Reisman
-
Posts
3 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Reisman
-
-
Additional Information to update this. I am getting there. From reviewing another post you had on this subject, I downloaded and ran Maxhandle and Maxlook. Maxhandle found nothing. I never felt that Maxlook did everything it was supposed to, since I kept getting errors in files in the c:\cmdcons folder. However, it seemed to clear things enough, following my manually exchanging a few of the files inside it with current ones from the XP Professional SP3 installation disk I had made. When I ran Combofix a few times after this, it cleared that subdirectory into the Catchme.log area of Combofix's quarantine area. I reran it several times and it found nothing. That subdirectory has not returned. Everything again appears to be functioning well. I have also rerun the following programs and all give me completely clear log files - no viruses and no hidden files or hidden operations:
Rootkitbuster.exe
HitmanPro3.exe
Malwarebytes
Superantispyware
Spybot
Avast Antivirus
aswMBR.exe
GMER - hq8brqz6.exe
sysProt.exe
zmfz3jf7.exe - Dr. Web Cure it
Combofix
Trend Micro - House Call (FYI, this program and Combofix, run from Safe Mode is what gave me the first toehold into clearing this issue, step by step).
I still have to reboot and see if any files are created into the C:\documents and Settings\Username\Local Settings\temp folder, but I sense they will be clear. I will repost if anything shows up.
I can attach all log files of the current state, if requested.
Reisman
-
Fred - New to this forum, but I too recently acquired Rootkit.ZeroAccess. I have done a lot to remove what I can, enough so that I have everything working ok now, but there is a hidden subdirectory in Windows: C:\Windows\$NTUnInstallKB9121$ - I was able to remove and kill some of what was in there, but there remains a LOADER.TLB file. The structure of this is as follows:
$NTUninstallKB9121$
-2726526685
U
loader.tlb
-1234018788
Combofix shows this hidden subdirectory. A number of files get put into the Documents and Settings\username\local settings \temp subdirectory at bootup, which I immediately delete. All antirus progams including Malwarebytes are again on and running. So from a functional standpoint, I seem to be ok, but I am worried, and I feel that I need to do more. Even considering removing the harddrive and removing this subdirectory while booting from another computer with it setup only as a slave.
When I tried to run Maxlook.exe from the Recovery Console, that never got all the way there, stating the file ASC.SY_ is corrupted.
Maxhandle found NOTHING.
When this first came up, it wanted on online scan, and I didn't do that - was not sure that was from you or was something corrupt, so I was hesitant to proceed.
thanks for any help. Do you think we can get rid of this without a whole rebuild?
Reisman
Reisman
in Resolved Malware Removal Logs
Posted
When I rebooted (or any reboot for that matter), approx 30 files are created into the C:\documents and Settings\Username\Local Settings\temp folder, most of which are languages for the filename, and .BIN for the extension, like English.bin, Spanish.bin, Russian.bin - etc.
I can attach all log files of the current state, if requested.
I wish one of you experts would answer me and help me. If I am not doing something correct in the posting, please advise.
PLEASE HELP ME.
Thanks
Reisman
ComboFix.txt
aswMBR.txt
GMER.log
mbam-log-2011-07-24 (03-34-37).txt
Rootkit buster.txt
sarscan.log
TDSSKiller.2.5.11.0_23.07.2011_18.03.37_log.txt