Virus dug in deep, firefox oddly not overtly affected

Page 1 of 2 12 LastLast

  1. Posts : 11
    Windows 7 Home Premium x64
       #1

    Virus dug in deep, firefox oddly not overtly affected


    Hello, I am having a problem with a google redirect virus, and have been spending more than a week to get rid of it. It affects all my web browsers (IE, Firefox, and Google Chrome) and is displaying all of the symptoms i.e. all search engines results will redirect to different websites than what has been shown (plus malware), the virus itself is embedded somewhere and scans can not rout it out, and tabs close for "some reason". Help? I have HijackThis already installed if you need a log.
      My Computer


  2. Posts : 143
    32 bit
       #2

    • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller
      My Computer


  3. Posts : 11
    Windows 7 Home Premium x64
    Thread Starter
       #3

    RogueKiller V8.0.2 [08/31/2012] by Tigzy mail: tigzyRKgmailcom Feedback: RogueKiller - Geeks to Go Forums Blog: tigzy-RK Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Paul [Admin rights] Mode : Scan -- Date : 09/04/2012 23:52:12 ¤¤¤ Bad processes : 1 ¤¤¤ [SUSP PATH][DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : -> KILLED [TermProc] ¤¤¤ Registry Entries : 5 ¤¤¤ [RUN][BLACKLIST DLL] HKCU\[...]\Run : Desura (rundll32.exe "C:\Users\Paul\AppData\Local\DigitalPersona\Desura\fokuzeyjp.dll",CreateInstance) -> FOUND [RUN][BLACKLIST DLL] HKUS\S-1-5-21-1802773089-3845710631-1931485571-1000[...]\Run : Desura (rundll32.exe "C:\Users\Paul\AppData\Local\DigitalPersona\Desura\fokuzeyjp.dll",CreateInstance) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Paul\AppData\Local\{64900c6e-38ca-c2b9-df73-c150899d184b}\n.) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : C:\Windows\Installer\{64900c6e-38ca-c2b9-df73-c150899d184b}\@ --> FOUND [ZeroAccess][FOLDER] U : C:\Windows\Installer\{64900c6e-38ca-c2b9-df73-c150899d184b}\U --> FOUND [ZeroAccess][FOLDER] L : C:\Windows\Installer\{64900c6e-38ca-c2b9-df73-c150899d184b}\L --> FOUND [ZeroAccess][FILE] @ : C:\Users\Paul\AppData\Local\{64900c6e-38ca-c2b9-df73-c150899d184b}\@ --> FOUND [ZeroAccess][FOLDER] U : C:\Users\Paul\AppData\Local\{64900c6e-38ca-c2b9-df73-c150899d184b}\U --> FOUND [ZeroAccess][FOLDER] L : C:\Users\Paul\AppData\Local\{64900c6e-38ca-c2b9-df73-c150899d184b}\L --> FOUND ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000BEVT-60A0RT0 ATA Device +++++ --- User --- [MBR] cb17807c5932fe63468973aa25389ba1 [BSP] 63e48fae74cc71a2b4fd22d45a2c498b : Windows Vista/7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 455597 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 933472256 | Size: 21039 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt

    _____________________

    Okay, so I can tell this is bad. The program said I have ZeroAccess on here, and opened a link to a webpage with a tutorial on how to remove it. Should I follow it, or is this something else? Also, thanks for the help already.
      My Computer


  4. Posts : 143
    32 bit
       #4

    Select all and click DELETE

    Restart the PC and

    Please download Rkill by Grinler and save it to your desktop.


    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • The log should be saved on the desktop
    • Post it here
      My Computer


  5. Posts : 11
    Windows 7 Home Premium x64
    Thread Starter
       #5

    Rkill 2.3.4 by Lawrence Abrams (Grinler)
    Bleeping Computer - Computer Help and Discussion
    Copyright 2008-2012 BleepingComputer.com
    More Information about Rkill can be found at this link:
    RKill - What it does and What it Doesn&#39;t - A brief introduction to the program

    Program started at: 09/05/2012 03:17:22 PM in x64 mode.
    Windows Version: Windows 7 Home Premium Service Pack 1

    Checking for Windows services to stop.

    * No malware services found to stop.

    Checking for processes to terminate.

    * C:\Program Files\Java\jre6\bin\jusched.exe (PID: 2348) [FI]

    1 proccess terminated!

    Checking Registry for malware related settings.

    * Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

    Backup Registry file created at:
    C:\Users\Paul\Desktop\rkill\rkill-09-05-2012-03-17-32.reg

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks.

    * Windows Defender Disabled

    [HKLM\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware" = dword:00000001

    Checking Windows Service Integrity:

    * Windows Firewall Authorization Driver (mpsdrv) is not Running.
    Startup Type set to: Manual

    * AppMgmt [Missing Service]
    * BFE [Missing Service]
    * CscService [Missing Service]
    * iphlpsvc [Missing Service]
    * MpsSvc [Missing Service]
    * PeerDistSvc [Missing Service]
    * UmRdpService [Missing Service]
    * WinDefend [Missing Service]
    * wscsvc [Missing Service]

    * SharedAccess [Missing ImagePath]

    Searching for Missing Digital Signatures:

    * No issues found.

    Program finished at: 09/05/2012 03:17:46 PM
    Execution time: 0 hours(s), 0 minute(s), and 23 seconds(s)
      My Computer


  6. Posts : 143
    32 bit
       #6

    You are missing critical services.This tool can help you restore it

    Windows Repair (All In One)
      My Computer


  7. Posts : 11
    Windows 7 Home Premium x64
    Thread Starter
       #7

    Hey, should I skip the chkdsk step? It keeps hanging at 2 of 3 steps, and I do not know if that's because I am missing files...
      My Computer


  8. Posts : 143
    32 bit
       #8

    Skip it
      My Computer


  9. Posts : 11
    Windows 7 Home Premium x64
    Thread Starter
       #9

    Alright, I have ran the windows repair program. Now what?

    Also, I have noticed an add-on that seems to be incompatible with Firefox, but I do not even remember installing it before. A bProtector?
    Last edited by ShenmueAdvocate; 07 Sep 2012 at 23:03.
      My Computer


  10. Posts : 11
    Windows 7 Home Premium x64
    Thread Starter
       #10

    Bumping for help. Has this from yesterday, using rkill again.

    Rkill 2.3.4 by Lawrence Abrams (Grinler)
    Bleeping Computer - Computer Help and Discussion
    Copyright 2008-2012 BleepingComputer.com
    More Information about Rkill can be found at this link:
    RKill - What it does and What it Doesn&#39;t - A brief introduction to the program

    Program started at: 09/10/2012 01:02:17 PM in x64 mode.
    Windows Version: Windows 7 Home Premium Service Pack 1

    Checking for Windows services to stop.

    * No malware services found to stop.

    Checking for processes to terminate.

    * C:\Program Files\Java\jre6\bin\jusched.exe (PID: 3456) [FI]

    1 proccess terminated!

    Checking Registry for malware related settings.

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks.

    * Windows Defender Disabled

    [HKLM\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware" = dword:00000001

    Checking Windows Service Integrity:

    * AppMgmt [Missing Service]
    * CscService [Missing Service]
    * iphlpsvc [Missing Service]
    * PeerDistSvc [Missing Service]
    * UmRdpService [Missing Service]
    * WinDefend [Missing Service]

    Searching for Missing Digital Signatures:
    I still do not know how to get rid of the virus, and now windows can not update itself thanks to it not being a genuine copy. Also, I do not know if I can make a copy of this hard drive without something screwing up. Help?
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 03:14.
Find Us