New
#51
here are the reports, the 1str one is the one where it found the file
mbar-log-2013-02-18 (20-06-46).txt
mbar-log-2013-02-18 (20-21-10).txt
here are the reports, the 1str one is the one where it found the file
mbar-log-2013-02-18 (20-06-46).txt
mbar-log-2013-02-18 (20-21-10).txt
Please go back to Post #28, and run RogueKiller once again, per those instructions.
Let's see what it reports.
We cannot rely on one program alone to claim victory over the ZeroAccess Rootkit, so, please be patient and bear with me.
rogue killer is still coming up with everything and it opens a website explaining how to get rid of zeroaccess also known as Max++
here is the website: tigzyrk.blogspot.com/2011/09/rootkit-zeroaccess-max.html
I used the delete feature, scanned again and it came up clean, here is the report before and after the delete
RKreport[3]_D_02182013_02d2035.txt
RKreport[4]_S_02182013_02d2040.txt
Last edited by alaska skier; 19 Feb 2013 at 00:46. Reason: to add the link and reports
thanks cottonball for helping me with this nasty piece of work as i use my computer a lot for school and have learned to now do backups the hard way and am set to go buy a portable hard drive, ill be waiting for you to tell me what to do next, hopefully it's to check that this problem is resolved.
Please post the newest RogueKiller report. Need to see it. Can't operate in the blind.
Never mind!!
Did not see your edit. Overlooked that you already posted the reports.
Need to check both of them, and will be back.
Last edited by cottonball; 19 Feb 2013 at 01:20.
thanks cottonball
Let's press on...
Please download TDSSKiller:
http://support.kaspersky.com/downloa...tdsskiller.exe
Save to the desktop.
The program can be run in Normal Mode and Safe Mode.
Double-click on TDSSKiller.exe to execute.
Click on Change parameters, and select: TDLFS file system
Press Start scan to begin.
If anything is found, do not change the default options on the scan results.
However, do not use: Delete >> Instead, change to: Skip
Click on: Continue
If prompted to reboot your computer, please consent.
Once the program is done, a log is produced at C:\
It is named: TDSSKiller.Version_Date_Time_log.txt
Please post the contents of the TDSSKiller report in your reply.
I'm signing off for tonight, but will be back during the day. It is 1:10AM here...3 hours difference from Alaska.
WOW,sorry never realized that time difference, will do the TDSS killer, i have herd good things about this program
TDSSKiller will provide us additional information.
At this point, I am not certain that what RogueKiller found was an active Rootkit, vs. remnants of an infection that is no longer active.
FRST is a very good picker-upper of ZeroAccess, and it did not show there.
What MBAR picked up was an entry that was not definitely identified as ZA.
It does pick up entries that are not Rootkits, and I have tested that on my computer.
All these things get trickier by the minute, and, therefore, one needs to take things one at a time, and evaluate the general consensus (based on reports) of the tools run.
Last edited by cottonball; 19 Feb 2013 at 20:12.
sorry, had school, will run tdss in safe mode with the parameters given, also, my tech coordinator gave me a program to try called spybot-search and destroy, any thoughts? as i will try this too
Last edited by alaska skier; 20 Feb 2013 at 00:04. Reason: add more info