Jump to content

Reisman

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. When I rebooted (or any reboot for that matter), approx 30 files are created into the C:\documents and Settings\Username\Local Settings\temp folder, most of which are languages for the filename, and .BIN for the extension, like English.bin, Spanish.bin, Russian.bin - etc. I can attach all log files of the current state, if requested. I wish one of you experts would answer me and help me. If I am not doing something correct in the posting, please advise. PLEASE HELP ME. Thanks Reisman ComboFix.txt aswMBR.txt GMER.log mbam-log-2011-07-24 (03-34-37).txt Rootkit buster.txt sarscan.log TDSSKiller.2.5.11.0_23.07.2011_18.03.37_log.txt
  2. Additional Information to update this. I am getting there. From reviewing another post you had on this subject, I downloaded and ran Maxhandle and Maxlook. Maxhandle found nothing. I never felt that Maxlook did everything it was supposed to, since I kept getting errors in files in the c:\cmdcons folder. However, it seemed to clear things enough, following my manually exchanging a few of the files inside it with current ones from the XP Professional SP3 installation disk I had made. When I ran Combofix a few times after this, it cleared that subdirectory into the Catchme.log area of Combofix's quarantine area. I reran it several times and it found nothing. That subdirectory has not returned. Everything again appears to be functioning well. I have also rerun the following programs and all give me completely clear log files - no viruses and no hidden files or hidden operations: Rootkitbuster.exe HitmanPro3.exe Malwarebytes Superantispyware Spybot Avast Antivirus aswMBR.exe GMER - hq8brqz6.exe sysProt.exe zmfz3jf7.exe - Dr. Web Cure it Combofix Trend Micro - House Call (FYI, this program and Combofix, run from Safe Mode is what gave me the first toehold into clearing this issue, step by step). I still have to reboot and see if any files are created into the C:\documents and Settings\Username\Local Settings\temp folder, but I sense they will be clear. I will repost if anything shows up. I can attach all log files of the current state, if requested. Reisman
  3. Fred - New to this forum, but I too recently acquired Rootkit.ZeroAccess. I have done a lot to remove what I can, enough so that I have everything working ok now, but there is a hidden subdirectory in Windows: C:\Windows\$NTUnInstallKB9121$ - I was able to remove and kill some of what was in there, but there remains a LOADER.TLB file. The structure of this is as follows: $NTUninstallKB9121$ -2726526685 U loader.tlb -1234018788 Combofix shows this hidden subdirectory. A number of files get put into the Documents and Settings\username\local settings \temp subdirectory at bootup, which I immediately delete. All antirus progams including Malwarebytes are again on and running. So from a functional standpoint, I seem to be ok, but I am worried, and I feel that I need to do more. Even considering removing the harddrive and removing this subdirectory while booting from another computer with it setup only as a slave. When I tried to run Maxlook.exe from the Recovery Console, that never got all the way there, stating the file ASC.SY_ is corrupted. Maxhandle found NOTHING. When this first came up, it wanted on online scan, and I didn't do that - was not sure that was from you or was something corrupt, so I was hesitant to proceed. thanks for any help. Do you think we can get rid of this without a whole rebuild? Reisman
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.