Reply to thread

Message: <blockquote data-quote="Jack" data-source="post: 133825" data-attributes="member: 1">Hello,Hector, on this computer you had a very serious infection with a ZeroAccess rootkit. Combofix seems to have removed most of the infected files, but we will need to run some further scans.STEP 1: Run a scan with Kaspersky TDSSKiller<ol>    <li>Download Kaspersky TDSKiller from the below link.<><a title="External link" href="http://support.kaspersky.com/downloads/utils/tdsskiller.exe" rel="external">KASPERKSY TDSSKILLER DOWNLOAD LINK</a></> (This link will automatically download Kaspersky TDSSKiller on your computer)</li>    <li>Double-click on <>TDSSKiller.exe</> to run the application.<img src="http://img4.imageshack.us/img4/1907/tdss1.png" alt="Posted Image" /></li>    <li>Click <>Change parameters</><img src="http://img593.imageshack.us/img593/288/tdss2.png" alt="Posted Image" /></li>    <li>Check the boxes next to <>Verify Driver Digital Signature</> and <>Detect TDLFS file system</>, then click <>OK</><img src="http://img521.imageshack.us/img521/1456/tdss3.png" alt="Posted Image" /></li>    <li>Click on the <>Start Scan</> button to begin the scan and wait for it to finish.<>NOTE:</> Do not use the computer during the scan!</li>    <li>During the scan it will look similar to the image below:<img src="http://img6.imageshack.us/img6/9136/tdss4.jpg" alt="Posted Image" /></li>    <li>When it finishes, you will either see a report that no threats were found like below:<img src="http://img696.imageshack.us/img696/9898/tdss5.jpg" alt="Posted Image" />If no threats are found at this point, just click the <>Report</> selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.</li>    <li>If any infection or suspected items are found, you will see a window similar to below:<img src="http://img854.imageshack.us/img854/905/tdss7.jpg" alt="Posted Image" /><ul>    <li>If you have files that are shown to fail signature check do not take any action on these. Make sure you select <>Skip</>. I will tell you what to do with these later. They may not be issues at all.</li>    <li>If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.</li>    <li>If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objectsMake sure that <>Cure</> is selected. <>VERY IMPORTANT!</> - If Cure is not available, please choose <>Skip</> instead. DO NOT choose Delete unless instructed to do so.</li></ul></li>    <li>Click <>Continue</> to apply selected actions.</li>    <li>A reboot may be required to complete disinfection. A window like the below will appear:<img src="http://img828.imageshack.us/img828/4812/tdss6.jpg" alt="Posted Image" />Reboot immediately if TDSSKiller states that one is needed.</li>    <li>Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like <>TDSSKiller.2.1.1_2.12.2012_14.17.04_log.txt</> which is based on the program version # and date and time run.</li>    <li>Attach this log to your next reply.</li></ol><hr />STEP 2: Run a scan with ESET SirefefCleaner tool <ol> <li data-xf-list-type="ol">Click the link below to download the ESETSirefefCleaner tool. <><a title="External link" href="http://download.eset.com/special/ESETSirefefCleaner.exe" rel="external">ESET SIREFEFCLEANER DOWNLOAD LINK</a></> (This link will automatically download ESET SirefefCleaner tool on your computer) [*]Double-click ESETSirefefCleaner to start this utility. If security notifications appear, click Continue or Run. [*]The message "Win32/Sirefef.EV found in your system" will be displayed If an infection is found. Press Y on your keyboard to remove the infection. [*]Once the tool has run, you will be prompted to restore system services after you restart your computer. Press Y on your keyboard to restore system services and restart your computer. [*]Once your computer has restarted, if you are presented with a security notification click Yes or Allow. [*]Click Yes at the ESET Services Repair tool window. Once the ESET Services Repair process is complete, you will again be prompted to restart your computer, to do so click Yes. </li> </ol> What's next?Please add in your next reply:1.Kaspersky TDSSKiller log2. ESET logs3.Let me know if you had any problems with the above instructions and also <>let me know how things are running now!</></blockquote>

Verification

Top