05-20-2012 04:02 PM
NIS 2012 detected Zeroaccess!Inf2 and Zeroaccess!Inf on my 32-bit Windows Vista machine (with SP2) but couldn't remove it. NPE didn't detect anything. The NBRT Advanced Recovery Scan again detected !Inf and !Inf2 but couldn't remove them, and for some reason didn't save a log in the location specified before the scan.
In its scan, NIS detected a google of infected system files (log attached), so I am wondering if there is hope for this computer or if I should perform a clean reinstall of Windows.
Thanks for your time!
Solved! Go to Solution.
05-20-2012 05:09 PM
Please do not run any tools unless instructed to do so.
Please read every post completely before doing anything.
Please read carefully
1. Please download aswMBR hxxp://public.avast.com/~gmerek/aswMBR.exe to your desktop. (replace the hxxp with http)
Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT / Yes
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and Please attach the log in the post back, Don't have the program fix anything.
05-20-2012 08:05 PM - edited 05-20-2012 08:07 PM
Read all of this message first
Download Combofix http://www.bleepingcomputer.com/download/anti-viru
Doiwnload the attached CFscript.txt, , For some browsers Right Click the attachment on the forum and select "Save AS" or similar to Download it. See screenshot below.
Now drag the CFScript.txt into the ComboFix.exe
****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****
Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
05-20-2012 11:56 PM
The ComboFix log is attached.
After running the script, there is only local network access (no Internet) when booting in Safe Mode with Networking. Is this expected?
05-21-2012 12:06 AM
Good question - I didn't mention that some time after detecting the virus, Windows underwent two unexpected blue-screen shutdowns and I've been booting in safe mode since. Can try normal mode right now.
05-21-2012 12:19 AM - edited 05-21-2012 12:22 AM
You can try
My thinking is after the use of Combofix (first round) with one folder still to take care of that.
a) the Driver did not get properly swapped or,
b) the IP stack did not get repaired properly.