Author Topic: Help deleting Rootkit.ZeroAccess  (Read 43665 times)

0 Members and 1 Guest are viewing this topic.

LaLuz

  • Guest
Help deleting Rootkit.ZeroAccess
« on: December 18, 2012, 11:26:53 PM »
Would you please assit me getting rid of Rootkit.ZeroAccess?

I'm new to Avast and would like to buy the pro-edition, but I need to get rid of this virus first.  I was trying to follow the steps to get the logs that you required but I encountered the following issues:

  OTL - it was running and then gave me an Access Violation 0052DFB7 error.  I then used the other link provided, and got the same result.  No logs were produced.

  Malwarebytes Anti-Malware won't install.  I get the following message: CoCreateInstance error code 0x8004FF01.
« Last Edit: December 19, 2012, 10:18:02 PM by LaLuz »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37478
  • Not a avast user
Re: Help deleting Rootkit.ZeroAccess
« Reply #1 on: December 18, 2012, 11:32:24 PM »
follow the guide here and attach the logs......not copy and paste
 http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR



when done the removal specialists will be notified and analyze your logs...


LaLuz

  • Guest
Re: Help deleting Rootkit.ZeroAccess
« Reply #2 on: December 19, 2012, 12:27:28 AM »
I've followed the directions on that link and I attached the only report that I was able to get.  Like I mentioned on my previous post, I'm having problems running OTL and Malwarebytes.  Here is the AswMBR.txt report.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help deleting Rootkit.ZeroAccess
« Reply #3 on: December 20, 2012, 03:50:34 PM »
Hi sorry for missing you

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks




  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

LaLuz

  • Guest
Re: Help deleting Rootkit.ZeroAccess
« Reply #4 on: December 20, 2012, 08:01:55 PM »
Here is the ComboFix report.  A screen came up saying that Rootkit.ZeroAccess was found, then another screen popped up with a code 2 error for Malwarebytes, and after that another screen said that the rootkit was detected and that the system needed to reboot the computer.  After it rebooted it run all 50 stages and then produced the report. 

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help deleting Rootkit.ZeroAccess
« Reply #5 on: December 20, 2012, 08:07:05 PM »
Could you now retry OTL please

Also how is the computer behaving ?

LaLuz

  • Guest
Re: Help deleting Rootkit.ZeroAccess
« Reply #6 on: December 20, 2012, 08:17:04 PM »
I got the same 'Access Violation' error 0052DFB7.  The computer seems to be getting worst.  The internet is getting slower and slower.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help deleting Rootkit.ZeroAccess
« Reply #7 on: December 20, 2012, 08:20:22 PM »
OK reboot to safe mode
Rename combofix to gotcha by right clicking and selecting rename
Then run the renamed combofix

LaLuz

  • Guest
Re: Help deleting Rootkit.ZeroAccess
« Reply #8 on: December 21, 2012, 12:08:13 AM »
Done, here is the new report.
« Last Edit: December 21, 2012, 12:10:01 AM by LaLuz »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help deleting Rootkit.ZeroAccess
« Reply #9 on: December 21, 2012, 09:50:15 PM »
How is the computer behaving now

Download and run farbar service scanner



Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

LaLuz

  • Guest
Re: Help deleting Rootkit.ZeroAccess
« Reply #10 on: December 21, 2012, 11:14:51 PM »
Here is the Farbar report.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help deleting Rootkit.ZeroAccess
« Reply #11 on: December 22, 2012, 11:59:56 AM »
How is the computer behaving now ?

Offline graham55

  • Newbie
  • *
  • Posts: 5
Re: Help deleting Rootkit.ZeroAccess
« Reply #12 on: December 22, 2012, 02:14:28 PM »
Hi there.
This week my PC caught the Ukash Ransom virus and I thoroughly recommend following this link to download software that removed the virus for me. Avast was no help at all, after it deleted the virus but my PC was still affected.

http://www.bleepingcomputer.com/virus-removal/remove-police-central-e-crime-unit-reveton-ransomware

It worked for me - no reason why it won't work for you.
Graham. Good luck!




Would you please assit me getting rid of Rootkit.ZeroAccess?

I'm new to Avast and would like to buy the pro-edition, but I need to get rid of this virus first.  I was trying to follow the steps to get the logs that you required but I encountered the following issues:

  OTL - it was running and then gave me an Access Violation 0052DFB7 error.  I then used the other link provided, and got the same result.  No logs were produced.

  Malwarebytes Anti-Malware won't install.  I get the following message: CoCreateInstance error code 0x8004FF01.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88791
  • No support PMs thanks
Re: Help deleting Rootkit.ZeroAccess
« Reply #13 on: December 22, 2012, 02:24:54 PM »
@ graham55

Essexboy is a qualified malware removal specialist and also a teacher (training other malware removal candidates) and a moderator at geekstogo.

Please refrain from offering advice on cleaning in the viruses and worms forum, that is left to the qualified malware removal specialists.

Not to mention your post appears to be completely unrelated.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help deleting Rootkit.ZeroAccess
« Reply #14 on: December 22, 2012, 02:31:43 PM »
Zero access and ransomeware are two different animals and what works for one will not work for the other