Need Help with reocurring 80000000.@ and 800000cb.@

[Cabelski]

My Symantec AntiVirus keeps detecting the same risks, a 80000000.@ (Trojan.Zeroaccess.C) and a 800000cb.@ (Trojan.Gen.2). It says they are taken care of by either deletion or quarantine but then shortly after they show up again.

Hopefully i have all of the logs necessary.

Thank you in advance

[Pondus]

is seems you have a ZeroAccess rootkit ..... and lots of crap files

also attach Malwarebytes log

[Cabelski]

Here is the MalwareBytes Log

[Pondus]

it say no action taken
update malwarebytes, run quick scan .... click remove selected button

malware removers are notified, guess they are all in bed now so check back tomorrow

[Pondus]

i see you have Symantec endpoint installed...
is this a company computer?

[gen-hackman]

hello

where does symantec detect that ?

[Cabelski]

Pondus - No this is my pc, a friend gave me it when i made my computer

g3n-h@ckm@n - This is where it is saying they are.

C:\Program Files (x86)\Google\Desktop\Install\{d6771622-707b-5ba2-3af6-1d942653f906}\   \...\\{d6771622-707b-5ba2-3af6-1d942653f906}\U\

[Pondus]

ok.   g3n-h@ckm@n will assist you

night night.   

[gen-hackman]

ok let's kill Zeroaccess ^^

Attention!!!: Only these links are officials do not download the tool on other links!!
Attention!!!: this tool can be detected wrongly as virus
Attention!!!: this tool is powerful to follow scrupulously the instructions below

All the processes " not vital of Windows " are going to be cut, register(record) your work. There will be an extinction of the office(desk) during the scan - > no panic.

Deactivate all your protections if possible, antivirus, sandbox, firewalls

Download and register(record) Pre_Scan on your office(desk):

http://Http://services.service-webmaster.fr/cpt-clics/clics-30453-6820.html (renamed(reappointed) winlogon)

Or, if the link is not functional:

http://Http://www.archive-host.com/files/1731274/ecd939269bcc7cdfed2d2e726c22709a32db3067/winlogon.exe (Renamed(reappointed) winlogon)
http://Http://www.security-helpzone.com/Tools/g3n/winlogon.exe (renamed(reappointed) winlogon)

If the tool is boosted(relaunched) several times, he will propose you a menu and if no option is asked, launch the option " Scan|Kill "

If the tool is blocked(surrounded) by the infection use this version with these other extensions:

http://Http://www.security-helpzone.com/Tools/g3n/Pre_Scan.scr
http://Http://www.security-helpzone.com/Tools/g3n/Pre_Scan.pif
http://Http://www.security-helpzone.com/Tools/g3n/Pre_Scan.com

If the tool detects a proxy and if you did not install(settle) click " to delete(eliminate) the proxy "

It is possible that black windows flash, let it work.

The tool is going to send on a server the viruses which it quarantined so that I can study these more in-depth infections.

Let the tool restart your computer.

Post Pre_Scan_date_hour.txt which appear in the root of your record(disk) system (generally C:\)

DO NOT POST IT ON THE FORUM!!! it is too long

Accommodate the report on http://cjoint.com (or here) then give the link obtained

[Cabelski]

The links to download Pre_Scan are all saying the webpages are unavailable

[gen-hackman]

and there ?

http://cjoint.com/?CHEbQbTyxd6

you'll have to unzip

[gen-hackman]

hello , you're lost ? ^^