Jump to content

Change Mode

Zeroaccess? What A Pain


dp01011

Recommended Posts

After rebooting my McAfee av gave me a POP up saying a Trojan had been detected (generic backdoor!dly) reboot to fix the problem. I did and the same pop-up occurred. I checked status of pc under McAfee and firewall was off. Tried to turn on and it instantly turned back off.

 

Ran full scan with McAfee and it did not find anything. Check of the log said that it quarantined the generic backdoor. Reboot and again with the pop-up. Now McAfee status says real time scan is off. I try to turn on and same problem as firewall.

 

Tried malware bites and it found nothing. Tried aswmbr and it did not find anything except unknown mbr. Research suggests this is just related to HP recovery partition approach.

 

Removed McAfee and installed avast. It is running now. 36% and has 1 infected files found so far. (just finished found c:\HP\bin\endprocess.exe)

 

Note that under c: Windows\temp there are two tlb files that have creation dates just about the exact time pc started acting up. I try to delete no good. I renamed and new instances created on reboot. Files are

 

E9c1e0ac-c9b2-4c85-94de-9c1518918d02 and e.............d12.

 

Note. Had postgres installed and my cpu usage was 100%-60% after possible infection. Removed postgres after noticing stopping the process reduced cpu usage to about normal.

 

Any assistance hugely appreciated. Doing this from phone because concerned to go online with infected pc

Link to comment
Share on other sites

dp01011,

 

ZeroAccess is raising havoc these days.

 

Please download DDS

 

Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications, usually via a right clicking on the System Tray icon. They may interfere with the running of this tool.

 

Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link

 

Double click the dds icon to run the tool.

When done, DDS will open two logs:

DDS.txt

Attach.txt (minimized, and on your taskbar)

 

Save both reports to your Desktop.

 

 

Please post the contents of both reports when you start a new topic in the HijackThis Forum.

 

If you title your topic as follows, I will be glad to help you:

ZA Rootkit, attn: aaflac

 

Thanks!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...