Jump to content

Search the Community

Showing results for tags 'ZeroAccess'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 25 results

  1. Hi M Community - I put an old desktop I had not used for some time thru a complete scrub. Clean, cept 2 issues which I cannot explain: 1xJava Exploit (2010-0840): Unexpected. Unit had been Java updated regularly. Updated to Version 5.20 (vulnerability patched) back in April 2010. Can java exploits download onto a computer with updated/patched system? Is a java exploit on a patched system harmless? Hitmanpro found inactive remnants of Zeroaccess (registry keys). I once removed a Ukash infection using system restore + AV/MBAM but that was the only active infection I previously found
  2. I have a possible infection and would appreciate someone looking into this. My computer has very sluggish behavior and seems to take forever to do anything, even when nothing is running. I continually get error messages from Norton on high memory usage by Com Surrogates (Syswow 64) and I also have been getting notices from MalwareBytes on malicious websites being blocked (example attached.) I ran the Farbar recovery scan tool and found the following notation: ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verificati
  3. I am trying to run MWB on my sister's computer that is infected with cryptowall virus. I tried to follow the instructions but malwarebytes will not run. I tried to install a new malwarebytes but keep getting some errors. Please see the FST and addition texts below: I am unable to copy and paste into this message - I can copy but paste or ctrlP will not work. FRST.txt Addition.txt Rkill.txt
  4. Hi, I have a ZeroAccess infection. I have done all the steps mentioned below, but I still think that it is there. Could anybody help please. John Paul S. ------------------------------------------------------------- #################################################################################################### ### Removing viral infection ### #################################################################################################### ======================================================================
  5. I just did a clean install of Windows 7 from the recovery partition on my laptop and immediately started having problems. I've run several scans with MalwareBytes and have received various results labeled either "rootkit.0access" or "trojan.zaccess". The infection is not removed on restart; I always come back with at least a couple of "trojan.zaccess" results. I see that there have been several threads on this particular problem recently and I will do my best to include all of the commonly requested logs here. dds.txt attach.txt RKreport0_S_08292013_224349.txt FRST.txt Addition.txt Thanks
  6. Hello. I have a HP AMD Athlon 64 proc...running MS Windows Vista Ultimate (32Bit) w/SP2. A few days ago Xfinity had allerted me that a "bot" was on my computer through a program called Constant Guard. Since then my computer has had a mind of its own. Several times its sprouted legs and walked away from me, lol. I downloaded Norton and had found: Trojan.Backdoor.Generic16.klk Trojan.Backdoor.Zeroacces Trojan.Backdoor.Generic2.C I remembering these out of my head, however I do believe those are what was found and Quarentined/Removed. Before removal it had rendered my Security Essentials complete
  7. Hello. I have a HP AMD Athlon 64 proc...running MS Windows Vista Ultimate (32Bit) w/SP2. A few days ago Xfinity had allerted me that a "bot" was on my computer through a program called Constant Guard. Since then my computer has had a mind of its own. Several times its sprouted legs and walked away from me, lol. I downloaded Norton and had found: Trojan.Backdoor.Generic16.klk (twice) Trojan.Backdoor.Zeroacces Trojan.Backdoor.Generic2.C I remembering these out of my head, however I do believe those are what was found and Quarentined/Removed. Before removal it had rendered my Security Essentials
  8. @jeffce; was responding to my topic but now the topic disappeared. attached are the dds.txt and attach.txt from dds.scr and also aswMBR.txt from aswMBR.exe aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-11-01 16:59:36 ----------------------------- 16:59:36.194 OS Version: Windows x64 6.1.7601 Service Pack 1 16:59:36.194 Number of processors: 2 586 0x403 16:59:36.194 ComputerName: AS-PC UserName: AS 16:59:37.333 Initialize success 16:59:45.024 AVAST engine defs: 12110100 16:59:47.705 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c 16:59:47.
