07-16-2012 08:22 AM
Just last Saturday, my computer was infected with the Trojan Zeroaccess virus. NIS keeps popping up with notices saying that the virus has been blocked, and a restart is required to complete the fix (which ultimately doesn't work). The source of the infection is C:\Windows\assembly\GAC\Desktop.ini, which I cannot find under the assembly folder. After using Norton Power Eraser, Fix Zeroaccess, Malware Bytes and regular NIS scans (in both safe mode and regular modes), I'm out of options. Anyone have any recommendations?
Also, my computer is running on Windows 7 Home Premium, 32 bit.
07-16-2012 04:06 PM
ANY other user other than the thread starter is not to use any instructions, scripts or proceedures, The work though in cleaning a system is individual and only for that system due to a number of factors.
Please do not run any tools unless instructed to do so.
4. Cleanup (including system as a whole)
Please read every post completely before doing anything.
Do you have a Flash Drive??
07-16-2012 10:13 PM
Read Slowly and all of it.
Please download http://www.bleepingcomputer.com/download/farbar-re
Transfer it on to the Flash Drive
Enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
On the System Recovery Options menu you will get the following options:
Windows Complete PC Restore
Windows Memory Diagnostic Tool
07-16-2012 10:28 PM
Here's the log. One thing I want to note is my flash drive letter appeared as "F" while accessing it in Repair mode. Accessing it through regular means on Windows, my flash drive is now represented as a "G" drive. Not sure if this changes anything necessarily, but just wanted to throw that out there.
07-16-2012 11:38 PM - edited 07-16-2012 11:42 PM
"Messages file: C:\Program Files\Malwarebytes' Anti-Malware\unins000.msg" is missing. Please correct the problem or obtain a new copy of the program."
I did take the .exe file of Malware bytes and use it on my flash drive. Should I reinstall it /get another free download onto my desktop and then uninstall it?
07-16-2012 11:49 PM
I will move most of it
Download the script attached, needs to be the same file name as well (fixlist.txt), Copy across to flash drive
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Now please enter System Recovery Options again. Like previously
07-17-2012 12:10 AM
Please read carefully Read all of this message first
Download Combofix http://www.bleepingcomputer.com/download/anti-viru
Right click the combofix.exe on the desktop and select from the menu "Run as Administrator"
****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****
Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.