Zero Access Rootkit I think!

[Piper518]

To Whom it may concern,

I throw myself at your feet and beg for mercy!

I am on this computer by the grace of Vista 32 restore point. If I reboot the system wil take away my desktop, not install drivers, not start services. I can get to my desktop in safe mode however. I have scanned and scanned and nothing. But the symptoms correspond highly with zero access rootkit. a couple of days ago my printer gave me denied access error. i went to the folders (driver) and they directories had no permissions granted to them. I granted full acces to my admin accounr and speciial permissions to creator owner, system, Trusted installer, and network. That soled the problem, but it stuck in the back of my mind how they got that way. Either i inadvertly did it thru inherited permissions. But it was fixed and I was happy. chaulked it up to funky windows quirks. I am researching zero access removal now. hopefully I wont have to reboot or if it infects me after a restore only by a hard reboot.

Other information which may be relavant:

1 At the time I had downloaded Macrium Reflect free and was working on reating a clean boot dist for just such an emergancy. Wouldn't you know.

2 I aslo downloaded bittorent as the tutotial i was using suggested, to download the free macrium ISO torrent file. but I ended up using cnet. I am very leary of that torrent stuff, i think this occurance may be validating those fears.

3 I had just switched from:

windows firewall an security-adaware AV-Spybot

To:

Avast free-windows firewall

It would seemlikely to me that one or more of these may be connected.

Best regards,

Piper

[Robybel]

Hi and Welcome!! Piper518

My name is Robybel.

I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

• I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  
• The fixes are specific to your problem and should only be used for the issues on this machine.
  
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  
• It's often worth reading through these instructions and printing them for ease of reference.
  
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  
• Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable. (.exe) every time you run them

with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

Having said that....Let's get going!!

============================

FRST

Download the 32 bit or 64 bit version for your system of FRST and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
  
• Restart your computer.
  
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  
• Click Repair your computer.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

　

　

[Robybel]

Still need help?

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!