Solved ZEROACCESS rootkit symptoms found, and missing some Services

rusl07cl08

rusl07cl08

New member
Local time
3:27 AM
Messages
19
Hi guys, I have run malwarebytes and rkill. The results are the following:

Code: 
* ALERT: ZEROACCESS rootkit symptoms found!

     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\ [ZA Dir]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\L\ [ZA Dir]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\L\00000004.@ [ZA File]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\L\201d3dde [ZA File]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\L\76603ac3 [ZA File]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\U\ [ZA Dir]

Checking Windows Service Integrity: 

 * Base Filtering Engine (BFE) is not Running.
   Startup Type set to: Automatic

 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Disabled

 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual

 * iphlpsvc [Missing Service]
 * MpsSvc [Missing Service]
 * WinDefend [Missing Service]
 * wscsvc [Missing Service]

 * SharedAccess [Missing ImagePath]

Should I be worry about this? Thanks!
 

My Computer

Computer type
Laptop
Computer Manufacturer/Model Number
Toshiba
OS
Windows 7 Ultimate x64 7600 Multiprocessor Free
CPU
Pentium(R) Dual-Core CPU T4500 @2.30GHz, 2300 MHz, 2 Core(s)
Motherboard
TOSHIBA Portable PC
Memory
3.00 GB
Graphics Card(s)
Mobile Intel(R) 45 Express Chipset Family(Microsoft-WDDM1.1)
Sound Card
High Defition Audio Device (Microsoft)
Monitor(s) Displays
Mobile PC Display
Screen Resolution
1366 x 768
Hard Drives
Hitachi HTS545032B9A300 ATA Device
PSU
Microsoft Composite Battery
Keyboard
Standard PS/2 Keyboard
Mouse
Synaptics PS/2 Port Touchpad
Internet Speed
100.0 Mbps
Antivirus
ESET Smart Security Version 5.2.9.1
Browser
Google Chrome
Other Info
has Bluetooth Radios
BIOS: InsydeH2O Version 1.40
Hello Rus mate run the TDSS Killer from this and there are more you can run if it doesn't work but it usually is pretty good.
Best Free Rootkit Scanner and Remover

Let us know how it goes and there is an another option if it doesn't cure the problem.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Own build (new) Desk1 / Asus ROG Win 7 / Desk2 1st build
OS
Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
CPU
Desk1 i5 3750K / Laptop i7 GTX 860M / Desk2 i5 2500
Motherboard
Desk1 Asus P877-V / Desk2 Gigabyte H67 UD3H / Laptop ?
Memory
Desk1 8GB (1866) / Desk2 16GB (1333) / Laptop 8Gb DDR3
Graphics Card(s)
Desk 1& 2NVidia GTX 650 & Laptops on board Intel
Sound Card
Desk 1 & 2 -XONAR DG Realtek High Def audio Laptop
Monitor(s) Displays
Desk 1 Benq HD 2450 / Desk2 Philips 24" / Laptop 17.5"
Screen Resolution
1920x1080 D1 & D2 & Laptop 1
Hard Drives
Desk1 Samsung 120GB 830 SSD
Asus ROG 256GB 850 Pro SSD
Desk2 Samsung 840 256 SSD
Toshiba 120GB EVO
PSU
Desk 1 Corsair HX 1050/ Laptop ? / Desk 2 Corsair HX 650
Case
Desk 1 Cooler HAF XM ? Toshiba laptop / Desk2 Coolermaster
Cooling
Fans on all Desk1 -2 Desk2 - all Coolermasters 5 Laptop ?
Keyboard
Desk 1 MS Sidewinder X6 Desk 2 MS Sidewinder X 4
Mouse
Desk 1&2 - Gigabyte MS 900 gamer - laptop - Logitec wireless
Internet Speed
ADSL2+
Other Info
One other Desktop (tester) and spare Toshba laptop both with SSD's
Running Kaspersky 2016 ISS on all machines config'd identically
Logitec audio stereo systems on each machine (x3)
Canon MG5250MFC
Router/modem TP-Link running WPA2SK
Thanks ICit2lol but the results are:
0 threats
0 objects quarantined

Btw, I used Kaspersky TDSSKiller.
 

