1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Have Trojan.zeroAccess!inf5/6 virus

Discussion in 'Malware and Virus Removal Archive' started by bgriff, 2012/09/13.

Page 4 of 4
  1. 2012/10/11
    bgriff

    bgriff Inactive Thread Starter

    Joined:
    2012/09/07
    Messages:
    52
    Likes Received:
    0
    Still working on finishing latest steps
     
    bgriff,
    #61
  2. 2012/10/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok...
     
    broni,
    #62


  3. to hide this advert.

  4. 2012/10/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Still with me?
     
    broni,
    #63
  5. 2012/10/15
    bgriff

    bgriff Inactive Thread Starter

    Joined:
    2012/09/07
    Messages:
    52
    Likes Received:
    0
    Yes half way completed latest steps now:

    >Downloaded & installed Avast AV
    >removed Adobe to replace with Foxit
    >Updated Java to latest version
    >Downloaded JavaRa to remove old Javas
     
    bgriff,
    #64
  6. 2012/10/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok....
     
    broni,
    #65
  7. 2012/10/17
    bgriff

    bgriff Inactive Thread Starter

    Joined:
    2012/09/07
    Messages:
    52
    Likes Received:
    0
    Broni,

    ran into problem with Windows Updates not working and get the following message:

    Error page: Windows could not search for new updates
    An error occurred while checking for new updates for your computer

    Error(s) found:
    Code 80096001
     
    bgriff,
    #66
  8. 2012/10/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download Windows Repair (all in one) from this site

    Install the program then run it.

    Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

    [​IMG]



    Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

    [​IMG]


    Go to Step 4 and under "System Restore" click on Create button:

    [​IMG]


    Go to Start Repairs tab and click Start button.

    [​IMG]


    Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

    [​IMG]

    Click on box next to the Restart System when Finished. Then click on Start.
     
    broni,
    #67
  9. 2012/10/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Still with me?
     
    broni,
    #68
  10. 2012/10/23
    bgriff

    bgriff Inactive Thread Starter

    Joined:
    2012/09/07
    Messages:
    52
    Likes Received:
    0
    Yes windows updates are now working again.
     
    bgriff,
    #69
  11. 2012/10/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Way to go!! [​IMG]
    Good luck and stay safe :)
     
    broni,
    #70
  12. 2012/10/25
    bgriff

    bgriff Inactive Thread Starter

    Joined:
    2012/09/07
    Messages:
    52
    Likes Received:
    0
    Broni,

    not quite, I have been unable to completely install Window service pack 2 for a few days now. I have disabled antivirus in case it prevents the SP2 install but this still does not help and still unable to re-enable windows firewall due to getting same error message from before.
     
    bgriff,
    #71
  13. 2012/10/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Post new FSS log.
     
    broni,
    #72
  14. 2012/10/25
    bgriff

    bgriff Inactive Thread Starter

    Joined:
    2012/09/07
    Messages:
    52
    Likes Received:
    0
    new FSS Log:

    Farbar Service Scanner Version: 06-08-2012
    Ran by BG (administrator) on 25-10-2012 at 23:46:07
    Running from "C:\Users\BG\Desktop "
    Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============
    MpsSvc Service is not running. Checking service configuration:
    The start type of MpsSvc service is OK.
    The ImagePath of MpsSvc service is OK.
    The ServiceDll of MpsSvc service is OK.


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll
    [2010-07-17 01:37] - [2008-01-19 03:34] - 0204288 ____A (Microsoft Corporation) 43A988A9C10333476CB5FB667CBD629D

    C:\Windows\system32\Drivers\afd.sys
    [2011-06-16 19:30] - [2011-04-21 09:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457

    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys
    [2010-12-02 15:00] - [2010-06-16 11:59] - 0898952 ____A (Microsoft Corporation) 782568AB6A43160A159B6215B70BCCE9

    C:\Windows\system32\dnsrslvr.dll
    [2011-04-16 13:33] - [2011-03-02 10:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D

    C:\Windows\system32\mpssvc.dll
    [2010-07-17 01:39] - [2008-01-19 03:34] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

