05-04-2012 05:28 PM
I am using Windows XP professional with Service Pack 3 on an Compaq V6000 (x86). Norton picked up the Zeroaccess infection and recommends manual removal. It looks like I have 2 infected files:
Any help would be appreciated.
Solved! Go to Solution.
05-04-2012 05:47 PM
Please do not run any tools unless instructed to do so.
Please read every post completely before doing anything.
Please read carefully
1. Please download aswMBR hxxp://public.avast.com/~gmerek/aswMBR.exe to your desktop. (replace the hxxp with http)
Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT / Yes
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and Please attach the log in the post back, Don't have the program fix anything.
05-05-2012 05:46 AM
Attached is the log file.
I did not run any Tools, but Norton AutoProtect was on. The AutoProtect did pop up a message regarding backdoor.tidserv while scanning. Do I need to disable or Uninstall Norton and rescan? I also have SpyBot and Malwarebytes (and an outdated ESET package) installed.
Thanks for the help.
05-06-2012 05:08 PM
Ok, and I know the Windows driver involved, just in case.
Please read carefully and follow these steps.
Download TDSSKiller from http://support.kaspersky.com/faq/?qid=208280684 click on the TDSSkiller.exe green link.
Double click on TDSSKiller.exe to run the application,
Open the Change Parameters option and select the detect TDLsystem
Then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please attach the log in the post back.
05-06-2012 05:51 PM
Sorry, I wasn't sure if "cure" was the same as "delete" as a default option.
Both with default action set to Delete.