Jump to content

Change Mode

Disabled Antivirus, Hjt, Combofix, Mbam....


adam7979
 Share

Recommended Posts

Accidentally downloaded an exe file then after double clicking on it, the file disappeared. Antivirus got disabled after rebooting the machine. Ad-aware, hijackthis, combofix, malwarebyte all of them got disabled the moment i tried to run them. The malware removed user permission from the particular exe file, thus making the next double click on the exe file impossible with error message "windows cannot access the specified device, path, or file".

 

Combofix, particularly, got disabled in the middle of extraction process.

 

Any idea?

 

thanks.

 

Adam

 

 

 

edit: all right, saw something very similiar here: http://forums.pcpitstop.com/index.php?/topic/196439-39342301981231650837exe-cant-stop/

 

i'd love to follow up on that post and come back with any additional steps as advised in that post.

Edited by adam7979
Link to comment
Share on other sites

problem solved after following aaflac's advice. #15 and #18 seems to get rid of my problem (ads spy, then antizerozccess, reboot, followed by tdskiller)

 

10:07:45 - CheckSystem - Warning! Disk class driver is INFECTED.

10:07:48 - CheckFile - Warning! File "netbt.sys" is Infected by ZeroAccess Rootkit.

10:07:49 - CheckFile - Unable to read "sptd.sys" file. CreateFile last eror: 0x00000020.

 

netbt.sys was cleaned after that.

 

kinda happy now coz hijackthis could be run again, i'm i the process to restore my antivirus (eset nod32), and mbam is running happily now.

 

 

thanks aaflac.

 

 

Please close/delete this post.

Link to comment
Share on other sites

adam7979,

 

Glad that your system is doing better.

 

I deleted your post in Hizzle G's topic:

 

sorry for hijacking, but would just like to share with you guys that my win7 was infected. a <random>:<number>.exe like hizzle. Symptom so far:

 

1) booting into safe mode and the only thing appear on my screen is "not supported frequency, please set resolution to 1280x768" bla bla bla

2) http://forums.pcpits...-combofix-mbam/ as described here, disabled antivirus, terminated mbam, hijackthis, combofix ...

3) changed file permission (have to add them back manually...)

 

#15 and #18 seems to get rid of my problem (ads spy, then antizerozccess, reboot, followed by tdskiller)

 

10:07:45 - CheckSystem - Warning! Disk class driver is INFECTED.

10:07:48 - CheckFile - Warning! File "netbt.sys" is Infected by ZeroAccess Rootkit.

10:07:49 - CheckFile - Unable to read "sptd.sys" file. CreateFile last eror: 0x00000020.

 

netbt.sys was cleaned after that.

 

kinda happy now coz hijackthis could be run again, i'm i the process to restore my antivirus (eset nod32), and mbam is running happily now.

 

thanks again aaflac.

 

However, the ZeroAccess infection is a treacherous mechanism, every system has different characteristics, and you need to make sure there are no remnants that will bring it back.

 

Would appreciate your obtaining a DDS report, and starting your own topic in the HijackThis Logs forum.

 

Please title the topic as follows: ZeroAccess check-up, attn: Aaflac

Will be glad to check your report there.

 

DDS:

 

Please download from here:

http://www.bleepingcomputer.com/download/anti-virus/dds

 

Click on the Download Now button

 

Save DDS.scr to the Desktop

 

Windows XP users - Double-click on the DDS icon to start the tool.

Vista/Seven users - Right-click and select: Run as Administrator

 

When done, DDS opens two logs:

DDS.txt, and Attach.txt

 

Save both reports to the Desktop.

 

Please post both reports in your reply at the HijackThis Logs forum:

http://forums.pcpitstop.com/index.php?/forum/25-hijackthis-logs/

 

Thanks!!

Edited by Aaflac
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...