Trojan.zeroaccess!inf4

Norton Security | Norton Internet Security
21

Uninstall

 

Ask Toolbar
"AVG Secure Search" = AVG Security Toolbar
"conduitEngine" = Conduit Engine
"ESET Online Scanner" = ESET Online Scanner v3
"StartNow Toolbar" = StartNow Toolbar
"uTorrentBar Toolbar" = uTorrentBar Toolbar

 

I have to script for the rest.

 

Quads

22

They're all uninstalled

23

Probably no point in me scripting for the rest as there is a large gap (date) from the log until now.

 

Bye

 

Quads

24

I will not be touching your system as you have had other techs, working on it, It is their job, not mine.

 

Quads

25

I am not doing your system, you have gone on your own and run advanced programs on your own against warnings and other instructions on threads, so I am not touching.

 

Good Luck, you have more than zeroaccess to deal with.

 

"the file is windows/System32/services.exe... I understand enough to know that registrys as well as the file must be deleted," haha you understand nothing.

 

Quads

26

I have done nothing and I am the only one that uses my system... That is a load... I have honestly run nothing... I just stated what I have researched so far... If you could help that would be great, if you're not going to then I know that you obviously don't know what you're doing... All I have used is Norton software...you come here and look then, because I have not... Help me if you want, but I want the norton community to know then that you don't know those logs if you said I have used other stuff, when I personally know I have not...yes my computer is locked 100% of the time

27

Btw quads... Guess what the first thing the norton agent did? Deletsays services.exe and put the 64 bit one in there...talk about me not knowing anything lmfaooooo both files are the same, just a copy... Thanks for nothing,,,good luck trying to help others when you don't seem to know what you're dealing with

28

Used norton support virus section, paid 100$ and got all root kits and other virudele removed from system along with allnorton errors

29

They didn't just delete the file and that is it, they swapped it, there is a difference,  go on just delete the file and see what happens, LOL.

 

IN PM ".I am quite furious at you now, because I have not run a single piece of software except Norton... I'm still willing to listen to suggestions, but I have not even touched this problem yet... Read the logs again or something, because I have not done anything except what norton took me to..."

 

I really don't care, you decided to run advanced tools on your own, like a know it all, and I made a policy not to touch those systems as it weeds out those difficult ones, as see by the replies and abuse it get from the know it alls, when I just state I am not touching a system with stuff done.

 

People your run the likes of Norton, NPE, Fixzeroaccess, Malwarebytes, SAS, yes I do.

 

You useed FRST, so bye. "I have done nothing and I am the only one that uses my system... That is a load... I have honestly run nothing..." Running FRST is not run nothing.

 

Quads

30

And I do know what I am dealing with, I am able to remove all sorts of malware including zeroaccess and its variants, I don't ask for help on the forum for my infected system.

 

Quads

31

I ran only what you told me, if you told me that you can't help by me running your own tool, that's your fault not mine

32

I did not tell you to run anything, SIMPLE.

 

Do I have tell you how the thread looks, Ok.   You posted with attachment this,

 

"Hey Quads, I've been researching how your method works so I will post my frst64 log 64 bit window 7 log below... I have not used ANY tools except norton to figure out any of this (a long time ago my brother told me to install combofix, but I NEVER used it,and have deleted it since then, honest)... the file is windows/System32/services.exe... I understand enough to know that registrys as well as the file must be deleted, but I am going to follow every one of your directions in order to do what you would like me to do... I am a very technical 16 year old (yes, young, but understand the importance of not doing things out of step) will post the text file now. (Yes, I used your tool by looking up my problem and found someone with the same problem with same system and such... figured I'd speed up the process this way.)"

 

There is no way that I have told you to run or post anything when it is your fist post in the thread that has FRST attachment.  You did your own I can do it research,  ignoring things 

 

I then posted back stating I am not doing your system, I still did not tell you to run anything as you had already do so bye and good luck.

 

You have to have been dreaming I told you on your thread before it existed to run a program as the thread did not exist.

 

And if Tech Support swapped services.exe good, but have they dealt with the BCD and the partition????

 

Quads

 

 

33

Yep... totally gone... they know more about the virus than you ever will unless you created it -_-... they even told me what website I got it from...one of those fb offshoots...go play fixit somewhere else

34
redzapdos wrote:

... they know more about the virus than you ever will unless you created it -_-

http://community.norton.com/t5/Norton-Internet-Security-Norton/Symantec-Please-Speak-Up-About-Rash-of-Trojans/m-p/771428/highlight/true#M211918

 

35
redzapdos wrote:

Yep... totally gone... they know more about the virus than you ever will unless you created it -_-... they even told me what website I got it from...one of those fb offshoots...go play fixit somewhere else

Lovely seeing as I help Symantec with these anyway hahaha, and it is not a virus

 

More than Zeroaccess

 

Type 00 partition infection:
C:\Windows\svchost.exe

 

 

Quads

36

Moved to own thread for better exposure.

37

ANY other user other than the thread starter is not to use any instructions, scripts or proceedures,  The work though in cleaning a system is individual and only for that system due to a number of factors.

 

Unfortunately, with the amount of threads means the waiting time is longer, Norton continually Blocking files won't hurt your system but is is just annoying, Please wait and be patient.   I am  trying to keep up, spending hours here to script and clean machines on a first come/first served basis. If you or someone adds to your thread It will be pushed back in line due to the new update.  I use the boards in reverse to what is seen

 

Please do not run any tools unless instructed to do so. 

  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask nothing extra or run things twice
  • If I ask a Question just answer it, don't run anything unless it states.
  • Major steps used:

1. Find

2. Break

3. Destroy

4. Cleanup  (including system as a whole)

 

Please read every post completely before doing anything. 

  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

 

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :smileylol:)

  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

 

 

 "I can only restart in safe mode", do you have a Flash Drive??

 

Quads

 

 

 

 

38

Yes, I have a flash drive.   Not using it right now, but I have one.  :) 

39

Read Slowly and all of it.

 

Please download http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/  Download the 64 bit version


Transfer it on to the Flash Drive

Enter System Recovery Options

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

 

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

 

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your portable hard drive
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive.  restart the system and load Windows Please attach the log in  your reply back..

 

Quads

40

I can get to the Advanced Boot options by pressing F8.  However, when I select 'repair your computer', I never get to select a language or anything.   It just goes to a blue sun type screen, with the cursor arrow in the middle.  Can't get it to boot in safe mode or anything now.