My Computer

Computer type
Laptop
Computer Manufacturer/Model Number
Toshiba
OS
Windows 7 Ultimate x64 7600 Multiprocessor Free
CPU
Pentium(R) Dual-Core CPU T4500 @2.30GHz, 2300 MHz, 2 Core(s)
Motherboard
TOSHIBA Portable PC
Memory
3.00 GB
Graphics Card(s)
Mobile Intel(R) 45 Express Chipset Family(Microsoft-WDDM1.1)
Sound Card
High Defition Audio Device (Microsoft)
Monitor(s) Displays
Mobile PC Display
Screen Resolution
1366 x 768
Hard Drives
Hitachi HTS545032B9A300 ATA Device
PSU
Microsoft Composite Battery
Keyboard
Standard PS/2 Keyboard
Mouse
Synaptics PS/2 Port Touchpad
Internet Speed
100.0 Mbps
Antivirus
ESET Smart Security Version 5.2.9.1
Browser
Google Chrome
Other Info
has Bluetooth Radios
BIOS: InsydeH2O Version 1.40
Ok mate lets try this it will run from power up and not involve Windows therefore not involve any system filing stuff. It means making a bootable disk but it keeps for a while before it needs getting a fresh copy - so handy for the future.
Download Kaspersky Rescue Disk 10
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Own build (new) Desk1 / Asus ROG Win 7 / Desk2 1st build
OS
Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
CPU
Desk1 i5 3750K / Laptop i7 GTX 860M / Desk2 i5 2500
Motherboard
Desk1 Asus P877-V / Desk2 Gigabyte H67 UD3H / Laptop ?
Memory
Desk1 8GB (1866) / Desk2 16GB (1333) / Laptop 8Gb DDR3
Graphics Card(s)
Desk 1& 2NVidia GTX 650 & Laptops on board Intel
Sound Card
Desk 1 & 2 -XONAR DG Realtek High Def audio Laptop
Monitor(s) Displays
Desk 1 Benq HD 2450 / Desk2 Philips 24" / Laptop 17.5"
Screen Resolution
1920x1080 D1 & D2 & Laptop 1
Hard Drives
Desk1 Samsung 120GB 830 SSD
Asus ROG 256GB 850 Pro SSD
Desk2 Samsung 840 256 SSD
Toshiba 120GB EVO
PSU
Desk 1 Corsair HX 1050/ Laptop ? / Desk 2 Corsair HX 650
Case
Desk 1 Cooler HAF XM ? Toshiba laptop / Desk2 Coolermaster
Cooling
Fans on all Desk1 -2 Desk2 - all Coolermasters 5 Laptop ?
Keyboard
Desk 1 MS Sidewinder X6 Desk 2 MS Sidewinder X 4
Mouse
Desk 1&2 - Gigabyte MS 900 gamer - laptop - Logitec wireless
Internet Speed
ADSL2+
Other Info
One other Desktop (tester) and spare Toshba laptop both with SSD's
Running Kaspersky 2016 ISS on all machines config'd identically
Logitec audio stereo systems on each machine (x3)
Canon MG5250MFC
Router/modem TP-Link running WPA2SK
Download and run Windows Repair (All In One)
Do at least test 1,3,26,17,6 and reboot afterwards.
After that run the tests again as you did in #1 and post the results
 
Last edited:

My Computer

Computer type
Laptop
Computer Manufacturer/Model Number
ACER ASPIRE 5742G
OS
Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
CPU
Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Motherboard
Acer Aspire 5742G
Memory
4,00 GB
Graphics Card(s)
ATI Mobility Radeon HD 5400 Series
Sound Card
(1) AMD High Definition Audio Device (2) Realtek High Defi
Screen Resolution
1366 x 768 x 32 bits (4294967296 colors) @ 60 Hz
Hard Drives
WDC WD5000BEVT-22ZAT0
Btw, I have run Trojan Remover (http://www.simplysup.com/tremover/download.html) a minute ago then the rkill resulted:

Code: 
* Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

 * ALERT: ZEROACCESS rootkit symptoms found!

