ZeroAccess Infection

I started a thread here a while back but a series of problems including the hurricane prevented me from replying for several months and the thread appears locked. Quads was nice enough to start the process of helping me and hope he will again. I don't know how to proceed, link and txt from systemlook will be posted below, or should I start a new thread? Thanks.
  http://community.norton.com/t5/Norton-Internet-Security-Norton/ZeroAccess-Infection/td-p/770448   ZeroAccess Infection

 

‎07-28-2012 11:06 AM

Hi. First post here. I tried registering for this forum weeks ago with gmail and aol email addresses but never received the confirmation emails. Today I resorted to creating a yahoo address which apparently worked.. so my here is my spotty recollection of my problem: I've usually had good luck with Norton products, but a few weeks ago when I installed the new Norton Antivirus (version 19.7.1.5) on my old 2006 Dell E510, Windows XP media center edition, apparently it awoke something because Norton full scan was running for nearly 24 hours and never completed. I had to stop the full scan because it appeared crashed. I then rebooted and did a quick scan and I noticed zeroaccess was found I believe in two instances. I was in the midst of following Norton's instructions for removal, downloaded power erasor and zeroaccess remover, but neither was able to do a complete removal. Then Norton was unable to even open in normal windows mode, and would open but not do a quick scan in safe mode. I then thought the virus corrupted Norton itself, so I uninstalled and reinstalled Norton. Tried to do quck scans again to identify the virus, but had the same problems and was prevented from doing a quick scan. I was reading other threads on this forum and it seems zeroaccess is a crafty virus that sometimes requires custom solutions with which experts here can assist. Many thanks in advance for any help.

 
 
Super Virus Trouncer
Quads
Posts: 12,559
Registered: ‎07-22-2008
Re: ZeroAccess Infection[ Edited ]
 

‎07-29-2012 03:49 AM - edited ‎07-29-2012 03:51 AM

ANY other user other than the thread starter is not to use any instructions, scripts or proceedures,  The work though in cleaning a system is individual and only for that system due to a number of factors.

 

Unfortunately, with the amount of threads means the waiting time is longer, Norton continually Blocking files won't hurt your system but is is just annoying, Please wait and be patient.   I am  trying to keep up, spending hours here to script and clean machines on a first come/first served basis. If you or someone adds to your thread It will be pushed back in line due to the new update.  I use the boards in reverse to what is seen

 

Please do not run any tools unless instructed to do so. 

  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask nothing extra or run things twice
  • If I ask a Question just answer it, don't run anything unless it states.
  • Major steps used:

1. Find

2. Break

3. Destroy

4. Cleanup  (including system as a whole)

 

Please read every post completely before doing anything. 

  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

 

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :smileylol:)

  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

 

Please download SystemLook from one of the links below and save it to your Desktop.

 

http://jpshortstuff.247fixes.com/SystemLook.html  the 32 bit version

 

Disable Norton for say 30 mins

 

Double-click SystemLook.exe to run it.

Copy the content of the following codebox into the main textfield:  (don't forget the : in front of :filefind)

 


:filefind

\n

\@
*.@

services.exe


 

 

Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please attach this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Quads

 
Super Virus Trouncer
Quads
Posts: 12,559
Registered: ‎07-22-2008
Re: ZeroAccess Infection
 

‎08-05-2012 08:16 PM

Use F8 like you would to get to Safe Mode, but use LAST KNOWN GOOD CONFIGURATION 

 

Quads

ANY other user other than the thread starter is not to use any instructions, scripts or proceedures,  The work though in cleaning a system is individual and only for that system due to a number of factors.

 

Unfortunately, with the amount of threads means the waiting time is longer, Norton continually Blocking files won't hurt your system but is is just annoying, Please wait and be patient.   I am  trying to keep up, spending hours here to script and clean machines on a first come/first served basis. If you or someone adds to your thread It will be pushed back in line due to the new update.  I use the boards in reverse to what is seen

 

Please do not run any tools unless instructed to do so. 

  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask nothing extra or run things twice
  • If I ask a Question just answer it, don't run anything unless it states.
  • Major steps used:

1. Find

2. Break

3. Destroy

4. Cleanup  (including system as a whole)

 

Please read every post completely before doing anything. 

  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

 

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :smileylol:)

  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

 

Please download SystemLook from one of the links below and save it to your Desktop.

 

http://jpshortstuff.247fixes.com/SystemLook.html  the 32 bit version

 

Disable Norton for say 30 mins

 

Double-click SystemLook.exe to run it.

