« previous next »
Pages: [1]   Go Down

Author Topic: aswrvrt #200  (Read 2234 times)

0 Members and 1 Guest are viewing this topic.

PilzFarm

  • Guest
aswrvrt #200
« on: October 30, 2013, 08:16:24 PM »
My starting page changed to start.qone8.com. After getting rid of the malware and scanning with Avast my PC won't start anymore (like the other's). So i recovred my system, installed Avast again and scaned again without boot scan and got the same result, but this time even my recoverypoints aren't listed anymore. I got my USB Flaskdrive and FRST on it and ready to go.
Logged

Offline TwinHeadedEagle

  • Malware Removal Expert
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2987
    • Zemana
Re: aswrvrt #200
« Reply #1 on: October 30, 2013, 08:26:51 PM »
Ok, run FRST and post the log...
Logged
My help is free, however if you'd like to show your appreciation by leaving a donation, it will be much appreciated ------> DONATE

PilzFarm

  • Guest
Re: aswrvrt #200
« Reply #2 on: October 30, 2013, 08:40:51 PM »
This file has to many characters, even divided in half, so i just will attach it here.
Logged

Offline TwinHeadedEagle

  • Malware Removal Expert
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2987
    • Zemana
Re: aswrvrt #200
« Reply #3 on: October 30, 2013, 09:43:45 PM »
Open notepad.
  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
  • Copy/Paste the contents of the code box below into Notepad.
Code: [Select]
AppInit_DLLs-x32:   [ ] ()
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
C:\ProgramData\ShoppingChip
C:\ProgramData\a389560befed10f8
C:\Program Files (x86)\ShoppingChip
C:\Windows\assembly\temp
C:\Windows\assembly\temp\@
C:\Windows\assembly\temp\cfg.ini
C:\Windows\assembly\temp\U\00000001.@
C:\Windows\assembly\temp\U\00000002.@
C:\Windows\assembly\temp\U\00000004.@
C:\Windows\assembly\temp\U\000000c0.@
C:\Windows\assembly\temp\U\000000cb.@
C:\Windows\assembly\temp\U\000000cf.@
C:\Windows\assembly\temp\U\80000000.@
C:\Windows\assembly\temp\U\80000004.@
C:\Windows\assembly\temp\U\80000032.$
C:\Windows\assembly\temp\U\80000064.@
C:\Windows\assembly\temp\U\800000c0.@
C:\Windows\assembly\temp\U\800000cb.@
C:\Windows\assembly\temp\U\800000cf.@
C:\Windows\assembly\temp\L\00000004.@
C:\Windows\assembly\temp\L\201d3dde
C:\Windows\assembly\temp\L\76603ac3
C:\Users\Julian\AppData\Local\Temp
  • Save it to your USB flashdrive as fixlist.txt
>>  Boot into Recovery Environment


Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  •     Press the Fix button once and wait.
  •     FRST will process fixlist.txt
  •     When finished, it will produce a log fixlog.txt on your USB flashdrive.
>>  Exit out of Recovery Environment and post me the log please.
Logged
My help is free, however if you'd like to show your appreciation by leaving a donation, it will be much appreciated ------> DONATE

PilzFarm

  • Guest
Re: aswrvrt #200
« Reply #4 on: October 30, 2013, 09:48:42 PM »
Here we go:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2013
Ran by SYSTEM at 2013-10-30 21:47:16 Run:2
Running from H:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
AppInit_DLLs-x32:   [ ] ()
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
C:\ProgramData\ShoppingChip
C:\ProgramData\a389560befed10f8
C:\Program Files (x86)\ShoppingChip
C:\Windows\assembly\temp
C:\Windows\assembly\temp\@
C:\Windows\assembly\temp\cfg.ini
C:\Windows\assembly\temp\U\00000001.@
C:\Windows\assembly\temp\U\00000002.@
C:\Windows\assembly\temp\U\00000004.@
C:\Windows\assembly\temp\U\000000c0.@
C:\Windows\assembly\temp\U\000000cb.@
C:\Windows\assembly\temp\U\000000cf.@
C:\Windows\assembly\temp\U\80000000.@
C:\Windows\assembly\temp\U\80000004.@
C:\Windows\assembly\temp\U\80000032.$
C:\Windows\assembly\temp\U\80000064.@
C:\Windows\assembly\temp\U\800000c0.@
C:\Windows\assembly\temp\U\800000cb.@
C:\Windows\assembly\temp\U\800000cf.@
C:\Windows\assembly\temp\L\00000004.@
C:\Windows\assembly\temp\L\201d3dde
C:\Windows\assembly\temp\L\76603ac3
C:\Users\Julian\AppData\Local\Temp
*****************

HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKLM\System\ControlSet001\Control\Session Manager\SubSystems\\Windows => Value was restored successfully.
C:\ProgramData\ShoppingChip => Moved successfully.
C:\ProgramData\a389560befed10f8 => Moved successfully.
C:\Program Files (x86)\ShoppingChip => Moved successfully.
C:\Windows\assembly\temp => Moved successfully.
"C:\Windows\assembly\temp\@" => File/Directory not found.
"C:\Windows\assembly\temp\cfg.ini" => File/Directory not found.
"C:\Windows\assembly\temp\U\00000001.@" => File/Directory not found.
"C:\Windows\assembly\temp\U\00000002.@" => File/Directory not found.
"C:\Windows\assembly\temp\U\00000004.@" => File/Directory not found.
"C:\Windows\assembly\temp\U\000000c0.@" => File/Directory not found.
"C:\Windows\assembly\temp\U\000000cb.@" => File/Directory not found.
"C:\Windows\assembly\temp\U\000000cf.@" => File/Directory not found.
"C:\Windows\assembly\temp\U\80000000.@" => File/Directory not found.
"C:\Windows\assembly\temp\U\80000004.@" => File/Directory not found.
"C:\Windows\assembly\temp\U\80000032.$" => File/Directory not found.
"C:\Windows\assembly\temp\U\80000064.@" => File/Directory not found.
"C:\Windows\assembly\temp\U\800000c0.@" => File/Directory not found.
"C:\Windows\assembly\temp\U\800000cb.@" => File/Directory not found.
"C:\Windows\assembly\temp\U\800000cf.@" => File/Directory not found.
"C:\Windows\assembly\temp\L\00000004.@" => File/Directory not found.
"C:\Windows\assembly\temp\L\201d3dde" => File/Directory not found.
"C:\Windows\assembly\temp\L\76603ac3" => File/Directory not found.
C:\Users\Julian\AppData\Local\Temp => Moved successfully.

==== End of Fixlog ====
Logged

Offline TwinHeadedEagle

  • Malware Removal Expert
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2987
    • Zemana
Re: aswrvrt #200
« Reply #5 on: October 30, 2013, 09:53:49 PM »
Try to boot Windows now...
Logged
My help is free, however if you'd like to show your appreciation by leaving a donation, it will be much appreciated ------> DONATE

PilzFarm

  • Guest
Re: aswrvrt #200
« Reply #6 on: October 30, 2013, 09:56:43 PM »
Sweet mother mercy, it worked. Do i have to uninstall Avast now or did this log got me rid of the Malware ? What was the Problem ? The Malware confronting Avast ? Avast itself ?
Logged

Offline TwinHeadedEagle

  • Malware Removal Expert
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2987
    • Zemana
Re: aswrvrt #200
« Reply #7 on: October 30, 2013, 11:54:57 PM »
Your problem was the ZeroAccess virus :)

Now, re-run FRST and post me the fresh scan from Normal mode.



Download TDSSKiller  and save it to your desktop

  Execute TDSSKiller.exe by doubleclicking on it.
Confirm "End user Licence Agreement" and "KSN Statement" dialog box by clicking on Accept button.
  •   Press Start Scan
  •   If Suspicious object is detected, the default action will be Skip, click on Continue.
  •   If Malicious objects are found, select Cure.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.
Logged
My help is free, however if you'd like to show your appreciation by leaving a donation, it will be much appreciated ------> DONATE
Pages: [1]   Go Up
« previous next »