Jump to content

Moothead2

Members
 View Profile  See their activity

  • Posts

    3

  • Joined

  • Last visited

 Content Type 

Posts posted by Moothead2

    Trojan.Zeroaccess!inf4 Removal

    in Resolved Malware Removal Logs

    Posted

    Hi, thanks for the quick reply.

    RogueKiller V8.2.3 [11/07/2012] by Tigzy

    mail: tigzyRK<at>gmail<dot>com

    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Website: http://tigzy.geekstogo.com/roguekiller.php

    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User : Laura [Admin rights]

    Mode : Scan -- Date : 11/12/2012 22:49:03

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 8 ¤¤¤

    [RUN][ROGUE ST] HKLM\[...]\Run : HPWirelessAssistant (C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden) -> FOUND

    [TASK][sUSP PATH] Update Check : C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe /s /p 1 -> FOUND

    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

    [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    [ZeroAccess][FILE] @ : C:\Windows\Installer\{ec33501a-4ccc-5055-382d-11e4e0c8280d}\@ --> FOUND

    [ZeroAccess][FOLDER] U : C:\Windows\Installer\{ec33501a-4ccc-5055-382d-11e4e0c8280d}\U --> FOUND

    [ZeroAccess][FOLDER] L : C:\Windows\Installer\{ec33501a-4ccc-5055-382d-11e4e0c8280d}\L --> FOUND

    [ZeroAccess][FILE] @ : C:\Users\Laura\AppData\Local\{ec33501a-4ccc-5055-382d-11e4e0c8280d}\@ --> FOUND

    [ZeroAccess][FOLDER] U : C:\Users\Laura\AppData\Local\{ec33501a-4ccc-5055-382d-11e4e0c8280d}\U --> FOUND

    [ZeroAccess][FOLDER] L : C:\Users\Laura\AppData\Local\{ec33501a-4ccc-5055-382d-11e4e0c8280d}\L --> FOUND

    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND

    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND

    [susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤

    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HTS543232A7A384 +++++

    --- User ---

    [MBR] 74bd9ded22244f564c8487082294412e

    [bSP] 247e38e0ff099243dcf9193fbe782c0c : Windows 7/8 MBR Code

    Partition table:

    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 291033 Mo

    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 596445184 | Size: 13908 Mo

    3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    Finished : << RKreport[1]_S_11122012_02d2249.txt >>

    RKreport[1]_S_11122012_02d2249.txt

    Trojan.Zeroaccess!inf4 Removal

    in Resolved Malware Removal Logs

    Posted

    Hi,

    My sisters computer has recently been infected by the above trojan and a quick search indicates I'll need the help of the awesome people on here to get rid of it as Norton and MB doesn't seem to do the job. Here are the FRST logs:

    FRST.txt

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2012

    Ran by SYSTEM at 12-11-2012 22:37:26

    Running from H:\

    (X64) OS Language: English(US)

    Attention: Could not load system hive.Attention: System hive is missing.

    ==================== Registry (Whitelisted) ===================

    Attention: Software hive is missing.

    ATTENTION: Unable to load Software hive.

    ==================== Services (Whitelisted) ===================

    ==================== Drivers (Whitelisted) =====================

    ==================== NetSvcs (Whitelisted) ====================

    ==================== One Month Created Files and Folders ========

    ==================== One Month Modified Files and Folders =======

    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.

    C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!.

    C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.

    C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.

    C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!.

    C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.

    C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.

    C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.

    C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.

    C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION!.

    C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.

    C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION!.

    C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.

    c:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: <===== ATTENTION!

    HKLM\...\exefile\DefaultIcon: <===== ATTENTION!

    HKLM\...\exefile\open\command: <===== ATTENTION!

    ==================== Restore Points =========================

    ==================== Memory info ===========================

    Percentage of memory in use: 18%

    Total physical RAM: 3001.89 MB

    Available physical RAM: 2457.48 MB

    Total Pagefile: 3000.04 MB

    Available Pagefile: 2437.56 MB

    Total Virtual: 8192 MB

    Available Virtual: 8191.89 MB

    ==================== Partitions =============================

    1 Drive d: () (Fixed) (Total:284.21 GB) (Free:221.33 GB) NTFS ==>[system with boot components (obtained from reading drive)]

    2 Drive e: (RECOVERY) (Fixed) (Total:13.58 GB) (Free:1.69 GB) NTFS ==>[system with boot components (obtained from reading drive)]

    3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

    4 Drive g: (Sims3) (CDROM) (Total:5.56 GB) (Free:0 GB) UDF

    5 Drive h: (WIN8) (Removable) (Total:3.77 GB) (Free:3.76 GB) FAT32

    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]

    ==================== End Of Log =============================

    Search.txt

    Farbar Recovery Scan Tool (x64) Version: 12-11-2012

    Ran by SYSTEM at 2012-11-12 22:37:53

    Running from H:\

    ================== Search: "services.exe" ===================

    ====== End Of Search ======

    Thanks in advance :),

    Jordan.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.