Author Topic: help with win32:zeroot-b (Read 11663 times)

davj13 · « **Reply #15 on:** December 27, 2012, 01:59:47 PM »

Combofix behaves exactly the same in safe mode, does not freeze but does not end and reboot either, and the log it produces in c:\combofix is actually just a shortcut to MyPC.

The machine still takes a while to boot up, and most of the times the sound is distorted, not always though.
Normal use of pc is difficult because the CPU rapidly rises to 100%.

If it's a false positive, what is causing these issues?

essexboy · « **Reply #16 on:** December 28, 2012, 11:34:52 AM »

Download RogueKiller and save it on your desktop.

NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
Quit all programs
Start RogueKiller.exe.
Wait until Prescan has finished ...
Click on Scan

Wait for the end of the scan.
The report has been created on the desktop.
Click on the Delete button.

The report has been created on the desktop.

Next click on the ShortcutsFix
The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

davj13 · « **Reply #17 on:** December 28, 2012, 01:37:10 PM »

Thank you for your help!

Here are the roguekiller logs.

essexboy · « **Reply #18 on:** December 28, 2012, 04:36:27 PM »

When CPU usage inceases to 100 can you open task manager and let me know what process it running at highest

davj13 · « **Reply #19 on:** December 29, 2012, 01:36:53 PM »

Ok after all of this cleaning I rebooted and re-enabled windows firewall and avast antivirus. Looking at task manager I've noticed that wuauclt.exe is always using up a lot of memory (100.000KB or more) and CPU as well. One of the svchost.exe is up there too, followed by explorer.exe. And then I've also noticed that Avast is trying to update but it takes ages to DL the definitions and even more to check for a new version of the program (it's not a connection problem because on the other pc in the same LAN everything works fine).
When I kill wuauclt.exe and after waiting many minutes for Avast to complete its update check, then the CPU goes back to 0%, but as I try to open some programs (typically firefox) it goes back to 100% and it takes 2 or 3 minutes to use the browser. When everything's calm it goes back to 0% but even touching the touchpad sends the CPU to at least 20%.

essexboy · « **Reply #20 on:** December 29, 2012, 02:11:57 PM »

Ok that is a known problem with the windows updates file

•Start>Run
•type cmd and press enter
•type net stop wuauserv and press enter
•type rename c:\windows\SoftwareDistribution softwaredistribution.old and press enter
•type net start wuauserv and press enter
•type exit and press enter

Reboot and let me know if the problem still exists

davj13 · « **Reply #21 on:** December 29, 2012, 02:25:19 PM »

Hey, before viewing your reply I used a couple of Microsoft Fix It applications regarding the windows update components.
This one: http://support.microsoft.com/kb/971058
and this one too: http://support.microsoft.com/kb/949104

They have corrected a couple of problems. I've just rebooted to see how it goes. A strange process with a long alphanumeric name.exe appeared for a second and then went away. The wuauclt is still eating up lots of memory and cpu. Avast still takes a long time to do the update check.
I'll try to apply your last steps and let you know asap.

davj13 · « **Reply #22 on:** December 29, 2012, 02:48:00 PM »

Ok the wuauclt problem seems to be gone, but the pc still uses 100% of the CPU, sometimes is a svchost.exe, sometimes explorer.exe, and also Avast when checks for updates (it takes more than 4-5 mins to check definitions and program version manually, while on my desktop pc it only takes a few seconds). Running whichever programs will also send the CPU to 100%. The sound is still distorted, i guess because of CPU usage.
Despite all of this the machine is usable, with some patience.
This is a friend's laptop and he has no idea of regular pc manteinance or safe behaviour when surfing the net.
I'm starting to think that we should just do a complete format and reinstall the OS

essexboy · « **Reply #23 on:** December 29, 2012, 06:24:09 PM »

That may well be the best option.. But if you wish you could try this first

Download Windows Repair (all in one) from this site

Install the programme then run

Go to step 3 and allow it to run SFC

On the start repairs tab click start

Select the following items and tick restart system when finished

davj13 · « **Reply #24 on:** January 03, 2013, 10:44:53 PM »

Hi EssexBoy, and happy new year.
Sorry for my late reply. I have re-run the windows repair tool (you had already suggested me to do that earlier), the PC is definitely better than before all of this cleaning, but it still has that CPU problem. I guess a clean reinstall would be the best option.
Can you just confirm me that the machine has no virus or rootkit? Were they false positive?
Thank you again for your time.

essexboy · « **Reply #25 on:** January 03, 2013, 11:04:04 PM »

I saw no sign of any significant malware on the system just some adware stuff is all

Author Topic: help with win32:zeroot-b (Read 11663 times)

davj13

Re: help with win32:zeroot-b

essexboy

Re: help with win32:zeroot-b

davj13

Re: help with win32:zeroot-b

essexboy

Re: help with win32:zeroot-b

davj13

Re: help with win32:zeroot-b

essexboy

Re: help with win32:zeroot-b

davj13

Re: help with win32:zeroot-b

davj13

Re: help with win32:zeroot-b

essexboy

Re: help with win32:zeroot-b

davj13

Re: help with win32:zeroot-b

essexboy

Re: help with win32:zeroot-b