  9. Alright so here is my situation as it stands at this time. Caught zeroaccess over the weekend, though didn't know it at the time. Realized it on Sunday evening and been fighting it since. I typically run Malwarebytes, AVG and CCleaner. This combination has kept me clean for several years running now. When I started fighting this thing I ran all three. I have found that AVG sees it but cannot clean it. Malwarebytes thought it cleaned it but now does not see it, and the same with CCleaner. It has gotten to the point now where it has shut down access to the internet for everything but IE
  10. Below are my malwarebytes pro, dds, attach, and roguekiller logs Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Database version: v2012.09.06.06 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 John Nicholas :: JOHNNICHOLAS [administrator] Protection: Enabled 9/6/2012 7:12:12 AM mbam-log-2012-09-06 (08-16-18).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 399135 Time elapsed: 1 hour(s), 59 second(s) Memory Processes Detected: 0 (
  11. Hi, my computer is affected by Zeroacess for the past couple of days. I have Mcafee antivirus installed in my machine. For every 10 sec, I am getting McAfee pop stating that it has deleted trojans related to zeroacess. Can you please help me to remove the trojan completely from my laptop. I have also some of the threads in this forum and I have tried running Roguerkiller in my laptop. I herewith attached the copy of the log file generted by RogueKiller. Please help me to get rid of this. RKreport1.txt
  12. Hi, I've been trying to find help with this. I need to use my computer for some work for some non-profits this weekend. I have Norton and have ran Malware Bytes Anti Malware. I've run the Norton Power Eraser and ZeroAcess fix and it's still there. I have multiple infected files and viruses. Zeroaccess2, Zeroaccess3, Zeroaccess, Trojan.gen.2 with desktop.ini Any assistance would be very appreciate. Thanks! Attach.txt DDS.txt
  13. I started receiving messages that McAfee had removed a trojan and no further action was needed, it did this several times and then it said my pc was at risk. The firewall is turned off and will not let me turn back on. I used the McAfee virtual assistant which recognized a problem but couldnt fix. When I turned to them for support they would be glad to for 89.99. When I searched in their forums the first thing it said to do was turn off system restore, so needless to say I did and tried using my Windows disc to repair and that did not help. I downloaded the Malwarebytes anti-malware. it discov
  14. I suspected I had some kind of virus last night after a wierd slow-down on the web. I ran a full scan and nothing was found, however after the scan messages from my antivirus keep popping up saying that a trojan has been removed. They pop up every 5-10 seconds and have not stopped for about 12 hours now. The popup claims the trojan to be a zeroaccess trojan located in C://$Recycle.Bin\ and then there is just a nonsensical alphanumeric file name. I ran MBAM and it said that there were 3 files removed however after a restart the popup persisted. I have McAfee antivirus and 64-bit Windows 7. The
  15. I am working on a friend's system (Windows 7 Home Premium 64) that has Norton Antivirus on it, and the other day he downloaded an "Adobe Update" that turned out to not be an Adobe Update. I ran Malwarebytes and it identified three issues: c:\Windows\Installer\{d3ed6ce9-2bc9-d767-2346-e38c72483d20}\U\00000008. c:\Windows\Installer\{d3ed6ce9-2bc9-d767-2346-e38c72483d20}\U\000000cb. c:\Windows\Installer\{d3ed6ce9-2bc9-d767-2346-e38c72483d20}\U\80000032. I finally managed to delete those from a Command Prompt window. Now, Malwarebytes is showing that the system is clean, but Norton is showing that
  16. Hello Malwarebytes community! A friend came to me the other day, she is a co-worker and simply stated that her computer was acting strange. After looking it over, her Symantic Endpoint Protection virus protection kept popping up saying it has detected Trojan.ZeroAccess (and sometimes Trojan.ZeroAccess.C) rootkit and has deleted it. However after a few minutes it comes back up with the same message. By the way, she is running Windows 7 PRO SP1. I have tried multiple virus removals to no avail. MBAM, SuperAntiSpyware, and Kaspersky. With Kaspersky it said that system32\services.exe was infected,
