I have started getting pop-up's regarding Trojan Gen2 and Zeroaccess being blocked by NIS. I have been on the boards researching here on this site. This is my first post, as I have read the instructions on not to try other threads instructions. I am looking for a Quad to help me remove these viruses.
My system:
Sony Vaio VPCS111FM
Intel Core i5
Win7 Home Premium S.P. 1
x64
Norton Internet Security 2012
I do have a flash drive.
I have not tried any tools yet to remove these, wanted to wait for instructions from someone better qualified than myself.
Hello, im having the same problem does the same apply? im using windows vista, I used to have AVG but couldn't get rid of either of the trojans so I removed that a paid for Norton internet security. It pops up all the time to say its blocked but is there a way of completely removing it? Its in c:\windows\installer\{a6fd3508-a3e0-85a3-587f-ede7eae0dfb4}\u\80000000.@
I've had it since I downloaded the new messenger update, I even tried uninstalling that and it doesn't work.
my laptop wont allow me to use any of my windows security either, not even update, I've tried fix it through windows and that doesn't work either.
I've also tried restore, running in safe mode etc and that's not working either. That's as far as my knowledge goes, I would be very grateful for any help .
you need to start a new thread for your own situation, please don't post in other people's threads as we are working with a professional for our specific operating system. Please read the information in bold at the top of the Quad's posting. Thanks!
I have started getting pop-up's regarding Trojan Gen2 and Zeroaccess being blocked by NIS. I have been on the boards researching here on this site. This is my first post, as I have read the instructions on not to try other threads instructions. I am looking for a Quad to help me remove these viruses.
My system:
Sony Vaio VPCS111FM
Intel Core i5
Win7 Home Premium S.P. 1
x64
Norton Internet Security 2012
I do have a flash drive.
I have not tried any tools yet to remove these, wanted to wait for instructions from someone better qualified than myself.
Download the script attached, needs to be the same file name as well (fixlist.txt), Copy across to flash drive
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Now please enter System Recovery Options again. Like previously
Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe or frst64.exe and press Enter Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
i am confused at how to "download" the attached script. when I click on it it is just some text, i tried to copy and paste to my flash drive in a "new folder" that i named fixlist.txt. but it wouldn't let me paste. am I missing something here?
never mind, I figured it out, will post fixlog soon.
Delete your copy of fixlist.txt on your Flash Drive
Download the script attached, needs to be the same file name as well (fixlist.txt), Copy across to flash drive
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Now please enter System Recovery Options again. Like previously
Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe or frst64.exe and press Enter Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
Double click on TDSSKiller.exe to run the application,
Open the Change Parameters option and select the detect TDL File system
Click OK
Then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue. If a suspicious file is detected, the default action will be Skip, click on Continue.
Look for the Filesystem detection
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste into Notepad and attach back here. If a reboot is required, the report can also be found in your root directory, (usually C:\ ) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please attach the log in the post back.
Run TDSSkiller with just the TDL Filesystem selected the run a scan, then after the scan in the listing change the action so that TDSSkiller will delete
11:12:27.0635 7748 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 11:12:27.0635 7748 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
I ran TDS Killer with just the Filesystem Detected selected. The scan ran and immediately showed "no threats found" I don't see the listing to change the action to delete the files you mention. However, they are both listed in the results report below. Please advise.
Ensure that Combofix is saved directly to the Desktop <--- Very important (Not in the Download(s) or Temp folders)
Disable all security programs as they will have a negative effect on Combofix, Disabled for say 1 hour or more.
Close any open browsers and any other programs you might have running
Right click the combofix.exe on the desktop and select from the menu "Run as Administrator"
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review
****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze****
Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
*EXTRA NOTES*
If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)
