[cottonball]

Jacee,

Have read different opinions on removing, or not removing Rootkits.

There are quite a number of forums that deal with Rootkits on a daily basis, successfully!

The option to reformat is always there, but, there seem to be more Users cleaning the computer (with assistance from the forums) than doing a wipe and clean install.

Personally, after loaning my laptop to a neighbor, upon return it had a rootkit. Took action to remove it, and now posting from it. It wasn't easy to get rid of, but, the computer is stable, and no further problems developed.

There are tools available to remove Rootkits that do a great job, and experts agree that more than one should be used to confirm removal.

Bottom line appears to be that it is up to the User on whether to clean the computer, or do a total wipe and clean install.

[Jacee]

It is most definitely up to the user!

But.... I, personally, will not try to clean up such a compromised computer. I've seen many users come back to the malware help forums after having been declared that their computer was clean of the rootkit.

[Layback Bear]

A person removing a rootkit and having a stable computer is great but not my concern. My concern is a computer that a rootkit has been removed still running very quietly a Botnet and or stealing the new passwords for banking, credit card information and on line accounts and the like. We do all agree the the owner has to make that decision. I'm cautious and a little security paranoid. Many years ago I had a bank account wiped out and still have a little bad taste in my mouth. That was before the banks and credit card companies would help you when such things happened. Their attitude was my money, my account, my problem can we help you with anything else. Thank you for doing business with Give a Shot Bank.

[cottonball]

In the computer world, anything is possible, as we all know!

I have always gone for the fixing of the computer. There are quite a few very reputable forums with advisors that do the same.


Every person brings in a different experience...


If security paranoid and going for a new install, buying a new hard drive would be on my list vs. wiping the disk.

[Layback Bear]

I wipe a new hard drive before using. One never knows what might be on it.

http://netsecurity.about.com/od/anti...th-Malware.htm

[drmax]

Here is the required info. I had the mbar logs last night, but they were from a post scan of the original findings. So I will put all that stuff here, including the latest scan in dos. Thx and I'll rep you.

PS. Firewall is working fine now, I'm thinking. I use "allshare" by samsung to port stuff to my tv, and for some reason I'm having to disable firewall to run this, which i don't think i did in the past. I'll have to look into this. If there is a prob., I'll post back.

[cottonball]

Thanks for the info, drmax.

The MBAR logs do not show anything, but, you say those are from post scans, so that makes sense.

The FRST64 results do show some ZeroAccess remnants. Need to take a close look at the entire report.

Going to be out and about today, so, will get back with you later.

Thanks for your patience.

[DBone]

Glad to see that MBAR worked so well for you. Those Malwarebytes guys are definitely on top of their game!

[Jacee]

FRST shows quite a mess of infected files and apps

[cottonball]

drmax,

Although MBAR took care of some of the ZeroAccess, there are still ZA files left in the system. That just stresses the importance of not placing all your trust on one program. Different programs have different definitions they target.

Let's press on...


Please do the following...
Open Notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below to Notepad.

Code:

start
C:\Windows\assembly\tmp
C:\Users\greg\AppData\Local\89e89c8d
end

• In Notepad, go to File > Save as...
• Save to: the USB flash drive
• In File name use: fixlist.txt
• Click: Save

Have FRST.exe and fixlist.txt on the flash drive.

Next, plug the flash drive into the infected computer.







Now, please enter System Recovery Options like you did previously:

• >>> Restart the computer, etc. > select: Command Prompt
• Type e:\frst64.exe, and press: Enter
• Replace the drive letter g with the drive letter of your flash drive, or SD Card!
• In FRST, this time press the Fix button.

The program saves a Fixlog.txt, on the flash drive.

Click the Command prompt window, type exit, and press: Enter
Back at the System Recovery Options, press: Restart

Let the computer boot normally.

Please copy/paste the Fixlog.txt in your reply.