What is the name of the file(s) and where were they located for detection.

Quads

Hi,

Thanks for replying!

The files are 00000002.@  and 80000064.@, 80000032.@ and located in c:\windows\assembly\temp\U

Roman

The Max++ (zeroaccess) group by the looks.   Norton is deleting part of zeroaccess only, causing the rootkit not to work properly and BANG windows doesn't load properly either.

Are we talking about Windows 32 bit or 64 bit   

Quads

Windows 7, 64

Please download hxxp://download.bleepingcomputer.com/farbar/FRST64.exe  (change the hxxp to http) and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options. 

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Quads

It doesn't allow me to paste in into the body of the message (don't know how to disable a Spell checker).

Here is the file in the attachment

What are you playing with Virus removal for??   I can see the programs, documents and files you have downloaded or created, for instance virus removal.docx.

Quads

Well, I tried for a few days before asking for help. I had many suggestions on the Web - that resulted in downloading several programs. The file virus_removal.docx is my Word document I've created few days ago. I copied there few suggestions from the Web which included links to Malwarebytes, TDSKiller and something else. It didn't work.

I tried Malwarebytes and that Kaspersky's killer, but it couldn't reboot and started from the earlier point with all the stuff I had before.

I am posting now from another computer, on that computer I am still in System Recovery Option.

Thanks,

Roman

Download the fixlist.txt

Save it in the Flash Drive, next to FRST.exe

Run FRST as you did before, except that this time around, click on the Fix button and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

To others:-

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Quads