Jump to content

Recommended Posts

I was asked to take a look at a Dell Optiplex 330 running Vista Business SP2 because it had picked up the ZeroAccess rootkit/trojan. The PC was running McAfee Security as a Service, but the subscription was no longer up to date. I have run MBAM several times, sometimes detecting the infection, sometimes not. McAfee was not removing the infection, only detecting/blocking it, so I removed McAfee and replaced with Microsoft Security Essentials so it would, at the least, remain updated. Running a full scan overnight detected the infection again. I tried removing and rebooting, but then the PC began to act strangely. For starters, when I rebooted, every icon from the desktop (not just fixes against the infection) vanished, only to return about 1 full hour into a complete MBAM scan. Durring the scan, I noticed Internet Explorer starting to redirect me for the first time to some fake "AVG" search site. MBAM's full scan found a PUP, but identified Kaspersky's TDSS Killer as the culprit. I downloaded it from CNET and assumed it to be the genuine article, but who knows.

My quick scans from Security Essentials are coming up clean now, but I am not sure if I can trust it. I have attached both the DDS and Attach logs. Any further info or instructions to check if this thing is clean or not would be greatly appreciated. It never seems this easy to get rid of a rootkit, so I am suspicious that it is still lying in waiting.

Thanks,

jt83

DDS_Attach.zip

Share this post


Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.