Page 3 of 3 FirstFirst 123
Results 21 to 30 of 30

Thread: ZeroAccess or more

  1. #21
    Member
    Join Date
    Oct 2007
    Posts
    38

    Default

    Microsoft Security Essentials Uninstalled and the FSS Report:

    After I got the FSS Report I rebooted. Restore still don't open but maybe you know that.

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Srservice]
    "Type"=dword:00000020
    "Start"=dword:00000002
    "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
    74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
    00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
    6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00

    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Srservice\Parameters]
    "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
    00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
    73,00,72,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Srservice\Enum]
    "0"="Root\\LEGACY_SRSERVICE\\0000"
    "Count"=dword:00000001
    "NextInstance"=dword:00000001

  2. #22
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi jm1223,

    The srvic seems to be damaged. Download the attached zip file and extract it's contents. The extracted file is named srservice.reg. Right click it and merge it like you did with the others.

    Reboot the computer. Does System Restore Service now appear in services.msc? If it does right click it and click properties. Make sure the service status is running.
    Member of UNITE and ASAP

  3. #23
    Member
    Join Date
    Oct 2007
    Posts
    38

    Default

    I don't seem to have the attachment.

  4. #24
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi jm1223,

    I don't see it there either. I'm sure I attached it. I'll post it as soon as I get home, in about 2 hours.
    Member of UNITE and ASAP

  5. #25
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi jm1223,

    Here you go.
    Member of UNITE and ASAP

  6. #26
    Member
    Join Date
    Oct 2007
    Posts
    38

    Default

    You got it, It's back.
    Thank you for your help.

  7. #27
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi jm1223,

    Good. Is the service status of System Restore running?

    Let's take care of any remnants if there are any.

    Your java is out of date. Click your start button, open Control panel.
    • Locate the Java icon (it looks like a coffee cup)
    • double click it to open it
    • click the Update tab
    • Click update now
    Decline any toolbars offered during the update.

    After the java is updated, reboot your computer if not prompted to.

    Next

    Download and save to your desktop Malwarebytes Anti-Malware

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

    Next

    Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean


    One more scan to check for stragglers.

    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



    Go here to run an online scannner from
    ESET

    (Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
    • Click Scan.
    • Wait for the scan to finish.
    • When the scan completes, click List of found threats
    • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
    • Include the contents of this report in your next reply

      Note - when ESET doesn't find any threats, no report will be created.
    • Push the back button.
    • Push Finish
    • Re-enable your Antivirus software.


    Please post back with
    • MBAM log
    • ESET log if there was one
    Any issues?
    Member of UNITE and ASAP

  8. #28
    Member
    Join Date
    Oct 2007
    Posts
    38

    Default

    The System Restore is running. ESET Found No threats.
    I think we got it all. I see MBAM starts up on reboot. Should I let this run?
    Thanks again.

    Here is the MBAM Report:

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.26.05

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Jack :: ALPHA2 [administrator]

    Protection: Enabled

    6/26/2012 8:48:13 AM
    mbam-log-2012-06-26 (08-48-13).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 247741
    Time elapsed: 10 minute(s), 30 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

  9. #29
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi jm1223,

    I see MBAM starts up on reboot. Should I let this run?
    You have the Trial version of MBAM and most likely clicked the button to activate it. The trial version will run with all the features of the paid version for 30 days (I think) after which time it will revert to the free version. The free version does not have real time scanning but is a good program to have.

    You can allow MBAM to run during the trial period. You may find that like the program and wish to purchase it. It is very reasonably priced and the fee is a one time fee. Either way I recommend that you keep the program, keep it updated and run a scan on a weekly basis.

    Please note that MBAM is not a replacement for your antivirus program but rather it is a compliment to it.

    From the logs it does appear we have your computer cleaned up. We can now clean up the tools we used.

    From your desktop, please delete, if present
    • any notepads/logs that we created
    • DDS
    • mbr.zip
    • mbr.dat
    • aswMBR.exe
    • FSS
    • net.bat
    • net.txt
    • SystemLook
    • fix.zip
    • myfix.reg
    • fix1.zip
    • netman.reg
    • fix2.zip
    • netman1.reg
    • fix3.zip
    • srservice.reg


    Next

    Click the Start button, click Run. Copy and paste the following line into the run box and click OK
    Combofix /uninstall

    I suggest you keep MBAM. Keep it updated and use it regularly.

    You can also keep TFC, it's a very good temporary file cleaner.

    Updates

    Adobe Acrobat and Adobe Reader

    You have an older version of Adobe installed. The Adobe Reader portion of the program is vulnerable to exploits. If you do not use Adobe Acrobat for creating PDF files you can uninstall the complete program. It must be uninstalled in starting with the latest update and work backwards.

    Adobe Acrobat and Reader 6.0.6 Update
    Adobe Acrobat and Reader 6.0.5 Update
    Adobe Acrobat and Reader 6.0.4 Update
    Adobe Acrobat and Reader 6.0.3 Update
    Adobe Acrobat - Reader 6.0.2 Update
    Adobe Acrobat 6.0.1 Standard


    You do have the current version of Adobe Reader, Adobe Reader X (10.1.3), installed. Uninstalling the old version will not effect it. However if you have saved any PFD files in the older versions folders you should move then to a different folder before uninstalling.

    Some Recommendations and prevention tips

    Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. You have those.

    -Secure your Internet Explorer

    From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.

    - Make sure you have reset Automatic Updates to your chosen optionClick your start button > Control Panel > System > Automatic Updates tab

    - Keep your antivirus program updated, as well as any other security programs you have.

    -More tips and programs can be found HERE

    Please post back if you have any problems.

    Take care
    Member of UNITE and ASAP

  10. #30
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Since this issue appears to be resolved ... this Topic has been closed.
    Last edited by tashi; 2012-07-06 at 22:07. Reason: Thank you oldman960
    Member of UNITE and ASAP

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •