Hi,
**WARNING**Unfortunately one or more of the infections I have identified are
Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to
stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.
Unfortunately I have found what is known as the
ZeroAccess rootkit on your system. It is an
especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.
If you would like to format and reinstall your Operating System please let me know and we can assist you with that.
If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help.
----------
Please download and run
ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and
Run as Administrator.
----------
If you are running
Malwarebytes 1.6 or better, please disable it for the duration of this run.
To disable Malwarebytes
- Open the scanner and select the Protection tab
- Remove the tick from "Start Protection Module with Windows" as seen below
Once complete continue with the instructions...
----------
Run
OTL.exe- Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:Services
:Files
C:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}
C:\Users\Heinrick\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot when it is done
- Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
----------
Download
Combofix from the link below, and save it to your desktop.
Link**Note: It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.
--------------------------------------------------------------------
IMPORTANT -
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
here --------------------------------------------------------------------
Right-Click and Run as Administrator on
ComboFix.exe & follow the prompts.
When finished, it will produce a report for you.
- Please post the C:\ComboFix.txt for further review.
----------
Please attach the logs made by OTL and ComboFix.
