Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Possible Zeroaccess infection: denied access to MSE, update error

13 Aug 2013   #1
PowerTrader

Windows 7 Home Premium 64bit
 
 
Possible Zeroaccess infection: denied access to MSE, update error

Hey guys, I am having some problems here on my girlfriends laptop (Win 7 Home Premium 64 bit) and believe it may be infected with “zeroaccess”. Her work computer had a virus on it last week, and she uses her personal laptop to connect to that work computer when she’s out of the office (she uses onboard remote by Adaptive Solutions to connect). We cannot run Microsoft security essentials anymore (access denied) and cannot update (windows update error code 80070005). I downloaded and ran TDSkiller, but it did not show any viruses. I did do a scan with that Farbar and attached the 2 reports. Any help ID'ing what is going on would be greatly appreciated!

Update: Still working the issue, but decided to take the hard drive out, connect it to another computer via USB cables, and do a complete scan of the HD. As soon as I started the scan it already notified me that the preliminary scan found malicious and possibly unwanted software, but did not report what they were. Will update with results (looks like it’s going to take hours).




Attached Files
File Type: txt Addition.txt (15.4 KB, 3 views)
File Type: txt FRST.txt (21.9 KB, 7 views)
My System SpecsSystem Spec
.

13 Aug 2013   #2
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

PowerTrader

Looking at the log it is infact ZeroAccess . Well you started scanning the hard drive as a USB drive lets see what the results will be , what antivirus are you scanning with ?
My System SpecsSystem Spec
13 Aug 2013   #3
PowerTrader

Windows 7 Home Premium 64bit
 
 

Scanning the HD with Microsoft Security Essentials on a desktop equipped with Windows Vista Home Premium 32bit
My System SpecsSystem Spec
.


13 Aug 2013   #4
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Lets see what it comes out with .
My System SpecsSystem Spec
13 Aug 2013   #5
PowerTrader

Windows 7 Home Premium 64bit
 
 

Ok just completed the scan. Here are the results:

Exploit: Java/CVE-2013-0422
TrojanDownloader: Win32/Dofoil.R
TrojanDropper:Win32/Sirefef.gen!E
Rogue:Win32/Winwebsec
TrojanDropper:Win32/Sirefef.gen!G

I have not taken any action yet. Standing by for recommended course of action
My System SpecsSystem Spec
13 Aug 2013   #6
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Open Notepad . Inside Notepad paste the highlighted text inside notepad

start
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x] <===== ATTENTION (File name is altered)
HKLM\...\Winlogon: [Shell] [x ] () <=== ATTENTION
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKCU\...\Winlogon: [Shell]
HKCU\...\Policies\system: [DisableChangePassword] 0
HKCU\...\Policies\system: [DisableLockWorkstation] 0
MountPoints2: {1a4eae80-5a20-11e0-ade9-88ae1d0edfee} - E:\setup.exe -a
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-14] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-14] ()
S1 ouyzvgyu; \??\C:\Windows\system32\drivers\ouyzvgyu.sys [x]
2013-08-13 18:37 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2605782298-985525740-3821210279-1000\$ddc6e1b221ef8d4c62a6ee0de1e5d502

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$ddc6e1b221ef8d4c62a6ee0de1e5d502
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
end


Click on File ====> Save As

File Name : Fixlist.txt

Save as type : All Files

Location : Desktop

Click on the [Save] button .

Open FRST tool again from the Desktop and click on the [Fix] button . Once complete it will create a new log called Fixlog.txt . Upload the new log created in your reply . It should be on the desktop .
My System SpecsSystem Spec
13 Aug 2013   #7
PowerTrader

Windows 7 Home Premium 64bit
 
 

Awesome thanks! I still have the HD connected to my desktop via USB. Should i allow MSE to remove the threats before i plug it back into the laptop and do that thing with notepad?
My System SpecsSystem Spec
13 Aug 2013   #8
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

I'd plug the hard drive back into the other PC and remove the items that way . If you run MSE then the notepad isn't needed .
My System SpecsSystem Spec
13 Aug 2013   #9
PowerTrader

Windows 7 Home Premium 64bit
 
 

Sorry little confused.
Right now i have the Laptop's infected hard drive connected to my desktop via USB cables. Should i keep the hard drive plugged into the desktop and use the desktop's MSE to remove the threat first, and THEN plug it back into the laptop to run that notepad thing or should i do something different?
My System SpecsSystem Spec
13 Aug 2013   #10
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

You could use the MSE on the desktop . When you plug the hard drive back into the laptop the notepad isn't needed . MSE should remove the infections . I'd personally would unplug the hard drive from the PC ( desktop ) plug it back into the laptop and do the Notepad .
My System SpecsSystem Spec
Reply

 Possible Zeroaccess infection: denied access to MSE, update error




Thread Tools





Similar help and support threads
Thread Forum
Error 5: Access is denied.
Hello, I have been getting Error 5: Access denied for a few days. I cannot install new programs; this error will always just pop up. I've scanned for viruses (a lot showed up, but were cleaned. My AV is Comodo.), tried a System Restore, but all my restore points are gone except for the ones...
General Discussion
Error- Access is Denied
I hope someone out there can help,as this is my last resort. Whenever I am attempting to install anything that I have downloaded, I receive this error message. "Error-Access is Denied" // (no error number) I have scoured the internet, and have tried everything that is out there. Turning...
General Discussion
Error 5: Access Denied
These pop up errors keep coming up even when my computer is just sitting there. I think it's linked to visual basic command line compiler. I'm thinking it's either a worm or that visual basic is malfunctioning and I should reinstall? I've tried 4 different antivirus programs (WSS, AVG, Avira,...
System Security
Error 5;access denied
I'm running Windows 7 x64 bit and over the last couple of days every 15-20 minutes I get an Error 5:access denied message for visual basic command line compiler. how do i fix this problem? i'm not really good with computers so the easiest way of doing this would be much appreciated.
BSOD Help and Support
Getting access denied error on folder
Hi, I just recently moved a folder out of a larger folder. The larger folder was part of the video library. Now when I got to the video library the folder I moved out of it is still there but now it won't let me open it or delete it. I believe it is empty because the new version is where it is...
General Discussion
Access denied error in win 7
If i try to save pdf files from opera to my E Drive, it show an access denied error... if try to save in my C Drive, it allows .... should be due to permission rights of windows 7.... how do i change them so tat i can directly save in to drives other than C drive ??
General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 14:59.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App