Infected with win32:zaccess-jc[trj] and more

[bemore]

and here is the Attached BlitzBlank report

[bemore]

also just now after I clicked on "post" for my last entry here for the log report...A different avast window poped up telling me that an un identified program was trying to access my pc.
it was the same c:\windows\system32\services.exe
It asked me what to do and I clicked on send to chest
FYI....I started Avast back up within minutes of CF restarting my comp and it was done preparing Log report and before I went online to post

[magna86]

Combofix has failed to disinfect services.exe. For that reason, you still geting avast warning...
We will use CFScript to finish what Combofix has failed

Step#1 

> I need to you delete current copy of Combofix and download new, fresh one.

> Disable your Antivirus ( as instructed before ).

> Open notepad and copy/paste the text present inside the code box below:

Code: [Select]


DirLook::
c:\users\Bobby\AppData\Roaming\84D87494

KillAll::

ClearJavaCache::

FCopy::
c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe|c:\windows\system32\services.exe

DDS::
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com



Save this as CFScript.txt



Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )

*******************

Step#2 

Please download aswMBR and save it to your desktop.

Double click aswMBR.exe to start the tool. Select Yes if prompted to download the Avast database.

• Click Scan
   
• Upon completion of the scan ( Scan finished successfully ) click Save log and save it to your desktop, and post that log in your next reply for review.
  Note: do NOT attempt any Fix yet.
  

[bemore]

Thank you Magna86 for all of your help with this...I have decided to do a fresh install of windows. I simply have run out of time.. I am leaving for a couple of weeks for work and my son and daughter both are going to need to use my PC for school... and since I really dont have anything on my pc that isnt backed up I figured this would be the best thing to do.
I have removed the PC from the internet and deleted a ton of files freeing up disk space, I am now in the process of defraging  and then will use CCleaner to wipe the free space. Then re-install...
However...
 I am still considering just partitioning the drive and installing WinVista 32 bit on the new partition then wiping the current 64 bit portion of the drive. I own a Full Retail version of Vista ultimate (non OEM).
I feel that this would insure that any remnants of infection would be cleared???
Thoughts??

Once again thank you for your help.

[magna86]

Hi,

Thank you Magna86 for all of your help with this...I have decided to do a fresh install of windows. I simply have run out of time...
...
... I feel that this would insure that any remnants of infection would be cleared???
Thoughts??

My opinion is that you should hold it a little more and I would have removed every possible trace of infection.
Above CFScript that I wrote was written just for your machine and your rootkit versions. It would eliminate malware.

I am also of the opinion that the re-installation of Windows, sometimes is the best solution.

Though the malware has been identified and can be killed, due to its rootkit & backdoor functionality...many experts in the security community believe that once infected with this type of malware, the best course of action would be to do a reformat and reinstallation of the operating system (OS), but this action is not necessarily.

I am still considering just partitioning the drive and installing WinVista 32 bit on the new partition then wiping the current 64 bit portion of the drive.
 I own a Full Retail version of Vista ultimate (non OEM).

Why to install 32-bit (x86) Windows when you can install the x64bit version?
You have 4.00 Gb of Ram. x32bit Windows sees only 3.25Gb of ram ( in very rare cases 3.70GB )

Once again thank you for your help.

Hey, no problem