Author Topic: Help deleting Rootkit.ZeroAccess  (Read 43980 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help deleting Rootkit.ZeroAccess
« Reply #60 on: January 07, 2013, 11:15:53 PM »
OK the CD is not formatting correctly.  Possibly a faulty disc  can you go to the USB option ?

LaLuz

  • Guest
Re: Help deleting Rootkit.ZeroAccess
« Reply #61 on: January 07, 2013, 11:42:16 PM »
right after I clicked on 'decline' the next page asked for 'standard or custom installation', I selected standard, then it came to a page asking for some file associations (please see attachment), I didn't change anything, I just clicked next and I got this message:
 
  runtime error (at 115:419):
  CoCreateInstance failed; code 0x80040154
  class not registered
« Last Edit: January 08, 2013, 12:54:41 AM by LaLuz »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help deleting Rootkit.ZeroAccess
« Reply #62 on: January 08, 2013, 04:14:41 PM »
Could you download and install the visual basic from MS please http://www.microsoft.com/en-us/download/details.aspx?id=5555

LaLuz

  • Guest
Re: Help deleting Rootkit.ZeroAccess
« Reply #63 on: January 08, 2013, 08:46:51 PM »
Done.   I tried Peazip again and got the same error.  I believe that's the same error message I get when downloading MBam :(
« Last Edit: January 08, 2013, 08:54:57 PM by LaLuz »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help deleting Rootkit.ZeroAccess
« Reply #64 on: January 08, 2013, 09:19:24 PM »
We are looking at a C++ problem here.  Could you go to windows updates please and see if there are any updates there for it
 

LaLuz

  • Guest
Re: Help deleting Rootkit.ZeroAccess
« Reply #65 on: January 08, 2013, 09:24:25 PM »
on that link that you gave me, was I suppose to select any of the additional downloads?  the choices were:

Microsoft .NET Framework 4 Client Profile (Web Installer)
Kinect for Windows SDK v1.0
Microsoft Visual C++ 2010 Redistributable Package (x64)

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help deleting Rootkit.ZeroAccess
« Reply #66 on: January 08, 2013, 09:34:48 PM »
No although thinking about it maybe the older version of C++ http://www.microsoft.com/en-us/download/details.aspx?id=5582

LaLuz

  • Guest
Re: Help deleting Rootkit.ZeroAccess
« Reply #67 on: January 08, 2013, 09:44:13 PM »
after downloading that, I tried Peazip and got the same result  :'(

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help deleting Rootkit.ZeroAccess
« Reply #68 on: January 08, 2013, 09:51:58 PM »
Do you have the windows CD ? as I would like to run a system file check

LaLuz

  • Guest
Re: Help deleting Rootkit.ZeroAccess
« Reply #69 on: January 08, 2013, 09:55:03 PM »
I don't  :'(

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help deleting Rootkit.ZeroAccess
« Reply #70 on: January 08, 2013, 09:57:28 PM »
OK no problem..  We will try a small repair tool first

 Download  Windows Repair (all in one)  from this site

Select the portable version (Portable (3.14 MB))





On the start repairs tab click start


Select the following  items and tick restart system when finished


LaLuz

  • Guest
Re: Help deleting Rootkit.ZeroAccess
« Reply #71 on: January 08, 2013, 10:52:12 PM »
While the program was running system kept saying that it was unable to do something, so then I noticed the red letters warning me to dissable the antivirus.  I stopped the program, dissabled Avast, when I tried to re-star it gave me an error message.  I then quit the program, when I tried to launch it again it said 'invalid icon'.
I deleted the folder containing that program, then attempted to unzip it again but it said that the file is corrupted.  I couldn't log on to the internet, so I rebooted and here I am.  Please give me a few minutes as I am going to redo the whole enchilada.  Thank you

LaLuz

  • Guest
Re: Help deleting Rootkit.ZeroAccess
« Reply #72 on: January 08, 2013, 11:44:11 PM »
Ok that did it!  I'm not sure if you need to see the windows repair log, so I attached it.  Now I was able to run Peazip and save the boot disk on an USB.  I changed the BIOS for the pc to boot from the USB, but it's not working :-( 

P.S.  I'm so glad that you are 7 hours ahead of me because that way I had a chance to change this post a couple of times.  I was getting frustrated because I couldn't find the links for Iso2disc and OTLPE on my desktop, so it took me a while to figure out that the links were right in front of me, your instructions were very clear  :-[
« Last Edit: January 09, 2013, 09:05:23 AM by LaLuz »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help deleting Rootkit.ZeroAccess
« Reply #73 on: January 09, 2013, 03:28:23 PM »
What error do you get when you try to boot from USB ?

Also can you confirm that you used ISO2Disc to burn OTLPE to the USB

LaLuz

  • Guest
Re: Help deleting Rootkit.ZeroAccess
« Reply #74 on: January 09, 2013, 06:07:58 PM »
Yes, I Used ISO2Disc to burn OTLPE to the USB.  I'm not getting any error message, the computer just boots normal.  I even changed all 3 booting priorities to USB FF, but the computer is just ignoring that.  Was I supposed to change anything under Hard Disk Boot Priority?  It is set to [press enter], so when you press enter the choices are:
 1. Ch0M:  ST3300620A
 2. Bootable Add-In Cards