     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\ [ZA Dir]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\L\ [ZA Dir]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\L\00000004.@ [ZA File]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\L\201d3dde [ZA File]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\L\76603ac3 [ZA File]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\U\ [ZA Dir]

Checking Windows Service Integrity: 

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
Last edited by a moderator:

My Computer

Computer type
Laptop
Computer Manufacturer/Model Number
Toshiba
OS
Windows 7 Ultimate x64 7600 Multiprocessor Free
CPU
Pentium(R) Dual-Core CPU T4500 @2.30GHz, 2300 MHz, 2 Core(s)
Motherboard
TOSHIBA Portable PC
Memory
3.00 GB
Graphics Card(s)
Mobile Intel(R) 45 Express Chipset Family(Microsoft-WDDM1.1)
Sound Card
High Defition Audio Device (Microsoft)
Monitor(s) Displays
Mobile PC Display
Screen Resolution
1366 x 768
Hard Drives
Hitachi HTS545032B9A300 ATA Device
PSU
Microsoft Composite Battery
Keyboard
Standard PS/2 Keyboard
Mouse
Synaptics PS/2 Port Touchpad
Internet Speed
100.0 Mbps
Antivirus
ESET Smart Security Version 5.2.9.1
Browser
Google Chrome
Other Info
has Bluetooth Radios
BIOS: InsydeH2O Version 1.40
Ok Katususoft but I would like to se what becomes of that rescue disk run first.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Own build (new) Desk1 / Asus ROG Win 7 / Desk2 1st build
OS
Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
CPU
Desk1 i5 3750K / Laptop i7 GTX 860M / Desk2 i5 2500
Motherboard
Desk1 Asus P877-V / Desk2 Gigabyte H67 UD3H / Laptop ?
Memory
Desk1 8GB (1866) / Desk2 16GB (1333) / Laptop 8Gb DDR3
Graphics Card(s)
Desk 1& 2NVidia GTX 650 & Laptops on board Intel
Sound Card
Desk 1 & 2 -XONAR DG Realtek High Def audio Laptop
Monitor(s) Displays
Desk 1 Benq HD 2450 / Desk2 Philips 24" / Laptop 17.5"
Screen Resolution
1920x1080 D1 & D2 & Laptop 1
Hard Drives
Desk1 Samsung 120GB 830 SSD
Asus ROG 256GB 850 Pro SSD
Desk2 Samsung 840 256 SSD
Toshiba 120GB EVO
PSU
Desk 1 Corsair HX 1050/ Laptop ? / Desk 2 Corsair HX 650
Case
Desk 1 Cooler HAF XM ? Toshiba laptop / Desk2 Coolermaster
Cooling
Fans on all Desk1 -2 Desk2 - all Coolermasters 5 Laptop ?
Keyboard
Desk 1 MS Sidewinder X6 Desk 2 MS Sidewinder X 4
Mouse
Desk 1&2 - Gigabyte MS 900 gamer - laptop - Logitec wireless
Internet Speed
ADSL2+
Other Info
One other Desktop (tester) and spare Toshba laptop both with SSD's
Running Kaspersky 2016 ISS on all machines config'd identically
Logitec audio stereo systems on each machine (x3)
Canon MG5250MFC
Router/modem TP-Link running WPA2SK
* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

=>quite normal. I think you have another virusscanner running(?) You have microsoft security essentials installed?
 

