06-14-2012 10:33 PM
Download GMER from http://www.gmer.net/
You can run a scan if you want, but I am more interested in using the right pointing arrows tab and it expands to show other options.
Choose the files option and being very careful as GMER can delete files you won't want to delete by accident
Slowly navigate to the system32\drivers folder like you would in Windows explorer, sometimes it takes some time to find and show the files list.
On the right hand side is the list of files and folders in the drivers folder. scroll if needed until do you see mrxsmb.sys_backup?? careful there is a legit mrxsmb.sys also
06-15-2012 12:18 AM
OK, we will have more steps after this to make sure the rest of the system is clean and then the clean up.
Disable Norton for say 30 mins
You may want to make sure that you can see the screenshot below first to make sure what you are doing. It shows a different file but same steps apply.
Select mrxsmb.sys_backup Make sure you DON"T select mrxsmb.sys
With GMER go into the Drivers folder and find in the list mrxsmb.sys_backup and select it.Double check it's the right file selected (instructions carry on below screenshot)
This time click on the right hand side DELETE, GMER asks basically are you sure?? click Yes
You can see that in the screenshot above I created a file called atapi.sys.vir to just show the dialog.
After deleting the file close GMER, then start GMER again, and go into the drivers folder to see if afd.sys.org is really gone.
06-15-2012 12:36 AM
Please read carefully Read all of this message first
Download Combofix http://www.bleepingcomputer.com/download/anti-viru
Just Run Combofix
****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****
Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
06-15-2012 01:33 AM
Good the zeroaccess file system has been moved that is breaking it down.
It looks like FixZeroaccess in some way tried to complete its task and failed.
Now to check the whole system
Please read carefully and Slowly
Please scan with ESET next
I'd like us to scan your machine with ESET OnlineScan
If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.
06-15-2012 01:05 PM
Basically only one file to add to the list.
Disable Norton for say 30 minutes
Click the Scan All Users checkbox.
Change file age to 60 days
under Copy and paste what is below between the lines
C:\Program Files\Common Files\ComObjects\*.* /s
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
An OTL.txt will be created.