Infected with ?: Cookies constantly added / Zeroaccess malware

[imigital]

I have an instance of svchost running as USER

And Cookies are constantly being added in "Documents and Settings", with NO browser running (nothing visable)

[imigital]

I RESOLVED THIS ISSUE

After posting I found this post, "I'm infected - What do I do now?"

Link= http://forums.malwar...owtopic=9573

WISH I WOULD HAVE FOUND THIS FIRST

So In downloaded Malwarebytes Anti-Malware 1.65.0.1400 and ran.

mbam-Quick-scan found and cleaned

Trojan.0Access

Rootkit.0Access

"McAfee Stinger" had failed to completely clean these for me!

THANKS, mbam

imigital

[Maurice Naggar]

Backdoor trojan warning:ZeroAccess / Sirefef

This system has some serious backdoor trojans. ZeroAccess / Sirefef

This is a point where you need to decide about whether to make a clean start.

According to the information provided in logs, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.

You are strongly advised to do the following immediately.

1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.

* Take any other steps you think appropriate for an attempted identity theft.

You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh.

While one usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions.

Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojan

Danger: Remote Access Trojans http://www.microsoft...o/virusrat.mspx

Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html

When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

You cannot presume that all is good-to-go.

You must take measures noted above for identity theft, and to change all passwords on a clean pc.

You cannot assume this pc is 100% clean.

You must do follow ups.

Download DDS and save it to your desktop from http://download.bleepingcomputer.com/sUBs/dds.scr here

or http://download.bleepingcomputer.com/sUBs/dds.com or

http://www.infospyware.net/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

Then double click dds.scr to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

• When done, DDS will open two (2) logs:
• DDS.txt
• Attach.txt
• Save both reports to your desktop.

Please Copy & Paste contents of the following logs in your next reply:

DDS.txt

Attach.txt

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the resulting MBAM scan log.