Jump to content

Rootki.Zeroaccess now Exploit.Drop.2 viruses


Recommended Posts

Hello all,

early in the summer I got a rootkit.zeroaccess virus, which was detected by Malwarebytes. It would usually be accompanied by a backdoor.bot. The computer was so messed up with browser redirects, it was effectively useless. Well I followed online guides on how to treat it, I ran Combofix, and cleared the temporary directory and that cleared the browser redirect problem, but Malwarebyte scans always found svchost.exe virus. The computer seemed to be working fine, so I kept on using it, just scanning regularly. Last week I tried to delete the svchost.exe process that was taking up the greatest processor memory as identified in the task manager (I read somewhere the system was configured in such a way that only an unnecessary svchost could be deleted), and the computer bluescreen bombed out. Rootkit was gone, but there was a new one called Exploit.Drop.2. Earlier this week, the computer completely bombed out, and wouldn't stay on for more then a few minutes at a time.

I thought maybe one of the ram cards was fried, but after testing for that, they're both OK. I tried to take advantage of that free Backify 512gb online storage to backup, thinking the computer was Fuhked and would require a complete hard drive wipe & OS reinstall, but that just made the computer bomb out even more.

Through great pains (the computer kept turning itself off, and I had to restart constantly), I was able to extract all my important files - documents, pictures, and music to an external drive.

I would much rather preserve the computer as it is, rather than having to set it all up again, so I followed the advice at this thread here:

http://forums.malwarebytes.org/index.php?showtopic=88174

I was able to get the TDSSKiller in and run it. It found some nasty looking virus and said it was quarantined.

Then I downloaded Combofix.exe and tried to run that again. It gets through that first bootup screen, and then the computer shuts off before it can get to the actual scanning.

I just ran a disk defragmenter, which found more than 8,000 fragments, and have Malwarebytes full system scan running right now. We'll see what happens. But the fact that I can't get Combofix to run is troubling.

One more thing, the computer runs better outside where the temperature is cooler.

I've already tried to find the hidden partition on my Gateway Laptop, but all F11 does is make a beeping sound. I'll probably zip drive a WIndows 7 startup disc on Monday after I get my 8gb stick.

Any recommendations or advice would be greatly appreciated.

Thanks in advance for all replies.

Link to post
Share on other sites

:welcome:

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You do not need to download TDSSKiller again but follow the directions on running it.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.