Norton keeps detecting and deleting these viruses but they still keep coming back.
Trojan.Gen.2 80000064.@
Trojan.Zeroaccess.B 80000000.@
Trojan.Gen.2 000000cb.@
Trojan.Gen.2 00000004.@
Trojan.Gen.2 80000032.@
Can anyone please help
Yes, i do have a flash drive. Thanks for your reply!
Read Slowly and all of it.
Please download http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ You need to download the 64 bit version
Transfer it on to the Flash Drive / portable Hard Drive.
Enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
- Restart the computer.
- As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
- Use the arrow keys to select the Repair your computer menu item.
- Choose your language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
- Select Command Prompt
- In the command window type in notepad and press Enter.
- The notepad opens. Under File menu select Open.
- Select "Computer" and find your flash drive / portable Hard Drive letter and close the notepad.
- In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive. - The tool will start to run.
- When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) on the flash drive. restart the system and load Windows Please attach the log in your reply.
Quads
Hi,
I have attached the FRST.txt. From the time i started the thread(though i did not do anything specifically to get rid of it), SAV is not detecting the trojan, but i am not able to open a lot of websites when auto-protect is on. I have a feeling the trojan is still hiding somewhere. Thanks for your help.
You have the new variant, hold fire.
Download these 2 programs to you desktop ready just in case after the break you have no Internet Don't run them yet
http://www.bleepingcomputer.com/download/farbar-service-scanner/
http://www.bleepingcomputer.com/download/combofix/
Quads
I have downloaded both the programs to my desktop, waiting for further instruction. Thanks!
Download the 2 attached .txt files, and remove the .txt extension so that you have the files end in .reg (ZAFix1.reg) etc.
Then click to run the files and then the system should ask if you want the data added to the registry, answer = yes. A cofirmation message should them appear saying that the data has been added..
The other way is to right click the files and choose "Open With" from the menu, and you should see Registry Editor as an option to choose.
For me this repaired the 2 Windows registry keys in question. So then I could after deal with the rest and also repair broken services.
Quads
Norton keeps detecting and deleting these viruses but they still keep coming back.
Trojan.Gen.2 80000064.@
Trojan.Zeroaccess.B 80000000.@
Trojan.Gen.2 000000cb.@
Trojan.Gen.2 00000004.@
Trojan.Gen.2 80000032.@
Can anyone please help
Both the registry files have been applied. SAV auto-protect still does not allow me to visit websites unless i disable auto-protect.
Run FSS.exe, Tick all the boxes before running the scan and post back a log.
Quads
Please find log attached, let me know if you want to run it in repair mode or in safe mode.
Download the attached .txt files, and remove the .txt extension so that you have the files end in .reg
Then click to run the files and then the system should ask if you want the data added to the registry, answer = yes. A cofirmation message should them appear saying that the data has been added..
The other way is to right click the files and choose "Open With" from the menu, and you should see Registry Editor as an option to choose.
More service reg files to come
Quads
After adding to the registry all those, restart the system and Run FSS like the first time, ticking all the boxes.
Quads
Ran all the registry files and FSS log is attached.
OK
Please read carefully Read all of this message first
Already Downloaded.
- Ensure that Combofix is saved directly to the Desktop <--- Very important (Not in the Download(s) or Temp folders)
- Disable all security programs as they will have a negative effect on Combofix, Disabled for say 1 hour or more.
- Close any open browsers and any other programs you might have running
Right click the combofix.exe on the desktop and select from the menu "Run as Administrator"
- If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
- When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review
****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****
Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
*EXTRA NOTES*
- If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
- If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
- If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)
Quads