    C:\Windows\system32\bfe.dll
    [2010-07-17 01:38] - [2008-01-19 03:33] - 0328704 ____A (Microsoft Corporation) 8582E233C346AEFE759833E8A30DD697

    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe
    [2010-07-17 01:39] - [2008-01-19 03:33] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

    C:\Windows\system32\wscsvc.dll
    [2010-07-17 01:38] - [2008-01-19 03:37] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C

    C:\Windows\system32\wbem\WMIsvc.dll
    [2010-07-17 01:37] - [2008-01-19 03:36] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5

    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll
    [2010-07-17 01:39] - [2008-01-19 03:36] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D

    C:\Windows\system32\es.dll
    [2010-07-15 21:01] - [2010-07-15 21:01] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465

    C:\Windows\system32\cryptsvc.dll
    [2010-07-17 01:37] - [2008-01-19 03:34] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678

    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll
    [2010-07-09 06:21] - [2010-07-09 06:21] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830



    **** End of log ****
     
    bgriff,
    #73
  15. 2012/10/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    broni,
    #74
  16. 2012/10/27
    bgriff

    bgriff Inactive Thread Starter

    Joined:
    2012/09/07
    Messages:
    52
    Likes Received:
    0
    FSS post Firewall fix scan: Still unable to re-enable firewall and install windows update SP2.

    Farbar Service Scanner Version: 06-08-2012
    Ran by BG (administrator) on 27-10-2012 at 19:43:26
    Running from "C:\Users\BG\Desktop "
    Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============
    MpsSvc Service is not running. Checking service configuration:
    The start type of MpsSvc service is OK.
    The ImagePath of MpsSvc service is OK.
    The ServiceDll of MpsSvc service is OK.


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll
    [2010-07-17 01:37] - [2008-01-19 03:34] - 0204288 ____A (Microsoft Corporation) 43A988A9C10333476CB5FB667CBD629D

    C:\Windows\system32\Drivers\afd.sys
    [2011-06-16 19:30] - [2011-04-21 09:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457

    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys
    [2010-12-02 15:00] - [2010-06-16 11:59] - 0898952 ____A (Microsoft Corporation) 782568AB6A43160A159B6215B70BCCE9

    C:\Windows\system32\dnsrslvr.dll
    [2011-04-16 13:33] - [2011-03-02 10:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D

    C:\Windows\system32\mpssvc.dll
    [2010-07-17 01:39] - [2008-01-19 03:34] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

    C:\Windows\system32\bfe.dll
    [2010-07-17 01:38] - [2008-01-19 03:33] - 0328704 ____A (Microsoft Corporation) 8582E233C346AEFE759833E8A30DD697

    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe
    [2010-07-17 01:39] - [2008-01-19 03:33] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

    C:\Windows\system32\wscsvc.dll
    [2010-07-17 01:38] - [2008-01-19 03:37] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C

    C:\Windows\system32\wbem\WMIsvc.dll
    [2010-07-17 01:37] - [2008-01-19 03:36] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5

    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll
    [2010-07-17 01:39] - [2008-01-19 03:36] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D

    C:\Windows\system32\es.dll
    [2010-07-15 21:01] - [2010-07-15 21:01] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465

    C:\Windows\system32\cryptsvc.dll
    [2010-07-17 01:37] - [2008-01-19 03:34] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678

    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll
    [2010-07-09 06:21] - [2010-07-09 06:21] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830



    **** End of log ****
     
    bgriff,
    #75
  17. 2012/10/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It looks like have some Windows installation corruption.
    We'll need Vista DVD if we want to fix this issue.
     
    broni,
    #76
  18. 2012/10/28
    bgriff

    bgriff Inactive Thread Starter

    Joined:
    2012/09/07
    Messages:
    52
    Likes Received:
    0
    How is that when all other updates install with no problem except for Windows SP2? Any other suggestions?
     
    bgriff,
    #77
  19. 2012/10/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It's not only about SP2 but Windows firewall as well.
     
    broni,
    #78
Page 4 of 4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...