Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: ZEROACCESS rootkit symptoms found, and missing some Services

28 Oct 2014   #1
rusl07cl08

Windows 7 Ultimate x64 7600 Multiprocessor Free
 
 
ZEROACCESS rootkit symptoms found, and missing some Services

Hi guys, I have run malwarebytes and rkill. The results are the following:

Code:
* ALERT: ZEROACCESS rootkit symptoms found!

     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\ [ZA Dir]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\L\ [ZA Dir]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\L\00000004.@ [ZA File]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\L\201d3dde [ZA File]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\L\76603ac3 [ZA File]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\U\ [ZA Dir]

Checking Windows Service Integrity: 

 * Base Filtering Engine (BFE) is not Running.
   Startup Type set to: Automatic

 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Disabled

 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual

 * iphlpsvc [Missing Service]
 * MpsSvc [Missing Service]
 * WinDefend [Missing Service]
 * wscsvc [Missing Service]

 * SharedAccess [Missing ImagePath]
Should I be worry about this? Thanks!


My System SpecsSystem Spec
.
28 Oct 2014   #2
ICIT2LOL

Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
 
 

Hello Rus mate run the TDSS Killer from this and there are more you can run if it doesn't work but it usually is pretty good.
Best Free Rootkit Scanner and Remover

Let us know how it goes and there is an another option if it doesn't cure the problem.
My System SpecsSystem Spec
28 Oct 2014   #3
rusl07cl08

Windows 7 Ultimate x64 7600 Multiprocessor Free
 
 

Thanks ICit2lol but the results are:
0 threats
0 objects quarantined

Btw, I used Kaspersky TDSSKiller.
My System SpecsSystem Spec
.

28 Oct 2014   #4
ICIT2LOL

Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
 
 

Ok mate lets try this it will run from power up and not involve Windows therefore not involve any system filing stuff. It means making a bootable disk but it keeps for a while before it needs getting a fresh copy - so handy for the future.
Download Kaspersky Rescue Disk 10
My System SpecsSystem Spec
28 Oct 2014   #5
Kaktussoft

Microsoft Community Contributor Award Recipient

Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

Download and run Windows Repair (All In One)
Do at least test 1,3,26,17,6 and reboot afterwards.
After that run the tests again as you did in #1 and post the results
My System SpecsSystem Spec
28 Oct 2014   #6
rusl07cl08

Windows 7 Ultimate x64 7600 Multiprocessor Free
 
 

Btw, I have run Trojan Remover (http://www.simplysup.com/tremover/download.html) a minute ago then the rkill resulted:

Code:
* Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

 * ALERT: ZEROACCESS rootkit symptoms found!

     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\ [ZA Dir]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\L\ [ZA Dir]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\L\00000004.@ [ZA File]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\L\201d3dde [ZA File]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\L\76603ac3 [ZA File]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\U\ [ZA Dir]

Checking Windows Service Integrity: 

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
My System SpecsSystem Spec
28 Oct 2014   #7
ICIT2LOL

Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
 
 

Ok Katususoft but I would like to se what becomes of that rescue disk run first.
My System SpecsSystem Spec
28 Oct 2014   #8
Kaktussoft

Microsoft Community Contributor Award Recipient

Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

=>quite normal. I think you have another virusscanner running(?) You have microsoft security essentials installed?
My System SpecsSystem Spec
28 Oct 2014   #9
Kaktussoft

Microsoft Community Contributor Award Recipient

Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Modify that registry value of "EnableFirewall" to 1 instead of 0!
My System SpecsSystem Spec
28 Oct 2014   #10
ICIT2LOL

Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
 
 

Ok mate I shall leave you in Katususofts hands
My System SpecsSystem Spec
Reply

 ZEROACCESS rootkit symptoms found, and missing some Services




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Power icon missing after removal ZeroAccess rootkit
I removed this nasty from my cousin's laptop about 5 months ago w/ a combination of RKill, Farbar's Service Scanner, Eset Sirifef tool & services repair, ComboFix, MBAM.... and a couple others. One of the residual problems was Action Center was missing from the notification area and I was able to...
General Discussion
Require (Rootkit.TDSS.TDL4) Rootkit Removal & Cleanup walkthrough
I would really appreciate some help from someone with experience with this matter. Introduction: Origin: False sense of security by AVG (updated), Windows kept updated, Browser settings, firewall, and self system maintainence. Presentation: Installed a 2nd HDD (Exclusively for daily...
System Security
WZC missing from services.
As the title says when I look through services.msc Wireless Zero Configuration is missing, how do you go about reinstalling this service in Windows 7 or can't it be done.
Network & Sharing
Avast Found Rootkit - TrustedInstaller.exe
I have a 2 day old install has had limited Internet contact to only install updates and AV/Firewall/Malware software. Avast prompted me with a Rootkit Found message pointing to C:\Windows\servicing\TrustedInstaller.exe. I ran Avast and Emsisoft Anti-Malware on the file in that location showing it...
System Security
Rootkit found -- avast! 5
Hello! avast! 5 found a Rootkit: :( C:\Windows\system32\drivers\ccdcmb.sys and C:\Windows\system32\drivers\ccdcmbo.sys Please help me what do I do?? and.... Is avast 5 really compatible with Windows 7? Some say they get the "Blue-screen Error" :)
System Security
Rootkit Found
I have NIS 2010 installed on my PC and I do a couple scans a day with Norton, Malwarebytes, and Hitman Pro 3.5.5. I just did a scan with Hitman Pro and it found a Rootkit in C:\Windows\system32\DRIVERS\ Isn't Norton supposed to detect and block these kind of malware attacks????? :mad::mad: ...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 08:14.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App