Avast WEBforum
Other => Viruses and worms => Topic started by: Cabelski on August 29, 2013, 11:41:07 PM
-
My Symantec AntiVirus keeps detecting the same risks, a 80000000.@ (Trojan.Zeroaccess.C) and a 800000cb.@ (Trojan.Gen.2). It says they are taken care of by either deletion or quarantine but then shortly after they show up again.
Hopefully i have all of the logs necessary.
Thank you in advance :)
-
is seems you have a ZeroAccess rootkit ..... and lots of crap files
also attach Malwarebytes log
-
Here is the MalwareBytes Log
-
it say no action taken
update malwarebytes, run quick scan .... click remove selected button
malware removers are notified, guess they are all in bed now so check back tomorrow
-
i see you have Symantec endpoint installed...
is this a company computer?
-
hello
where does symantec detect that ?
-
Pondus - No this is my pc, a friend gave me it when i made my computer
g3n-h@ckm@n - This is where it is saying they are.
C:\Program Files (x86)\Google\Desktop\Install\{d6771622-707b-5ba2-3af6-1d942653f906}\ \...\???\{d6771622-707b-5ba2-3af6-1d942653f906}\U\
-
ok. g3n-h@ckm@n will assist you
night night. ;)
-
ok let's kill Zeroaccess ^^
Attention!!!: Only these links are officials do not download the tool on other links!!
Attention!!!: this tool can be detected wrongly as virus
Attention!!!: this tool is powerful to follow scrupulously the instructions below
All the processes " not vital of Windows " are going to be cut, register(record) your work. There will be an extinction of the office(desk) during the scan - > no panic.
Deactivate all your protections if possible, antivirus, sandbox, firewalls
Download and register(record) Pre_Scan on your office(desk):
http://Http://services.service-webmaster.fr/cpt-clics/clics-30453-6820.html (renamed(reappointed) winlogon)
Or, if the link is not functional:
http://Http://www.archive-host.com/files/1731274/ecd939269bcc7cdfed2d2e726c22709a32db3067/winlogon.exe (Renamed(reappointed) winlogon)
http://Http://www.security-helpzone.com/Tools/g3n/winlogon.exe (renamed(reappointed) winlogon)
If the tool is boosted(relaunched) several times, he will propose you a menu and if no option is asked, launch the option " Scan|Kill "
If the tool is blocked(surrounded) by the infection use this version with these other extensions:
http://Http://www.security-helpzone.com/Tools/g3n/Pre_Scan.scr
http://Http://www.security-helpzone.com/Tools/g3n/Pre_Scan.pif
http://Http://www.security-helpzone.com/Tools/g3n/Pre_Scan.com
If the tool detects a proxy and if you did not install(settle) click " to delete(eliminate) the proxy "
It is possible that black windows flash, let it work.
The tool is going to send on a server the viruses which it quarantined so that I can study these more in-depth infections.
Let the tool restart your computer.
Post Pre_Scan_date_hour.txt which appear in the root of your record(disk) system (generally C:\)
DO NOT POST IT ON THE FORUM!!! it is too long
Accommodate the report on http://cjoint.com (or here) then give the link obtained
-
The links to download Pre_Scan are all saying the webpages are unavailable
-
and there ?
http://cjoint.com/?CHEbQbTyxd6
you'll have to unzip
-
hello , you're lost ? ^^