Author Topic: Zero access virus  (Read 3638 times)

0 Members and 1 Guest are viewing this topic.

Offline j_talbain

  • Newbie
  • *
  • Posts: 4
Zero access virus
« on: April 11, 2013, 08:34:47 PM »
Hello I've encountered the same error as contained in this post: http://forum.avast.com/index.php?topic=120531.0 . I am unable to boot into safe mode to be able to run aswclear.

The machine is running Win7 x32. I have run FRST and am attaching the log file. Your help would be greatly appreciated.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37643
  • F-Secure user
Re: Zero access virus
« Reply #1 on: April 11, 2013, 08:45:41 PM »
essexboy is notified.  ;)


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Zero access virus
« Reply #2 on: April 11, 2013, 08:59:05 PM »
Lets try this  ;D

Download the attached fixlist.txt to the same USB as FRST
Run FRST as before
Press Fix

On completion reboot to normal windows

Could you post the combofix log and then

Download OTL  to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.


  • Select All Users
  • Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Attach  both logs

Offline j_talbain

  • Newbie
  • *
  • Posts: 4
Re: Zero access virus
« Reply #3 on: April 11, 2013, 10:23:39 PM »
Thank you for your quick response. Sorry it took so long for me to get back to you. The machine kept bsod'ing on me. I had to run all of these scans in safe mode. I'll include the dmp file if you want.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Zero access virus
« Reply #4 on: April 11, 2013, 10:37:47 PM »
Quote
R0 DasBoot;Panda AntiMalware Support;c:\windows\\SystemRoot\system32\drivers\DasBoot.SYS

R0 DasBootF;Panda AntiMalware Support MF;c:\windows\\SystemRoot\system32\drivers\DasBootF.SYS
Did you install this programme ?

You system appears to be badly damaged, so I would like to try and repair some of it

 Download  Windows Repair (all in one)  from this site

Install the programme then run



Go to step 3 and allow it to run SFC



On the start repairs tab click start


Select the following  items and tick restart system when finished


Offline j_talbain

  • Newbie
  • *
  • Posts: 4
Re: Zero access virus
« Reply #5 on: April 11, 2013, 11:15:01 PM »
Thank you very much! ;D It seems to be running stable right now. I plan on running a few more tests and letting the machine stay up for a few hours to see if it has stabilized.

As for the panda files, I had run a removal tool from panda that was supposed to target the virus that was plaguing the machine. This particular virus seemed to be exceptionally good at mimicking and replacing system files and antivirus files. It would blue screen whenever I ran the removal tool. It also blocked TDSS killer as well.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Zero access virus
« Reply #6 on: April 12, 2013, 03:38:44 PM »
Keep me informed, and when you are happy I will tidy up

Offline j_talbain

  • Newbie
  • *
  • Posts: 4
Re: Zero access virus
« Reply #7 on: April 12, 2013, 07:58:09 PM »
It took about 5 more scans from different tools before things came back clean. Bleh.
It does seem to have cleared up though. Thank you again for all of your help. You can close this thread now.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Zero access virus
« Reply #8 on: April 12, 2013, 07:59:06 PM »
What scans were those ?