Aaflac

dp01011, ZeroAccess is raising havoc these days. Please download DDS Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications, usually via a right clicking on the System Tray icon. They may interfere with the running of this tool. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link Double click the dds icon to run the tool. When done, DDS will open two logs: DDS.txt Attach.txt (minimized, and on your taskbar) Save both reports to your Desktop. Please post the contents of both reports when you start a new topic in the HijackThis Forum. If you title your topic as follows, I will be glad to help you: ZA Rootkit, attn: aaflac Thanks!

Midnight Commander, can be used to copy, move, or rename files and directories that you need to keep, and can be run in Ubuntu. It is a lightweight command-line file manager, and not hard to use. May need to use Synaptic to get it.

They sure are!! The older we get, the faster they go....

We are deaking with RootKit malware. Please check your Private Messages, under New Messages, at the top of this page.

Let’s get a diagnostic that does not require any downloads and see if there is a rootkit involved… Please go to Start > Run, type in msconfig In msconfig go to the Boot.ini tab Check: /Bootlog Press: Apply and then: OK Restart the computer Now, search for and delete C:\Windows\ntbtlog.txt Restart the computer once again Begin tapping the F8 key on startup to enable the Advanced Start Menu Select: Enable Boot Logging from the list Once you are logged on, navigate to and open C:\Windows\ntbtlog.txt Please post the contents of C:\Windows\ntbtlog.txt

Let's do the following: Please make sure you temporarily disable real-time protection applications as they may interfere with running programs needed to eradicate infections. Check the list in How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs for any programs run. Next, download ComboFix Save to the Desktop <<< Important!! Now, close all open windows Double-click combofix.exe to run the program Follow the prompts. It is in your best interest to allow the download and install of the Recovery Console when prompted. When told that the RC is installed correctly, press YES to continue scanning for malware. ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall. CF may reboot the computer and resume running when it restarts. When finished, a log, ComboFix.txt, is produced. ~~~~Also, run Random's System Information Tool (RSIT) once again. ~~~~ Please provide the contents of the ComboFix report, and the new RSIT: Log.txt in your reply. You may need to do consecutive posts (one after the other) right in this thread, if the logs are too long.

If you are not having malware problems, you are good to go! Please do the following to wrap up: Go to Start then Run Type Combofix /u in the Open box, and click OK. (Notice the space before /u) This command uninstalls ComboFix, implements some cleanup procedures, and resets System Restore points to prevent re-infection from old Restore points. ~~~~ Also, do a search for and remove: Random's System Information Tool on the Desktop, and also the C:\RSIT folder ~~~~ Some suggestions and programs to remain malware free: How to Prevent Malware It is also a very good practice to perform an online virus scan on a regular basis. Scanners do not have identical malware definitions, and what one misses, another one can catch. Some of the scanners are: BitDefender Online Scanner ESET NOD32 Online Scanner F-Secure Online Scanner Panda ActiveScan TrendMicro HouseCall ~~~~ If you have any questions or comments, post back. Otherwise... Good luck, safe journey through the Internet!! Merry Christmas!!

Please run RSIT once again, and post a new log.txt Also, any improvement?

Let's try the following: Temporarily disable real-time protection applications as they may interfere with running programs needed to eradicate infections. Check the list in How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs for any programs run. Please download ComboFix Save to the Desktop <<< Important!! Now, close all open windows Double-click combofix.exe to run the program Follow the prompts.(Don't click on the window while the program is running, it may cause your system to stall.) CF may reboot the computer and resume running when it restarts. When finished, a log, ComboFix.txt, is produced. Please provide the contents of the ComboFix report in your reply.

True! There are 3 white ducks, and the rest are mallards. That could happen, but it has not. The ducks are in a private lake in a subdivision, and it is surrounded by homes. There is an association that monitors what goes on in the lake. I am the only one that feeds them every day. The white ducks will come up pretty close to me, but run like heck when they see someone else. In any case, the association has agreed that these ducks are not 'game'.

Here, we swim in a lake where we can't get shot down, we get fed shelled corn every day, wheat bread, every so often, etc. Don't know what we are getting into if we fly south...

I'm outa here!!!! That guy is my cousin!!

Before providing instructions, do you have two AntiVirus programs installed, AVG and Symantec, or, is Symantec a remnant? Only use one AV program. Using more than one leads to problems... However, for now, temporarily disable real-time protection programs as they may interfere with running some of the programs needed to eradicate infections. Check the list in How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs for any programs run. Next, download ComboFix Save to the Desktop <<< Important!! Now, close all open windows Double-click combofix.exe to run the program Follow the prompts.(Don't click on the window while the program is running, it may cause your system to stall.) CF may reboot the computer and resume running when it restarts. When finished, a log, ComboFix.txt, is produced. Please provide the contents of the ComboFix report in your reply.