  17. McAfee firewall began turning on and off and alerted to a trojan - zeroaccess. Followed the "I'm infected thread" Ran Defogger as Admin but it did not follow through to re-boot and this is the text file. Malware results attached. Ran DDS and text attached as well as attach zip. GMER ran as Admin and failed in 3 attempts. Program received an error and stopped working. Results of Defogger: Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database ver
  18. Hello, I'm working on a friend's PC, which was having problems with IE9 links redirecting to shopping/ad sites, ads playing on the speakers (only) without open windows, and with Avira warning messages of various viruses popping (like HTML/IFrame.aeu, TR/ATRAPS.Gen2, W32/Patched.UB, and more). I performed System Restore on it, then ran a full scan with Avira, MWB, and ESET online scanner - which came up as clean, but seem to have only taken care of secondary/tertiary infections (?), some odd problems remained and the old ones popped back up after a few hours of testing. In working on it and inv
  19. I know I posted a topic on this before, and I'm terribly sorry, I completely forgot about it. I have Farbar downloaded onto my jumpdrive, plugged it into the infected machine, accessed BIOS Settings, started Repair, Windows is still loading files... I promise to stay into this, this time.. Will have the logs soon!
  20. Hello I'm hoping someone may be able to help me. Several nights ago I received notification via Norton Anti-Virus that several threats were detected and had been blocked. Since Norton said they were blocked, I thought everything was okay until I ran MBAM and received the following results: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.20.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 ******** :: ********-HP [administrator] 7/19/2012 11:33:47 PM mbam-log-2012-07-19 (23-33-47).txt Scan type: Full scan (C:\|D:\|E:\|G:\|Q:\|) Scan opt
  21. Hello, Having the same problem as this thread: http://forums.malwarebytes.org/index.php?showtopic=112607
  22. I was asked to take a look at a Dell Optiplex 330 running Vista Business SP2 because it had picked up the ZeroAccess rootkit/trojan. The PC was running McAfee Security as a Service, but the subscription was no longer up to date. I have run MBAM several times, sometimes detecting the infection, sometimes not. McAfee was not removing the infection, only detecting/blocking it, so I removed McAfee and replaced with Microsoft Security Essentials so it would, at the least, remain updated. Running a full scan overnight detected the infection again. I tried removing and rebooting, but then the PC
  23. Merged two post We look for post with 0 replies, so when you replied to your own topic, we assume you were being helped. Do Not bump your topic. I have a user who is still suffering from Google redirects. MWB comes up clean, Trend Micro WFB reports no infections, SAS comes up clean, TDSS Killer comes up clean, MBR Check came up clean, et cetera, et cetera. HitmanPro intially reported some ZeroAccess stuff which it allegedly removed. Combofix does not delete any files. Yes, I know I'm not supposed to run Combofix without being asked to. Hopefully you all will anoint me for my sins. I just need
  24. I ran DDS but it just runs and runs... I've been fighting it since Friday! I have attached logs from OTL, High Jack This, and a few other tools that I have run. Combofix is the only program that reports that I have ZeroAccess and that it has infected the TCP/IP stack, but iCombofix just runs but never runs any steps. I appreciate the help! Robert AntiZeroAccess_Log.txt AntiZeroAccess_Log.txt dberr.txt Extras.Txt hijackthis.log OTL.Txt SCHEDLGU.TXT
  25. So ComboFix tells me I have Rootkit.ZeroAccess, and further research tells me that this may not be good. In 15 years of working with computers professionally, this is the worst one I've seen, although part of that may be of my own doing. First off, I know I'm supposed to have logs from DDS. Wish it were that easy. DDS hangs both in normal (tested 10 mins) and safe mode (tested 30 mins). This is the same as ComboFix, which I tested up to an hour and a half in safe mode where it hangs right after alerting me to the Rootkit. (This symptom continues even after everything below.) As a result of
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.