Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
ZeroAccess Possible Issues
Message
<blockquote data-quote="Holt" data-source="post: 95185" data-attributes="member: 4525"><p>Hi Fiery,</p><p></p><p>The scan came out clean; however, I am still concerned about the following log in RKill:</p><p></p><p>Checking Windows Service Integrity: </p><p></p><p> * RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]</p><p></p><p>[I have this post on both computers. Could this be from ReImage? or is it a service host virus/rootkit?]</p><p></p><p>Checking for processes to terminate:</p><p></p><p> * C:\WINDOWS\system32\CTsvcCDA.exe (PID: 864) [WD-HEUR]</p><p> * C:\WINDOWS\system32\MsPMSPSv.exe (PID: 1940) [WD-HEUR]</p><p>2 proccesses terminated!</p><p></p><p>Searching for Missing Digital Signatures: </p><p></p><p> * C:\WINDOWS\System32\mspmsnsv.dll [NoSig]</p><p> +-> C:\WINDOWS\$NtServicePackUninstall$\mspmsnsv.dll : 52,224 : 08/04/2004 00:56 AM : c086483e3dba8c1c0a687ec8d5b3d4c1 [Pos Repl]</p><p> +-> C:\WINDOWS\$NtUninstallWMFDist11$\mspmsnsv.dll : 52,224 : 04/13/2008 08:12 PM : c7e39ea41233e9f5b86c8da3a9f1e4a8 [Pos Repl]</p><p> +-> C:\WINDOWS\erdnt\cache\mspmsnsv.dll : 27,136 : 10/18/2006 09:47 PM : c51b4a5c05a5475708e3c81c7765b71d [Pos Repl]</p><p> +-> C:\WINDOWS\ServicePackFiles\i386\mspmsnsv.dll : 52,224 : 08/04/2004 09:56 AM : c086483e3dba8c1c0a687ec8d5b3d4c1 [Pos Repl]</p><p> +-> C:\WINDOWS\SYSTEM32\DLLCACHE\mspmsnsv.dll : 27,136 : 10/18/2006 09:47 PM : c51b4a5c05a5475708e3c81c7765b71d [Pos Repl]</p><p>[I think this is because Reimage replaced some damaged or missing files. Should I run my installation XP service pack 3 disk to replace files?]</p><p></p><p>Also, after running the OTL registry patch, I now get some weird text on the end of my RKill show below:</p><p></p><p>Checking HOSTS File: </p><p></p><p> * HOSTS file entries found: </p><p></p><p> ÿþ1 2 7 . 0 . 0 . 1 l o c a l h o s t </p><p> </p><p> : : 1 l o c a l h o s t </p><p> </p><p>[Any ideas or suggestions?]</p><p> </p><p>Thanks!</p><p></p><p>ESETSmartInstaller@High as CAB hook log:</p><p>OnlineScanner.ocx - registred OK</p><p># version=8</p><p># iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)</p><p># OnlineScanner.ocx=1.0.0.6844</p><p># api_version=3.0.2</p><p># EOSSerial=488ebcf1d3b76549a3599a7c3f762d1e</p><p># end=finished</p><p># remove_checked=false</p><p># archives_checked=false</p><p># unwanted_checked=true</p><p># unsafe_checked=true</p><p># antistealth_checked=true</p><p># utc_time=2013-01-09 05:05:38</p><p># local_time=2013-01-09 12:05:38 (-0500, Eastern Standard Time)</p><p># country="United States"</p><p># lang=1033</p><p># osver=5.1.2600 NT Service Pack 3</p><p># compatibility_mode=5892 16777213 88 94 0 10447310 0 0</p><p># scanned=71012</p><p># found=0</p><p># cleaned=0</p><p># scan_time=2026</p></blockquote><p></p>
[QUOTE="Holt, post: 95185, member: 4525"] Hi Fiery, The scan came out clean; however, I am still concerned about the following log in RKill: Checking Windows Service Integrity: * RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath] [I have this post on both computers. Could this be from ReImage? or is it a service host virus/rootkit?] Checking for processes to terminate: * C:\WINDOWS\system32\CTsvcCDA.exe (PID: 864) [WD-HEUR] * C:\WINDOWS\system32\MsPMSPSv.exe (PID: 1940) [WD-HEUR] 2 proccesses terminated! Searching for Missing Digital Signatures: * C:\WINDOWS\System32\mspmsnsv.dll [NoSig] +-> C:\WINDOWS\$NtServicePackUninstall$\mspmsnsv.dll : 52,224 : 08/04/2004 00:56 AM : c086483e3dba8c1c0a687ec8d5b3d4c1 [Pos Repl] +-> C:\WINDOWS\$NtUninstallWMFDist11$\mspmsnsv.dll : 52,224 : 04/13/2008 08:12 PM : c7e39ea41233e9f5b86c8da3a9f1e4a8 [Pos Repl] +-> C:\WINDOWS\erdnt\cache\mspmsnsv.dll : 27,136 : 10/18/2006 09:47 PM : c51b4a5c05a5475708e3c81c7765b71d [Pos Repl] +-> C:\WINDOWS\ServicePackFiles\i386\mspmsnsv.dll : 52,224 : 08/04/2004 09:56 AM : c086483e3dba8c1c0a687ec8d5b3d4c1 [Pos Repl] +-> C:\WINDOWS\SYSTEM32\DLLCACHE\mspmsnsv.dll : 27,136 : 10/18/2006 09:47 PM : c51b4a5c05a5475708e3c81c7765b71d [Pos Repl] [I think this is because Reimage replaced some damaged or missing files. Should I run my installation XP service pack 3 disk to replace files?] Also, after running the OTL registry patch, I now get some weird text on the end of my RKill show below: Checking HOSTS File: * HOSTS file entries found: ÿþ1 2 7 . 0 . 0 . 1 l o c a l h o s t : : 1 l o c a l h o s t [Any ideas or suggestions?] Thanks! ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=8 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6844 # api_version=3.0.2 # EOSSerial=488ebcf1d3b76549a3599a7c3f762d1e # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2013-01-09 05:05:38 # local_time=2013-01-09 12:05:38 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=5892 16777213 88 94 0 10447310 0 0 # scanned=71012 # found=0 # cleaned=0 # scan_time=2026 [/QUOTE]
Insert quotes…
Verification
Post reply
Top
