Possible Zeroaccess infection: denied access to MSE, update error

Page 1 of 7 123 ... LastLast

  1. PowerTrader
    Posts : 31
    Windows 7 Home Premium 64bit
       New #1

    Possible Zeroaccess infection: denied access to MSE, update error


    Hey guys, I am having some problems here on my girlfriends laptop (Win 7 Home Premium 64 bit) and believe it may be infected with “zeroaccess”. Her work computer had a virus on it last week, and she uses her personal laptop to connect to that work computer when she’s out of the office (she uses onboard remote by Adaptive Solutions to connect). We cannot run Microsoft security essentials anymore (access denied) and cannot update (windows update error code 80070005). I downloaded and ran TDSkiller, but it did not show any viruses. I did do a scan with that Farbar and attached the 2 reports. Any help ID'ing what is going on would be greatly appreciated!

    Update: Still working the issue, but decided to take the hard drive out, connect it to another computer via USB cables, and do a complete scan of the HD. As soon as I started the scan it already notified me that the preliminary scan found malicious and possibly unwanted software, but did not report what they were. Will update with results (looks like it’s going to take hours).
    Possible Zeroaccess infection: denied access to MSE, update error Attached Files
      My Computer
    Quote Quote

  3. VistaKing
    Posts : 6,830
    Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
       New #2

    PowerTrader

    Looking at the log it is infact ZeroAccess . Well you started scanning the hard drive as a USB drive lets see what the results will be , what antivirus are you scanning with ?
      My Computer
    Quote Quote

  4. PowerTrader
    Posts : 31
    Windows 7 Home Premium 64bit
    Thread Starter
       New #3

    Scanning the HD with Microsoft Security Essentials on a desktop equipped with Windows Vista Home Premium 32bit
      My Computer
    Quote Quote

  6. VistaKing
    Posts : 6,830
    Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
       New #4

    Lets see what it comes out with .
      My Computer
    Quote Quote

  7. PowerTrader
    Posts : 31
    Windows 7 Home Premium 64bit
    Thread Starter
       New #5

    Ok just completed the scan. Here are the results:

    Exploit: Java/CVE-2013-0422
    TrojanDownloader: Win32/Dofoil.R
    TrojanDropper:Win32/Sirefef.gen!E
    Rogue:Win32/Winwebsec
    TrojanDropper:Win32/Sirefef.gen!G

    I have not taken any action yet. Standing by for recommended course of action
      My Computer
    Quote Quote

  8. VistaKing
    Posts : 6,830
    Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
       New #6

    Open Notepad . Inside Notepad paste the highlighted text inside notepad

    start
    HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x] <===== ATTENTION (File name is altered)
    HKLM\...\Winlogon: [Shell] [x ] () <=== ATTENTION
    HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
    HKCU\...\Winlogon: [Shell]
    HKCU\...\Policies\system: [DisableChangePassword] 0
    HKCU\...\Policies\system: [DisableLockWorkstation] 0
    MountPoints2: {1a4eae80-5a20-11e0-ade9-88ae1d0edfee} - E:\setup.exe -a
    HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-14] ()
    HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-14] ()
    S1 ouyzvgyu; \??\C:\Windows\system32\drivers\ouyzvgyu.sys [x]
    2013-08-13 18:37 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-21-2605782298-985525740-3821210279-1000\$ddc6e1b221ef8d4c62a6ee0de1e5d502

    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-18\$ddc6e1b221ef8d4c62a6ee0de1e5d502
    DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
    DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
    end

    Click on File ====> Save As

    File Name : Fixlist.txt

    Save as type : All Files

    Location : Desktop

    Click on the [Save] button .

    Open FRST tool again from the Desktop and click on the [Fix] button . Once complete it will create a new log called Fixlog.txt . Upload the new log created in your reply . It should be on the desktop .
      My Computer
    Quote Quote

  10. PowerTrader
    Posts : 31
    Windows 7 Home Premium 64bit
    Thread Starter
       New #7

    Awesome thanks! I still have the HD connected to my desktop via USB. Should i allow MSE to remove the threats before i plug it back into the laptop and do that thing with notepad?
      My Computer
    Quote Quote

  11. VistaKing
    Posts : 6,830
    Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
       New #8

    I'd plug the hard drive back into the other PC and remove the items that way . If you run MSE then the notepad isn't needed .
      My Computer
    Quote Quote

  12. PowerTrader
    Posts : 31
    Windows 7 Home Premium 64bit
    Thread Starter
       New #9

    Sorry little confused.
    Right now i have the Laptop's infected hard drive connected to my desktop via USB cables. Should i keep the hard drive plugged into the desktop and use the desktop's MSE to remove the threat first, and THEN plug it back into the laptop to run that notepad thing or should i do something different?
      My Computer
    Quote Quote

  13. VistaKing
    Posts : 6,830
    Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
       New #10

    You could use the MSE on the desktop . When you plug the hard drive back into the laptop the notepad isn't needed . MSE should remove the infections . I'd personally would unplug the hard drive from the PC ( desktop ) plug it back into the laptop and do the Notepad .
      My Computer
    Quote Quote

 
Page 1 of 7 123 ... LastLast

  Related Discussions
I installed a program to test with some class mates. but after a while. I couldn't remove it because when you wanted to remove it via control pannel > Programs it will ask for a code/password to remove and it is one that I dont know. So I decided to run msconfig to turn off the service on boot....
Error 5: Access is denied.
in General Discussion

Hello, I have been getting Error 5: Access denied for a few days. I cannot install new programs; this error will always just pop up. I've scanned for viruses (a lot showed up, but were cleaned. My AV is Comodo.), tried a System Restore, but all my restore points are gone except for the ones...
Error- Access is Denied
in General Discussion

I hope someone out there can help,as this is my last resort. Whenever I am attempting to install anything that I have downloaded, I receive this error message. "Error-Access is Denied" // (no error number) I have scoured the internet, and have tried everything that is out there. Turning...
Error 5: Access Denied
in System Security

These pop up errors keep coming up even when my computer is just sitting there. I think it's linked to visual basic command line compiler. I'm thinking it's either a worm or that visual basic is malfunctioning and I should reinstall? I've tried 4 different antivirus programs (WSS, AVG, Avira,...
Error 5;access denied
in BSOD Help and Support

I'm running Windows 7 x64 bit and over the last couple of days every 15-20 minutes I get an Error 5:access denied message for visual basic command line compiler. how do i fix this problem? i'm not really good with computers so the easiest way of doing this would be much appreciated.
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 18:41.
Find Us