Other > Viruses and worms
HELP! Infected with Win32:ZAccess-PB, Win32:Sirefef-ZT and more
morkitz:
Hello,
I have been infected with malware as seen in subject title. There are a lot more trojan infections since the original infection with Win32:ZAccess-PB...
I would be very grateful if you could help me remove the infections as soon as possible.
I am attaching the 4 logs as described in the sticky thread.
Thank you in advance.
Regards,
Marko.
essexboy:
OK lets go for a kill in one
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
[/list]
--- Code: ---:Commands
[CREATERESTOREPOINT]
:Files
fsutil reparsepoint delete "C:\Program Files\Windows Defender\en-US" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpAsDesc.dll" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpClient.dll" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpCmdRun.exe" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpCommu.dll" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpEvMsg.dll" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpOAV.dll" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpRTP.dll" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpSvc.dll" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MSASCui.exe" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MsMpCom.dll" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MsMpLics.dll" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MsMpRes.dll" /c
C:\Windows\Installer\{16461362-94db-d896-b4ce-5b0bb4d48755}
:Commands
[resethosts]
[emptytemp]
[Reboot]
--- End code ---
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. [/list]
THEN
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
[/list]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
morkitz:
Thanks for the quick reply!
I have followed the procedure described and here are the logs requested. The only thing I want to mention that I have disabled all Avast! shields before running Combofix as was described, but Combofix still gave me a warning that Avast is running, after which I proceeded anyway. Combofix seems to finish successfuly nevertheless.
Anyway, now my Avast antivirus is turned off after reboot. Is it safe to turn it back on ?
essexboy:
Yes turn Avast back on now, all I can see to do is reset the winsock and TCPIP
How is the computer now ?
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
[/list]
--- Code: ---:Commands
[CREATERESTOREPOINT]
:Files
netsh advfirewall reset /c
netsh int ip reset c:\resetlog.txt /c
ipconfig /flushdns /c
ipconfig /release /c
ipconfig /renew /c
:Commands
[resethosts]
[emptytemp]
[Reboot]
--- End code ---
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. [/list]
morkitz:
The computer seems to be running without any visible problems now. Avast is not complaining about threats being detected as before when it was constantly popping up, and also Windows security center seems to be up and running, while before it was blocked.
I have performed the last requested action. Here is the log ...
Anything more to do ?
Navigation
[0] Message Index
[#] Next page
Go to full version