This topic is locked
My computer in trouble is Dell Inspiron 700m with 1.2Gbyte of RAM, Windows XP SP3. (yes, it's an old machine past expiration date, but I must use it for lots of writing work.)
I've always had McAfee on this computer, and I'll use something else next time, as McAfee has failed more often that I would like it to.
I've been visiting wild and exotic and questionable websites via Google on this machine, and so far in the past 6 years or so McAfee failed about 3 to 4 times in blocking webbrowsing-contracted spyware/malware (on both FireFox and Internet Explorer).
Now, to the problem I have had, and still having.
------------------------
2012-01-04, late evening
------------------------
While Googling and visiting websites, after visiting a suspicious-looking particular website, I notice something's not quite right. My laptop feels sluggish, CPU usage shoots up 100%, my McAfee Total Protection suddenly goes out of subscription although it should last until August-2012.
This has happened before a few times, as McAfee Total Protection is less than stellar in preventing spyware/malware caught from merely visiting a sick website.
(Now, I'll no longer subscribe to McAfee. Too many troubles with that security software, as it's ineffective enough of times.)
So, I download and run Malware Byte's Spyware Remover on Full Scan, it catches 30+ spyware/malware that all passed through McAfee's 'protection', and I tell it to remove them all. mbam-log-2012-01-04 (13-47-55).txt
I run Malware Byte's Spyware Remover one more time on Quick Scan to see everything is clean. mbam-log-2012-01-04 (19-28-06).txt
I contact the McAfee technical support, and they reinstall my McAfee Total Protection via remote desktop access.
Problem with my laptop still persists.
1. CPU usage is still at 100%. It's not one process that's garbling up the CPU. McAfee is using high amount of CPU, a couple system processes are using unusually high amount of CPU. McAfee keeps blocking the following two processes trying to access the Internet, calling them 'suspicious':
TCP/IP Ping (ping.exe)
Generic Host Process for Win32 Services (svchost.exe)
Now, I'm not running any programs that I know of that should make those two to access the Internet, so I know something fishy is going on.
2. I notice that Internet Explorer icon from the Start Menu panel (on the top, above the Email client) does not work. When I click it, a messagebox pops up saying "access denied".
3. I can't access the Windows Update website, as it shows "can't connect" screen. Other websites, I can access.
4. On my Windows XP system tray, the Wireless Network Connection icon stays at "Acquiring Network Address" animated icon, with a yellow ball going left and right, although there already is a network connection and I can browse the Internet fine, except the Windows Update website.
------------------------
2012-01-05, before noon
------------------------
First Combofix Run
-------------------
I do some Googling, and come across www.geekstogo.com. I download Combofix, turn off McAfee until next boot, and run Combofix. Combofix, after installing Windows Recovery Console, says it detected RootKit.ZeroAccess and it's a particularly nasty infection, and couple more messages after, it reboots the system, because of Rootkit activity.
I realize that I have turned off McAfee real-time protection and firewall until the next reboot, so, in the next boot Combofix runs against McAfee still running.
Combofix removes bunch of files and directories still, and reboots my laptop once again.
After the 2nd reboot, it generates the log file. ComboFix (2012-01-05).txt
McAfee is running, all the four problems above are gone. My laptop feels healthy and fully functional at an optimal level.
Second Combofix Run
-------------------
Since I had McAfee on after the 1st reboot by Combofix, I figure it'd be better to run Combofix one more time. I uninstall it using "Combofix /Unistall" via Windows Run window, and reinstall and re-run.
Alas, although the above four problems are gone, Combofix still says my computer has RootKit.ZeroAccess and reboots my laptop once agian after a couple more, the same, messages.
After the reboot, it detects no problem, and produces a log file. ComboFix (2012-01-05 2).txt
No network connection is avaiable, no McAfee in the system tray, so I reboot, and everything is back to normal.
I get an info on FSS in a posting on www.geekstogo.com, and run it to see what it does. It produced a log. FSS (2012-01-05).txt
Third Combofix Run
-------------------
Third time's the charm, since Combofix still reported me as having RootKit.ZeroAccess, I uninstall and run Combofix again just to see. The behavior is exactly the same as the 2nd run. ComboFix (2012-01-05 3).txt
I download, install, and run Malware Byte's Spyware Remover, on Quick Scan, and it catches nothing. mbam-log-2012-01-05 (14-32-26).txt
------------------------
2012-01-05, afternoon
------------------------
The problems I'm still having:
1. on the last, and 3rd run of Combofix, it still says my computer has RootKit.ZeroAccess.
2. On my Windows XP system tray, the Wireless Network Connection icon still shows a periodic, very brief network activity indication (by flashing), as if my computer is checking something on the Internet, although I'm using no software that should have a periodic check-up on the Internet (like every few minutes.)
Help to resolve the above two remaining issues would be greatly appreciated.
mbam-log-2012-01-04 (13-47-55).txt 11.37KB
145 downloads
mbam-log-2012-01-04 (19-28-06).txt 1.82KB
117 downloads
ComboFix (2012-01-05).txt 25.29KB
126 downloads
FSS (2012-01-05).txt 1.67KB
141 downloads
ComboFix (2012-01-05 2).txt 19.46KB
139 downloads
ComboFix (2012-01-05 3).txt 19.05KB
157 downloads
mbam-log-2012-01-05 (14-32-26).txt 1.82KB
136 downloads
Edited by tech_addict, 05 January 2012 - 03:27 PM.
Sign In
Create Account