My Computer

Computer type
Laptop
Computer Manufacturer/Model Number
ACER ASPIRE 5742G
OS
Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
CPU
Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Motherboard
Acer Aspire 5742G
Memory
4,00 GB
Graphics Card(s)
ATI Mobility Radeon HD 5400 Series
Sound Card
(1) AMD High Definition Audio Device (2) Realtek High Defi
Screen Resolution
1366 x 768 x 32 bits (4294967296 colors) @ 60 Hz
Hard Drives
WDC WD5000BEVT-22ZAT0
[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Modify that registry value of "EnableFirewall" to 1 instead of 0!
 

My Computer

Computer type
Laptop
Computer Manufacturer/Model Number
ACER ASPIRE 5742G
OS
Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
CPU
Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Motherboard
Acer Aspire 5742G
Memory
4,00 GB
Graphics Card(s)
ATI Mobility Radeon HD 5400 Series
Sound Card
(1) AMD High Definition Audio Device (2) Realtek High Defi
Screen Resolution
1366 x 768 x 32 bits (4294967296 colors) @ 60 Hz
Hard Drives
WDC WD5000BEVT-22ZAT0
Ok mate I shall leave you in Katususofts hands
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Own build (new) Desk1 / Asus ROG Win 7 / Desk2 1st build
OS
Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
CPU
Desk1 i5 3750K / Laptop i7 GTX 860M / Desk2 i5 2500
Motherboard
Desk1 Asus P877-V / Desk2 Gigabyte H67 UD3H / Laptop ?
Memory
Desk1 8GB (1866) / Desk2 16GB (1333) / Laptop 8Gb DDR3
Graphics Card(s)
Desk 1& 2NVidia GTX 650 & Laptops on board Intel
Sound Card
Desk 1 & 2 -XONAR DG Realtek High Def audio Laptop
Monitor(s) Displays
Desk 1 Benq HD 2450 / Desk2 Philips 24" / Laptop 17.5"
Screen Resolution
1920x1080 D1 & D2 & Laptop 1
Hard Drives
Desk1 Samsung 120GB 830 SSD
Asus ROG 256GB 850 Pro SSD
Desk2 Samsung 840 256 SSD
Toshiba 120GB EVO
PSU
Desk 1 Corsair HX 1050/ Laptop ? / Desk 2 Corsair HX 650
Case
Desk 1 Cooler HAF XM ? Toshiba laptop / Desk2 Coolermaster
Cooling
Fans on all Desk1 -2 Desk2 - all Coolermasters 5 Laptop ?
Keyboard
Desk 1 MS Sidewinder X6 Desk 2 MS Sidewinder X 4
Mouse
Desk 1&2 - Gigabyte MS 900 gamer - laptop - Logitec wireless
Internet Speed
ADSL2+
Other Info
One other Desktop (tester) and spare Toshba laptop both with SSD's
Running Kaspersky 2016 ISS on all machines config'd identically
Logitec audio stereo systems on each machine (x3)
Canon MG5250MFC
Router/modem TP-Link running WPA2SK
Kaktussoft said:
Download and run Windows Repair (All In One)
Do at least test 1,3,26,17,6 adn reboot afterwards.
After that run the tests again as you did in #1 and post the results
Click to expand...

Done. I think it's somehow fixed my problems. This is the result:

Code: 
Checking for processes to terminate:
 * C:\ProgramData\DatacardService\DCService.exe (PID: 1496) [AU-HEUR]
 * C:\ProgramData\DatacardService\DCSHelper.exe (PID: 2864) [AU-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:
 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:
 * ALERT: ZEROACCESS rootkit symptoms found!

     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\ [ZA Dir]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\L\ [ZA Dir]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\L\00000004.@ [ZA File]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\L\201d3dde [ZA File]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\L\76603ac3 [ZA File]
     * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\U\ [ZA Dir]

Checking Windows Service Integrity: 
 * No issues found.

Searching for Missing Digital Signatures: 
 * No issues found.

And thank you for that. :D
By the way, during the tweaking repairs, I encountered BSOD displaying:

Code: 
PAGE_FAULT_IN_NONPAGED_AREA
Technical Information:
*** win32k.sys - Address FFFFF9600018354B base at FFFFF960000C0000, DateStamp 54163648
Regarding this:
Kaktussoft said:
* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

=>quite normal. I think you have another virusscanner running(?) You have microsoft security essentials installed?
Click to expand...

