Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
ZeroAccess Possible Issues
Message
<blockquote data-quote="Holt" data-source="post: 95850" data-attributes="member: 4525"><p>Update!!</p><p></p><p>I ran Hitman Pro again but cancelled the scan early right after it detected the BOM Obfuscation. I then hit next and it fixed the file and removed some cookies as well. I then ran another scan, and it worked perfectly!</p><p>Unfortunately, when I restarted the computer, the scan crashed late, but it did not find the BOM Obfuscation which is good.</p><p></p><p>I then ran a RKill to check to see if the local hosts file garbled mess was still there, and it is not! <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /></p><p></p><p>See for yourself:</p><p></p><p>Rkill 2.4.5 by Lawrence Abrams (Grinler)</p><p>http://www.bleepingcomputer.com/</p><p>Copyright 2008-2013 BleepingComputer.com</p><p>More Information about Rkill can be found at this link:</p><p> http://www.bleepingcomputer.com/forums/topic308364.html</p><p></p><p>Program started at: 01/11/2013 03:28:50 PM in x86 mode.</p><p>Windows Version: Microsoft Windows XP Service Pack 3</p><p></p><p>Checking for Windows services to stop:</p><p></p><p> * No malware services found to stop.</p><p></p><p>Checking for processes to terminate:</p><p></p><p> * C:\WINDOWS\system32\CTsvcCDA.exe (PID: 1008) [WD-HEUR]</p><p> * C:\WINDOWS\system32\MsPMSPSv.exe (PID: 644) [WD-HEUR]</p><p></p><p>2 proccesses terminated!</p><p></p><p>Checking Registry for malware related settings:</p><p></p><p> * No issues found in the Registry.</p><p></p><p>Resetting .EXE, .COM, & .BAT associations in the Windows Registry.</p><p></p><p>Performing miscellaneous checks:</p><p></p><p> * No issues found.</p><p></p><p>Checking Windows Service Integrity: </p><p></p><p> * RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]</p><p></p><p>Searching for Missing Digital Signatures: </p><p></p><p> * No issues found.</p><p></p><p>Checking HOSTS File: </p><p></p><p> * HOSTS file entries found: </p><p></p><p> 127.0.0.1 localhost</p><p></p><p>Program finished at: 01/11/2013 03:29:29 PM</p><p>Execution time: 0 hours(s), 0 minute(s), and 38 seconds(s)</p><p></p><p></p><p>In doing some research on ReImage, they apparently bundle Babylon toolbar with it which is bad! I won't be using them again. I fear that they replaced some corrupt files with their "clean files" and that is causing some issues especially by not being able to use the Tweaking program's ScanDisk with my Windows XP CD. I do not like the following:</p><p> * RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]</p><p></p><p>This issue is on both computers than ran ReImage. I don't like the -k to say the least. Shouldn't it have the correct image path and just be svchost.exe. It looks like a virtual redirect issue which compromises my system's personal information.</p><p></p><p>So, I think this issue is one to be concerned with and might be why HitmanPro is crashing. We have removed lots of things, but there seems to be something lingering still because it is crashing. I also have quite a few Mozilla Firefox browser crashes as well!</p><p></p><p>Some interesting links:</p><p></p><p>http://www.pcsoftwaresbay.com/registry-cleaner-reports/36-reimage.html</p><p></p><p>http://support.microsoft.com/kb/972034</p><p>(Don't think I need to do this since Hitman Pro fixed it!)</p><p></p><p>Is Spyware Hunter any good?</p><p>http://www.enigmasoftware.com/cannot-download-spyhunter-or-browse-internet/</p></blockquote><p></p>
[QUOTE="Holt, post: 95850, member: 4525"] Update!! I ran Hitman Pro again but cancelled the scan early right after it detected the BOM Obfuscation. I then hit next and it fixed the file and removed some cookies as well. I then ran another scan, and it worked perfectly! Unfortunately, when I restarted the computer, the scan crashed late, but it did not find the BOM Obfuscation which is good. I then ran a RKill to check to see if the local hosts file garbled mess was still there, and it is not! (: See for yourself: Rkill 2.4.5 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2013 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 01/11/2013 03:28:50 PM in x86 mode. Windows Version: Microsoft Windows XP Service Pack 3 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * C:\WINDOWS\system32\CTsvcCDA.exe (PID: 1008) [WD-HEUR] * C:\WINDOWS\system32\MsPMSPSv.exe (PID: 644) [WD-HEUR] 2 proccesses terminated! Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath] Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 01/11/2013 03:29:29 PM Execution time: 0 hours(s), 0 minute(s), and 38 seconds(s) In doing some research on ReImage, they apparently bundle Babylon toolbar with it which is bad! I won't be using them again. I fear that they replaced some corrupt files with their "clean files" and that is causing some issues especially by not being able to use the Tweaking program's ScanDisk with my Windows XP CD. I do not like the following: * RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath] This issue is on both computers than ran ReImage. I don't like the -k to say the least. Shouldn't it have the correct image path and just be svchost.exe. It looks like a virtual redirect issue which compromises my system's personal information. So, I think this issue is one to be concerned with and might be why HitmanPro is crashing. We have removed lots of things, but there seems to be something lingering still because it is crashing. I also have quite a few Mozilla Firefox browser crashes as well! Some interesting links: http://www.pcsoftwaresbay.com/registry-cleaner-reports/36-reimage.html http://support.microsoft.com/kb/972034 (Don't think I need to do this since Hitman Pro fixed it!) Is Spyware Hunter any good? http://www.enigmasoftware.com/cannot-download-spyhunter-or-browse-internet/ [/QUOTE]
Insert quotes…
Verification
Post reply
Top
