ZEROACCESS rootkit symptoms found, and missing some Services

Page 1 of 2 12 LastLast

  1. rusl07cl08
    Posts : 19
    Windows 7 Ultimate x64 7600 Multiprocessor Free
       New #1

    ZEROACCESS rootkit symptoms found, and missing some Services


    Hi guys, I have run malwarebytes and rkill. The results are the following:

    Code:
    * ALERT: ZEROACCESS rootkit symptoms found!

     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\ [ZA Dir]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\L\ [ZA Dir]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\L\00000004.@ [ZA File]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\L\201d3dde [ZA File]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\L\76603ac3 [ZA File]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\U\ [ZA Dir]

Checking Windows Service Integrity: 

 * Base Filtering Engine (BFE) is not Running.
   Startup Type set to: Automatic

 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Disabled

 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual

 * iphlpsvc [Missing Service]
 * MpsSvc [Missing Service]
 * WinDefend [Missing Service]
 * wscsvc [Missing Service]

 * SharedAccess [Missing ImagePath]
    Should I be worry about this? Thanks!
      My Computer
    Quote Quote

  3. ICIT2LOL
    Posts : 21,004
    Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
       New #2

    Hello Rus mate run the TDSS Killer from this and there are more you can run if it doesn't work but it usually is pretty good.
    Best Free Rootkit Scanner and Remover

    Let us know how it goes and there is an another option if it doesn't cure the problem.
      My Computer
    Quote Quote

  4. rusl07cl08
    Posts : 19
    Windows 7 Ultimate x64 7600 Multiprocessor Free
    Thread Starter
       New #3

    Thanks ICit2lol but the results are:
    0 threats
    0 objects quarantined

    Btw, I used Kaspersky TDSSKiller.
      My Computer
    Quote Quote

  6. ICIT2LOL
    Posts : 21,004
    Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
       New #4

    Ok mate lets try this it will run from power up and not involve Windows therefore not involve any system filing stuff. It means making a bootable disk but it keeps for a while before it needs getting a fresh copy - so handy for the future.
    Download Kaspersky Rescue Disk 10
      My Computer
    Quote Quote

  7. Kaktussoft
    Posts : 10,796
    Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
       New #5

    Download and run Windows Repair (All In One)
    Do at least test 1,3,26,17,6 and reboot afterwards.
    After that run the tests again as you did in #1 and post the results
    Last edited by Kaktussoft; 29 Oct 2014 at 04:25.
      My Computer
    Quote Quote

  8. rusl07cl08
    Posts : 19
    Windows 7 Ultimate x64 7600 Multiprocessor Free
    Thread Starter
       New #6

    Btw, I have run Trojan Remover (http://www.simplysup.com/tremover/download.html) a minute ago then the rkill resulted:

    Code:
    * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

 * ALERT: ZEROACCESS rootkit symptoms found!

     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\ [ZA Dir]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\L\ [ZA Dir]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\L\00000004.@ [ZA File]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\L\201d3dde [ZA File]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\L\76603ac3 [ZA File]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\U\ [ZA Dir]

Checking Windows Service Integrity: 

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
    Last edited by derekimo; 28 Oct 2014 at 10:03. Reason: Removed direct download link.
      My Computer
    Quote Quote

  10. ICIT2LOL
    Posts : 21,004
    Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
       New #7

    Ok Katususoft but I would like to se what becomes of that rescue disk run first.
      My Computer
    Quote Quote

  11. Kaktussoft
    Posts : 10,796
    Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
       New #8

    * Windows Defender (WinDefend) is not Running.
    Startup Type set to: Manual

    =>quite normal. I think you have another virusscanner running(?) You have microsoft security essentials installed?
      My Computer
    Quote Quote

  12. Kaktussoft
    Posts : 10,796
    Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
       New #9

    [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = dword:00000000

    Modify that registry value of "EnableFirewall" to 1 instead of 0!
      My Computer
    Quote Quote

  13. ICIT2LOL
    Posts : 21,004
    Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
       New #10

    Ok mate I shall leave you in Katususofts hands
      My Computer
    Quote Quote

 
Page 1 of 2 12 LastLast

  Related Discussions
I removed this nasty from my cousin's laptop about 5 months ago w/ a combination of RKill, Farbar's Service Scanner, Eset Sirifef tool & services repair, ComboFix, MBAM.... and a couple others. One of the residual problems was Action Center was missing from the notification area and I was able to...
I would really appreciate some help from someone with experience with this matter. Introduction: Origin: False sense of security by AVG (updated), Windows kept updated, Browser settings, firewall, and self system maintainence. Presentation: Installed a 2nd HDD (Exclusively for daily...
I have a 2 day old install has had limited Internet contact to only install updates and AV/Firewall/Malware software. Avast prompted me with a Rootkit Found message pointing to C:\Windows\servicing\TrustedInstaller.exe. I ran Avast and Emsisoft Anti-Malware on the file in that location showing it...
Rootkit found -- avast! 5
in System Security

Hello! avast! 5 found a Rootkit: :( C:\Windows\system32\drivers\ccdcmb.sys and C:\Windows\system32\drivers\ccdcmbo.sys Please help me what do I do?? and.... Is avast 5 really compatible with Windows 7? Some say they get the "Blue-screen Error" :)
Rootkit Found
in System Security

I have NIS 2010 installed on my PC and I do a couple scans a day with Norton, Malwarebytes, and Hitman Pro 3.5.5. I just did a scan with Hitman Pro and it found a Rootkit in C:\Windows\system32\DRIVERS\ Isn't Norton supposed to detect and block these kind of malware attacks????? :mad::mad: ...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 04:58.
Find Us