java version out of Date! Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox 6.0 Firefox out of Date! Google Chrome 21.0.1180.75 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe McAfee VirusScan Enterprise EngineServer.exe McAfee VirusScan Enterprise VsTskMgr.exe McAfee VirusScan Enterprise Mcshield.exe McAfee VirusScan Enterprise mfeann.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
  3. Thanks Charlie. I figured out the reason and its a typical windows 7 behavior. and it has no relation with zeroaccess trojan. As things are working fine now, I believe I got rid of this trojan from my pc. thanks a lot for your support.
  4. Hello Mr Charlie, I believe now the system is back to normal. I dont see the popup message stating that the virus is deleted. Thanks for your support to get rid of the trojan. But still I am not able to access the hidden folders like "ApplicationData" , "Cookies" though have kept the options to make these folders as visible and I have admin rights for the same. whenever I am trying to open these folders, I am getting the message that "Access is denied" for these folders. Earlier I am able to access these folders. Not sure it the effort of zeroaccess. If so, looking for your help to get rid of this as well.
  5. Please find the log file generated by MBAM. Please advise the next course of action if any. ================================= Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.09.03.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 sasikanths :: LAPBLR-SASI [administrator] Protection: Disabled 9/3/2012 7:27:02 PM mbam-log-2012-09-03 (19-27-02).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 260924 Time elapsed: 18 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 20 HKCR\CLSID\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> Quarantined and deleted successfully. HKCR\TypeLib\{44444444-4444-4444-4444-440044504458} (PUP.215Apps) -> Quarantined and deleted successfully. HKCR\Interface\{55555555-5555-5555-5555-550055505558} (PUP.215Apps) -> Quarantined and deleted successfully. HKCR\CrossriderApp0005058.BHO.1 (PUP.215Apps) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> Quarantined and deleted successfully. HKCR\CLSID\{22222222-2222-2222-2222-220022502258} (PUP.CrossRider.SSK) -> Quarantined and deleted successfully. HKCR\CrossriderApp0005058.Sandbox.1 (PUP.CrossRider.SSK) -> Quarantined and deleted successfully. HKCR\CrossriderApp0005058.Sandbox (PUP.CrossRider.SSK) -> Quarantined and deleted successfully. HKCR\CLSID\{33333333-3333-3333-3333-330033503358} (PUP.CrossRider.SSK) -> Quarantined and deleted successfully. HKCR\CrossriderApp0005058.FBApi.1 (PUP.CrossRider.SSK) -> Quarantined and deleted successfully. HKCR\CrossriderApp0005058.FBApi (PUP.CrossRider.SSK) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shopping Sidekick (PUP.CrossRider.SSK) -> Quarantined and deleted successfully. HKCR\CrossriderApp0005058.BHO (PUP.CrossFire.Gen) -> Quarantined and deleted successfully. HKCU\Software\Cr_Installer\5058 (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nllafhekklanfkimibokomlmidmcmaoi (PUP.CrossRider.SSK) -> Quarantined and deleted successfully. Registry Values Detected: 2 HKCU\Software\InstalledBrowserExtensions\215 Apps|5058 (PUP.CrossFire.SA) -> Data: Shopping Sidekick -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shopping Sidekick|Publisher (PUP.CrossRider.SSK) -> Data: 215 Apps -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Program Files\Shopping Sidekick (PUP.CrossRider.SSK) -> Quarantined and deleted successfully. Files Detected: 14 C:\Program Files\Shopping Sidekick\Shopping Sidekick.dll (PUP.215Apps) -> Quarantined and deleted successfully. C:\Users\sasikanths.GEOMETRIC\AppData\Roaming\werety.dll (Spyware.Password) -> Quarantined and deleted successfully. C:\Users\sasikanths.GEOMETRIC\AppData\Local\Temp\eswxnoracm.exe (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Users\sasikanths.GEOMETRIC\AppData\Local\Temp\msimg32.dll (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Users\sasikanths.GEOMETRIC\AppData\Local\Temp\orcxesnamw.exe (Trojan.LameShield) -> Quarantined and deleted successfully. C:\Users\sasikanths.GEOMETRIC\Downloads\mplayer_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully. C:\Program Files\Shopping Sidekick\Shopping SidekickInstaller.log (PUP.CrossRider.SSK) -> Quarantined and deleted successfully. C:\Program Files\Shopping Sidekick\Shopping Sidekick.exe (PUP.CrossRider.SSK) -> Quarantined and deleted successfully. C:\Program Files\Shopping Sidekick\Shopping Sidekick.ico (PUP.CrossRider.SSK) -> Quarantined and deleted successfully. C:\Program Files\Shopping Sidekick\Shopping Sidekick.ini (PUP.CrossRider.SSK) -> Quarantined and deleted successfully. C:\Program Files\Shopping Sidekick\Shopping SidekickGui.exe (PUP.CrossRider.SSK) -> Quarantined and deleted successfully. C:\Program Files\Shopping Sidekick\Uninstall.exe (PUP.CrossRider.SSK) -> Quarantined and deleted successfully. C:\Users\sasikanths.GEOMETRIC\Local Settings\Application Data\Shopping Sidekick\Chrome\Shopping Sidekick.crx (PUP.CrossRider.SSK) -> Quarantined and deleted successfully. C:\Users\sasikanths.GEOMETRIC\AppData\Local\Shopping Sidekick\Chrome\Shopping Sidekick.crx (PUP.CrossRider.SSK) -> Quarantined and deleted successfully. (end)
  6. I have McAfee antivirus installation, Is MBAM is a freeware or its a paid one ? if so can you please guide me from where I can get the installation .
  7. Seems that these registry entries are not getting deleted by rougekiller. PLease find the attached log file. Are there any other options to delete these entries? RKreport8.txt
  8. Please find the log file for the latest run of RogueKiller. Please let me know if I need to delete these registry entries as well using Roguekiller program. RKreport6.txt
  9. Hello Mr Charlie, I am using wireless lan connection. I have performed the operations as you have mentioned. I herewith attached the log files generated by Rougekiller & TDSSKiller . Please review and advice the next course of action. TDSSKillerReport.txt RKreport4.txt
  10. I still see the zeroaccess error in RogueKiller log . Please advice me what should i do ? RKreport2.txt
  11. Hello Mr Charlie, I request you to please provide your support to remove this trojan. As you have mentioned, I have followed the steps. Please find the log files as you have asked for. PLease do the needful. FRST.txt Search.txt
  12. Hi, my computer is affected by Zeroacess for the past couple of days. I have Mcafee antivirus installed in my machine. For every 10 sec, I am getting McAfee pop stating that it has deleted trojans related to zeroacess. Can you please help me to remove the trojan completely from my laptop. I have also some of the threads in this forum and I have tried running Roguerkiller in my laptop. I herewith attached the copy of the log file generted by RogueKiller. Please help me to get rid of this. RKreport1.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.