08-05-2012 12:25 PM
HP m7350n Media Center
Win XP Media Center v2002 SP3
Pentium (R) D CPU 2.80 GHz 2.0 GB RAM
8-1-2012 Norton Full System Scam
Unresolved Threats: Trojan.Zeroaccess!inf
Tried Norton FixZeroAccess.exe removal tool (did not remove virus)
Tried a second time with fresh download tool (did not remove virus)
Ran Norton Scan History
ys (infected file)
C:\WINDOWS\system32\drivers\redbook.sys (infected file)
8-5-2012 11:43 AM
- Ran Norton Quick Scan - found redbook.sys infected, auto remove failed
- Ran D drive scan - no problems found
- Ran scan on C:\System Volume
ys (no problem found)
- Ran scan on C:\WINDOWS\system32\drivers (found redbook.sys infected)
Quads, I await your commands to seek and destroy the enemy.
08-05-2012 08:10 PM - edited 08-05-2012 08:14 PM
ANY other user other than the thread starter is not to use any instructions, scripts or proceedures, The work though in cleaning a system is individual and only for that system due to a number of factors.
Unfortunately, with the amount of threads means the waiting time is longer, Norton continually Blocking files won't hurt your system but is is just annoying, Please wait and be patient. I am trying to keep up, spending hours here to script and clean machines on a first come/first served basis. If you or someone adds to your thread It will be pushed back in line due to the new update. I use the boards in reverse to what is seen
Please do not run any tools unless instructed to do so.
4. Cleanup (including system as a whole)
Please read every post completely before doing anything.
Please read carefully and follow these steps.
Download TDSSKiller from http://support.kaspersky.com/faq/?qid=208280684 click on the TDSSkiller.exe green link.
Double click on TDSSKiller.exe to run the application,
Open the Change Parameters option and select the detect TDL File system
Then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
Look for the Filesystem detection
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste into Notepad and attach back here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ ) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please attach the log in the post back.
08-06-2012 10:28 AM
Ran TDS Killer as directed.
Redbook.sys was only file infected.
Rebooted as directed.
When reboot completed household power interrupted less than 1 second (it's hot in Texas).
Let it reboot by itself.
TDSS killer log file found and attached.
Awaiting further instruction, sir.
08-07-2012 06:28 AM
The second run of TDSKiller showed redbook.sys OK
No other infections found
Did not reboot
Noticed that each time TDSKiller is run it changes my clock/day/month/year settings
Awaiting orders, sir
08-07-2012 07:34 PM
Please read carefully Read all of this message first
Download Combofix http://www.bleepingcomputer.com/download/anti-viru
Right click the combofix.exe on the desktop and select from the menu "Run as Administrator"
****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****
Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
08-08-2012 09:33 AM
- downloaded ComboFix following your instructions
- TCP/IP stack infected and root virus detected
- ComboFix rebooted
-ComboFix auto scanning again
- message box: "PEV,exe encountered prob. needs to shut down" (I took no action)
- Norton message "Sure you want to shut down Norton Firewall" (I took no action - had already set Norton to 5 hour off)
- ComboFix rebooted and preparing report
- Win Security Alert message: "Sure you want to keep blocking?" (I took no action)
- ComboFix Report completed (attached to this post)
- I launched IE browser - message that IE is not default browser (I made itt default browser)
- I turned Norton PC Security back on
- I rebooted, Win Security Alert auto installed 1 update during shutdown
Awaiting further orders, sir.
08-08-2012 09:11 PM
step 4. (a)
Please read carefully and Slowly
You might have to export the results
Please scan with ESET next
I'd like us to scan your machine with ESET OnlineScan
If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.
08-09-2012 08:32 AM
Ran ESET program per your instructions
Two threats found (see attached report)
Did not remove ESET program files at completion of scan.
Awaiting further instructions, sir.
08-09-2012 07:58 PM
Step 4. (b)
Disable Norton for say 30 minutes
Download OTL http://www.bleepingcomputer.com/download/otl/
Click the Scan All Users checkbox.
Change file age to 60 days
An OTL.txt and extras.txt will be created.