Copy the content of the following codebox into the main textfield:  (don't forget the : in front of :filefind)



:filefind

\n

\@
*.@

services.exe


 

 

Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please attach this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Quads

Thank you. Turned computer on, saw blue screen with white text, starts with message "I01 Initialization Failed...". Turned off, then turned on, same result.

Use F8 like you would to get to Safe Mode, but use LAST KNOWN GOOD CONFIGURATION 

 

Quads

I started a thread here a while back but a series of problems including the hurricane prevented me from replying for several months and the thread appears locked. Quads was nice enough to start the process of helping me and hope he will again. I don't know how to proceed, link and txt from systemlook will be posted below, or should I start a new thread? Thanks.
  http://community.norton.com/t5/Norton-Internet-Security-Norton/ZeroAccess-Infection/td-p/770448   ZeroAccess Infection

 

‎07-28-2012 11:06 AM

Hi. First post here. I tried registering for this forum weeks ago with gmail and aol email addresses but never received the confirmation emails. Today I resorted to creating a yahoo address which apparently worked.. so my here is my spotty recollection of my problem: I've usually had good luck with Norton products, but a few weeks ago when I installed the new Norton Antivirus (version 19.7.1.5) on my old 2006 Dell E510, Windows XP media center edition, apparently it awoke something because Norton full scan was running for nearly 24 hours and never completed. I had to stop the full scan because it appeared crashed. I then rebooted and did a quick scan and I noticed zeroaccess was found I believe in two instances. I was in the midst of following Norton's instructions for removal, downloaded power erasor and zeroaccess remover, but neither was able to do a complete removal. Then Norton was unable to even open in normal windows mode, and would open but not do a quick scan in safe mode. I then thought the virus corrupted Norton itself, so I uninstalled and reinstalled Norton. Tried to do quck scans again to identify the virus, but had the same problems and was prevented from doing a quick scan. I was reading other threads on this forum and it seems zeroaccess is a crafty virus that sometimes requires custom solutions with which experts here can assist. Many thanks in advance for any help.

 
 
Super Virus Trouncer
Quads
Posts: 12,559
Registered: ‎07-22-2008
Re: ZeroAccess Infection[ Edited ]
 

‎07-29-2012 03:49 AM - edited ‎07-29-2012 03:51 AM

ANY other user other than the thread starter is not to use any instructions, scripts or proceedures,  The work though in cleaning a system is individual and only for that system due to a number of factors.

 

Unfortunately, with the amount of threads means the waiting time is longer, Norton continually Blocking files won't hurt your system but is is just annoying, Please wait and be patient.   I am  trying to keep up, spending hours here to script and clean machines on a first come/first served basis. If you or someone adds to your thread It will be pushed back in line due to the new update.  I use the boards in reverse to what is seen

 

Please do not run any tools unless instructed to do so. 

  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask nothing extra or run things twice
  • If I ask a Question just answer it, don't run anything unless it states.
  • Major steps used:

1. Find

2. Break

3. Destroy

4. Cleanup  (including system as a whole)

 

Please read every post completely before doing anything. 

  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

 

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :smileylol:)

  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

 

Please download SystemLook from one of the links below and save it to your Desktop.

 

http://jpshortstuff.247fixes.com/SystemLook.html  the 32 bit version

 

Disable Norton for say 30 mins

 

Double-click SystemLook.exe to run it.

Copy the content of the following codebox into the main textfield:  (don't forget the : in front of :filefind)

 


:filefind

\n

\@
*.@

services.exe


 

 

Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please attach this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Quads

 
Super Virus Trouncer
Quads
Posts: 12,559
Registered: ‎07-22-2008
Re: ZeroAccess Infection
 

‎08-05-2012 08:16 PM

Use F8 like you would to get to Safe Mode, but use LAST KNOWN GOOD CONFIGURATION 

 

Quads

There is no point,   last post dated ‎08-06-2012 12:16 PM  (August)   and oh, Hurricane Sandy was late October

 

Quads

 If there are any others on this forum who can help, I'd appreciate it.  Otherwise, rebuild it is.

In view of Quads' comment - I would suggest you go to a Malware Removal Forum for assistance. Quads is our expert , has passed on your situation and I feel you will get your best assistance through the following information that our old friend Delphinium supplied.


If you decide to try another forum, here are some places where a malware expert can work with you one-on-one in real time to dig these things out. Some of our best folks here have checked them out to make sure that they are capable, and competent to deal with rootkits and other nasties. Most of them handle tricky Windows problems as well.



http://www.bleepingcomputer.com/
http://www.geekstogo.com/forum/
http://www.cybertechhelp.com/forums/
http://forums.whatthetech.com/
http://support.emsisoft.com/forum/6-help-my-pc-is-infected/


Thanks yank.