Not what you were looking for? Ask our experts!
Reply
Contributor
Retired_USAF
Posts: 33
Registered: ‎05-09-2012

Re: Yet Another Zeroaccess!inf Infection

success.

Bot Obliterator
Quads
Posts: 16,540
Registered: ‎07-21-2008

Re: Yet Another Zeroaccess!inf Infection

Run aswMBR again

 

Just want to make sure the image file C:\WINDOWS\system32\drivers\mrxsmb.sys_backup and links are gone before the final objects clean up process.

 

broke my train of thought as just had in the middle of this an earthquake aftershock.

 

Quads

Contributor
Retired_USAF
Posts: 33
Registered: ‎05-09-2012

Re: Yet Another Zeroaccess!inf Infection

Bummer.  A whole lot of shaking going on, huh?  All quiet in Illinois.  No tornadoes for a few weeks!  We did have an earthequake a couple years ago....that was unique for here.

 

Anyway, I digress.  Log attached.

Bot Obliterator
Quads
Posts: 16,540
Registered: ‎07-21-2008

Re: Yet Another Zeroaccess!inf Infection

You forgot the definitions step in aswMBR

 

Look up Christchurch NZ earthquakes

 

Quads

Contributor
Retired_USAF
Posts: 33
Registered: ‎05-09-2012

Re: Yet Another Zeroaccess!inf Infection

I didn't, but maybe I didn't wait long enough.  I got distracted, looked back and saw the Scan button was enabled, so I thought it was done.  I'll try again.  Haven't seen anything on Christchurch.  I'll look it up......

Contributor
Retired_USAF
Posts: 33
Registered: ‎05-09-2012

Re: Yet Another Zeroaccess!inf Infection

Okay,

This time it downloaded twice the size in definitions files.  Also took longer to scan.  Must have burped teh first time.  ANyway, log attached.

Bot Obliterator
Quads
Posts: 16,540
Registered: ‎07-21-2008

Re: Yet Another Zeroaccess!inf Infection

The bugger is still hanging on

 

Download a new copy of Combofix and like before (same instructions) but use this script attached

 

Quads

Contributor
Retired_USAF
Posts: 33
Registered: ‎05-09-2012

Re: Yet Another Zeroaccess!inf Infection

I checked the Internet.  Seems like you have been shaking all week!

 

I'll run ComboFix again, but don't expect a post until later.  Its midnight and I need to sleep!

 

I really appreciate your time and assistance.  Hope your shaking isn't signs of things to come.

 

 

Bot Obliterator
Quads
Posts: 16,540
Registered: ‎07-21-2008

Re: Yet Another Zeroaccess!inf Infection

We started with the 7.1 shake back in 2010

 

Quads

Contributor
Retired_USAF
Posts: 33
Registered: ‎05-09-2012

Re: Yet Another Zeroaccess!inf Infection

Second ComboFix log attached.