United States
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Norton Internet Security / Norton AntiVirus

Reply
Topic Options
Quads
Bot Obliterator
Krazy Kiwi (Norton Users Discussion Forum)
Quads
Posts: 13,250
Registered: ‎07-21-2008

Re: Trojan.Gen.2 and Trojan. Zeroaccess (possibly Hacktool.Rootkit) - definitely not fully resolved

Options

‎07-15-2012 12:53 PM

Delete your copy of fixlist.txt on your Flash Drive

 

Download the script attached, needs to be the same file name as well (fixlist.txt), Copy across to flash drive

 

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options again. Like previously

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe or frst64.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply (attach).

 

Quads

Attachment fixlist.txt ‏1 KB
Report Inappropriate Content
Message 21 of 70 (276 Views)
0 Kudos
westjessee
Contributor
westjessee
Posts: 32
Registered: ‎07-13-2012

Re: Trojan.Gen.2 and Trojan. Zeroaccess (possibly Hacktool.Rootkit) - definitely not fully resolved

Options

‎07-15-2012 01:10 PM

I tried rebooting in both regular and safe mode and I get the same blank screen. 

Report Inappropriate Content
Message 22 of 70 (266 Views)
0 Kudos
Quads
Bot Obliterator
Krazy Kiwi (Norton Users Discussion Forum)
Quads
Posts: 13,250
Registered: ‎07-21-2008

Re: Trojan.Gen.2 and Trojan. Zeroaccess (possibly Hacktool.Rootkit) - definitely not fully resolved

Options

‎07-15-2012 01:17 PM

Use FRST to 

 

a) create a new log, FRST.txt

b) use the above script to swap over services.exe

 

Quads

Report Inappropriate Content
Message 23 of 70 (263 Views)
0 Kudos
Quads
Bot Obliterator
Krazy Kiwi (Norton Users Discussion Forum)
Quads
Posts: 13,250
Registered: ‎07-21-2008

Re: Trojan.Gen.2 and Trojan. Zeroaccess (possibly Hacktool.Rootkit) - definitely not fully resolved

Options

‎07-15-2012 01:22 PM

are you meaning blank screen or Black screen??

 

Quads

Report Inappropriate Content
Message 24 of 70 (261 Views)
0 Kudos
westjessee
Contributor
westjessee
Posts: 32
Registered: ‎07-13-2012

Re: Trojan.Gen.2 and Trojan. Zeroaccess (possibly Hacktool.Rootkit) - definitely not fully resolved

Options

‎07-15-2012 01:26 PM

Black screen with working arrow

Report Inappropriate Content
Message 25 of 70 (256 Views)
0 Kudos
Quads
Bot Obliterator
Krazy Kiwi (Norton Users Discussion Forum)
Quads
Posts: 13,250
Registered: ‎07-21-2008

Re: Trojan.Gen.2 and Trojan. Zeroaccess (possibly Hacktool.Rootkit) - definitely not fully resolved

Options

‎07-15-2012 01:51 PM

Blank screen with working cursor.

 

Maybe services.exe did not get swapped properly or combofix is stuck, it's not the MBR

 

I will wait for the 2 logs from a) and b) above.

 

Quads

Report Inappropriate Content
Message 26 of 70 (246 Views)
0 Kudos
westjessee
Contributor
westjessee
Posts: 32
Registered: ‎07-13-2012

Re: Trojan.Gen.2 and Trojan. Zeroaccess (possibly Hacktool.Rootkit) - definitely not fully resolved

Options

‎07-15-2012 01:59 PM

Thanks for your patience.  Are you waiting for me to do that?  I am not sure how to do anything with the black screen.

Report Inappropriate Content
Message 27 of 70 (243 Views)
0 Kudos
Quads
Bot Obliterator
Krazy Kiwi (Norton Users Discussion Forum)
Quads
Posts: 13,250
Registered: ‎07-21-2008

Re: Trojan.Gen.2 and Trojan. Zeroaccess (possibly Hacktool.Rootkit) - definitely not fully resolved

Options

‎07-15-2012 02:03 PM

Use FRST

 

Quads

Report Inappropriate Content
Message 28 of 70 (237 Views)
0 Kudos
Quads
Bot Obliterator
Krazy Kiwi (Norton Users Discussion Forum)
Quads
Posts: 13,250
Registered: ‎07-21-2008

Re: Trojan.Gen.2 and Trojan. Zeroaccess (possibly Hacktool.Rootkit) - definitely not fully resolved

[ Edited ]
Options

‎07-15-2012 02:05 PM - edited ‎07-15-2012 02:07 PM

Step 1

 

Read Slowly and all of it.

 

Please download http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/  Download the 64bit version


Transfer it on to the Flash Drive

Enter System Recovery Options

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

 

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your portable hard drive
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive.  restart the system and load Windows Pleaseattach the log in  your reply back..

Then 

 

Delete your copy of fixlist.txt on your Flash Drive

 

Download the script attached, needs to be the same file name as well (fixlist.txt), Copy across to flash drive

 

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options again. Like previously

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe or frst64.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply (attach).

 

 

Attachments:
Attachment fixlist.txt 1 KB

 

Quads

Report Inappropriate Content
Message 29 of 70 (234 Views)
0 Kudos
westjessee
Contributor
westjessee
Posts: 32
Registered: ‎07-13-2012

Re: Trojan.Gen.2 and Trojan. Zeroaccess (possibly Hacktool.Rootkit) - definitely not fully resolved

Options

‎07-15-2012 02:28 PM

Sorry I think I kicked into panic mode and did not enter the right command in Safe Mode.

 

Here is a)

 

I am trying to figure out how to swap services.exe

Attachment Fixlog.txt ‏1 KB
Report Inappropriate Content
Message 30 of 70 (228 Views)
0 Kudos

Products

Services

Support

Norton on Facebook
Norton on Twitter
Norton's YouTube Channel
Symantec on Linked In
Norton on Google+