07-23-2012 09:50 PM
My wife's laptop recently started redirecting websites and the NIS keeps telling us that it's blocking the Trojan.Zeroaccess.B and Trojan.Gen.2 files. Each time it tells us that the item is resolved and no further action is required. However, it keeps happening - typically about every few minutes or so. Any assistance would be greatly appreciated.
The computer is running Vista Home Premium 64 bit.
Solved! Go to Solution.
07-24-2012 07:16 PM
ANY other user other than the thread starter is not to use any instructions, scripts or proceedures, The work though in cleaning a system is individual and only for that system due to a number of factors.
Please do not run any tools unless instructed to do so.
4. Cleanup (including system as a whole)
Please read every post completely before doing anything.
Do you have a Flash Drive??
07-25-2012 05:50 PM - edited 07-25-2012 05:52 PM
Unfortunately, with the amount of threads means the waiting time is longer, Norton continually Blocking files won't hurt your system but is is just annoying, Please wait and be patient. I am trying to keep up, spending hours here to script and clean machines on a first come/first served basis. If you or someone adds to your thread It will be pushed back in line due to the new update. I use the boards in reverse to what is seen
Read Slowly and all of it.
Please download http://www.bleepingcomputer.com/download/farbar-re
Transfer it on to the Flash Drive.
Enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
On the System Recovery Options menu you will get the following options:
Windows Complete PC Restore
Windows Memory Diagnostic Tool
07-25-2012 08:15 PM
Thanks for your response. I have done my best to follow the instructions. I tried multiple times. However, there were a couple of differences that I found as I walked through the steps. Not sure if they do/do not matter to the process, but wanted to make sure you knew exactly what was happening (per your request to "be your eyes" and provide as much info as possible).
1 - Where your instructions directed me to select language, I could not. the language box was greyed out and inactive. I was, however, in the same box able to select the "keyboard layout". I selected US layout.
2 - I was never given an opportunity to select the operating system to repair. After selecting the keyboard layout, the next box was for the user account.
3 - My flash drive was F:/
That being said, I have attached the log per your request.
07-26-2012 05:17 PM
Download the script attached, needs to be the same file name as well (fixlist.txt), Copy across to flash drive
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Now please enter System Recovery Options again. Like previously
07-26-2012 08:08 PM - edited 07-26-2012 08:09 PM
Thanks for your response. I only had item that was different than your instructions: the frst64 tool didn't show the disclaimer - it went straight to the screen that allowed me to "scan" or "fix" (I believer there was a third option but can't remember what it was - sorry). I clicked the "fix" once as instructed. The log is attached as you have requested.
07-27-2012 07:01 PM
Please read carefully Read all of this message first
Download Combofix http://www.bleepingcomputer.com/download/anti-viru
Right click the combofix.exe on the desktop and select from the menu "Run as Administrator"
****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****
Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
07-27-2012 10:27 PM
Thanks for the response. I have followed your instructions and have attached the log that Combofix generated.
One thing to let you know - I had disabled the Norton Internet Security that is running on the laptop, the best I could figure out (there's no "off" button on NIS as far as I could tell) but Combofix thought it was still running. Combofix gave me a dialog box asking me to turn off the anrti virus and anti spyware from NIS. I opened NIS and checked to make sure everything I could turn off was off and then continued with the Combofix. If it helps, we have NIS version 126.96.36.199.
Also, during the Combofix process, it told me "System file is infected!! Attempting to restore "C:\Windows\system32\services.exe" but it continued on, seemingly without a problem.
Hopefully you can tell from the log if it did/didn't work properly. If I need to redo the procedure, please let me know. I just didn't want to go further without your advice.
07-28-2012 11:30 PM
Combofix could not deal with services.exe so
Start FRST like you did in Step 1, once it starts do this,
Type the following in the edit box after "Search:" so it looks like this:
Click Search button and post the log it makes to your reply. Called search.txt