After the tweaking repairs, I started my Windows Defender and it is now updating. Thanks! I don't have MS Security Essentials. My AV is ESET Smart Security 5.
 

My Computer

Computer type
Laptop
Computer Manufacturer/Model Number
Toshiba
OS
Windows 7 Ultimate x64 7600 Multiprocessor Free
CPU
Pentium(R) Dual-Core CPU T4500 @2.30GHz, 2300 MHz, 2 Core(s)
Motherboard
TOSHIBA Portable PC
Memory
3.00 GB
Graphics Card(s)
Mobile Intel(R) 45 Express Chipset Family(Microsoft-WDDM1.1)
Sound Card
High Defition Audio Device (Microsoft)
Monitor(s) Displays
Mobile PC Display
Screen Resolution
1366 x 768
Hard Drives
Hitachi HTS545032B9A300 ATA Device
PSU
Microsoft Composite Battery
Keyboard
Standard PS/2 Keyboard
Mouse
Synaptics PS/2 Port Touchpad
Internet Speed
100.0 Mbps
Antivirus
ESET Smart Security Version 5.2.9.1
Browser
Google Chrome
Other Info
has Bluetooth Radios
BIOS: InsydeH2O Version 1.40
So the repair seems to fix the issue....nice.
Did you rerun it after the BSOD?

BSOd: I don't know why it crashed
 

My Computer

Computer type
Laptop
Computer Manufacturer/Model Number
ACER ASPIRE 5742G
OS
Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
CPU
Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Motherboard
Acer Aspire 5742G
Memory
4,00 GB
Graphics Card(s)
ATI Mobility Radeon HD 5400 Series
Sound Card
(1) AMD High Definition Audio Device (2) Realtek High Defi
Screen Resolution
1366 x 768 x 32 bits (4294967296 colors) @ 60 Hz
Hard Drives
WDC WD5000BEVT-22ZAT0
Kaktussoft said:
So the repair seems to fix the issue....nice.
Did you rerun it after the BSOD?

BSOd: I don't know why it crashed
Click to expand...

Yeah. The result is what I posted above. Thanks!
 

My Computer

Computer type
Laptop
Computer Manufacturer/Model Number
Toshiba
OS
Windows 7 Ultimate x64 7600 Multiprocessor Free
CPU
Pentium(R) Dual-Core CPU T4500 @2.30GHz, 2300 MHz, 2 Core(s)
Motherboard
TOSHIBA Portable PC
Memory
3.00 GB
Graphics Card(s)
Mobile Intel(R) 45 Express Chipset Family(Microsoft-WDDM1.1)
Sound Card
High Defition Audio Device (Microsoft)
Monitor(s) Displays
Mobile PC Display
Screen Resolution
1366 x 768
Hard Drives
Hitachi HTS545032B9A300 ATA Device
PSU
Microsoft Composite Battery
Keyboard
Standard PS/2 Keyboard
Mouse
Synaptics PS/2 Port Touchpad
Internet Speed
100.0 Mbps
Antivirus
ESET Smart Security Version 5.2.9.1
Browser
Google Chrome
Other Info
has Bluetooth Radios
BIOS: InsydeH2O Version 1.40
You must log in or register to reply here.

Similar threads

  • Locked
Windows Security Center won't turn on
3 4 5
Replies
94
Views
20K
Jackie1
J
Solved Malware detected, clean now but comp still running poorly.
2
Replies
33
Views
7K
cottonball
cottonball
Windows defender and Windows Firewall missing
Replies
2
Views
6K
dkdakota
D
Solved SFC can't repair mmdevapi.dll and %windir% folder perms are wrong
Replies
2
Views
5K
davidb231
D
WIN7 virus.. Need help windows firewall is missing and my windows secu
Replies
4
Views
8K
litecore
litecore
Back
Top