Solved Many backdoors/various Trojans/rootkit. Shutdowner present

[MelancholyRose]

For those lurking, or anyone who is interested in the details about Sirefef/ZeroAccess: http://www.kindsight.net/sites/default/files/Kindsight_Malware_Analysis-ZeroAcess-Botnet-final.pdf
http://www.2-viruses.com/remove-zeroaccess-rootkit

I believe that I had the older variant of Sirefef-- .Y, .W, .B
There are new variants out by now-- .AG, .I, .P (which I believe is also called the CLSID variant) Major shift in strategy for ZeroAccess rootkit malware, as it shifts to user-mode | Naked Security

Since I'm really interested in hacking and viruses, I'm actually having some fun trying to fight it. I'm not ready to reinstall Windows just yet. It's important that I learn what this is and what it does. I want to do everything I can before I wipe the whole thing. It's a learning process. Some of my most important files are already backed up here on my laptop, such as novels I'm writing.

I also hope the information will aid others in learning about the virus. I'll keep reporting back here with updates on how far I've gotten. Right now, I have to focus on fixing Services.exe. ESET has a ServicesRepair tool that I'm going to see if I can quickly use in safe mode before the system shuts down. If not that, then I'm going to try to get my AHCI drivers onto a flash drive so that I can access my OS when repairing my computer so I can do an SFC scannow.

I'm not giving up just yet.

This is a guide I was going to follow: http://malwaretips.com/Thread-How-to-completely-remove-ZeroAccess-Sirefef-rootkit-Removal-Guide
Here's a video about it as well, and from what I can see, the virus can impact a system far worse than how it hit mine. I can at least boot into Windows. http://www.youtube.com/watch?v=xVtGvtlDPwo&feature=related

(This reminds me a lot of the Conficker scare back in, I think 2010?)

 

[OldMX]

I'm reading the .pdf and actually I'm scared of its contents...

 

[MelancholyRose]

I'm reading the .pdf and actually I'm scared of its contents...

I LOL'd

 

[Victor S]

Since I'm really interested in hacking and viruses, I'm actually having some fun trying to fight it. I'm not ready to reinstall Windows just yet. It's important that I learn what this is and what it does.

Why? It's like killing roaches. They won't go away. Whatever you learn about virii and Win internals will be useless soon enough, as that all changes quickly.
This is assuming you're not planning on doing this as a "profession."
I suggest you keep a clean house with a recommended anti-virus. A free one.
Paying for an anti-virus just supports the "virus "industry."
Maybe even more important, take image copies. Then the roaches are inconsequential. If I even suspect roaches, I just replace the house with a clean one. 5 minutes.
I get where you're coming from, and used to have "fun" squashing roaches.
After a while it became distasteful - like, do roaches deserve much of my attention?
Nope.

 

[Borg 386]

Thank you for the links. The first step in fighting something, is knowing it's behavioral patterns.

 

[MelancholyRose]

Here's a current update:
I made a Hiren's BootCD and I'm using it to back up a lot of data just in case I can't get all of the malware off, but so far I've found a lot of it and removed it.

I've located the trojan lurking in my Windows/Installer folder as well as in the AppData/Local folder and removed it.

I've deleted various adware/spyware and tracking cookies.

I've run a checkdisk using the BootCD, and I'm still going to do a scannow when I'm done copying everything.

If you're in a similar situation and either can't boot into Windows, or Windows keeps kicking you out, I would highly recommend the Hiren's BootCD. It's got most tools you need to recover data and remove stuff without having to get into Windows first. You can also use it to edit the registry.

Download Hiren

Why? It's like killing roaches. They won't go away. Whatever you learn about virii and Win internals will be useless soon enough, as that all changes quickly.
This is assuming you're not planning on doing this as a "profession."
I suggest you keep a clean house with a recommended anti-virus. A free one.
Paying for an anti-virus just supports the "virus "industry."
Maybe even more important, take image copies. Then the roaches are inconsequential. If I even suspect roaches, I just replace the house with a clean one. 5 minutes.
I get where you're coming from, and used to have "fun" squashing roaches.
After a while it became distasteful - like, do roaches deserve much of my attention?
Nope.

I like to learn, I like to work on the computer, and I like to develop new skills. I don't consider that at all a bad thing.

This is also the first time in maybe eight years that I've had a virus.

 

[MelancholyRose]

Another new update:
I've successfully repaired the Windows files that were causing my machine to randomly restart by doing an SFC /SCANNOW at boot from the Windows 7 installation CD. It found corrupted files and fixed them. My machine no longer shuts down.

I'm now able to get into Safe Mode and run Malwarebytes, TDSS killer, and others.

 

[MelancholyRose]

Final update: I installed Comodo Internet Security (Free Internet Security, Download Internet Security Software Suite - Comodo) and ran a scan, and I also uninstalled and reinstalled Malwarebytes and scanned with that.

Comodo: Found 0 Malicious objects.
Malwarebytes: Found 0 malicious objects.
Used Comodo System Utilities (Comodo System Utilities Tools - Disk Registry Cleaner Software | Comodo) to clean up some remnants in the registry.

Computer is running smoother and cleaner, and I now have a fully working antivirus program, and it's free!

I'm also blocking a lot of bad IP addresses.

I didn't have to reinstall Windows 7, and everything is back to normal. I'm glad I decided to try to remove it instead of reinstall. Reinstalling would have been an even bigger hassle. I have a LOT of data on this drive.

I hope this forum is helpful to people in the future.

 

[cryptoncore]

there is one final thing, which i don't like myself, but that would be to use another computer to make a bootable ubuntu USB drive
and then put that into your pc change the BIOS to boot USB first, and then run ubuntu, NOT INSTALL, and download CLAMAV ANTIVIRUS and scan your other OS, that could fix it, saved me once before.

whichever way you choose, it sounds like a bad virus so i hope it goes well for you!

 

[cryptoncore]

never mind! glad you fixed but i would make sure that you use a high quality anti virus..ESET is what im comfortable with.

 

[MelancholyRose]

So far Comodo seems really awesome. It has a sandbox which makes a "fake" Windows and copies the malicious things there to find out what they are. It also has a firewall with it.

It tells you what's coming in, what it's doing, where it's going, and what it might be capable of. It's really impressive for freeware!

Also from what I've heard, they update their definitions every day.