Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

zeroaccess trojan problem [Solved]


  • This topic is locked This topic is locked

#31
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
ok, I ran esetscan and according to it. there are 19 infections but your instructions did not mention to delete them. so, I converted them to text as your instructios and posting the report......................

thank you

C:\Qoobox\Quarantine\C\Users\RIGO\AppData\Local\RivalGaming\RiVAlgaming.dll.vir a variant of Win32/Adware.Gamevance.CG application
C:\Users\RIGO\AppData\Local\IM\Identities\{E140AD23-16CC-4BD1-B447-528A7A7DD504}\Message Store\Attachments\SoundEditorPro.exe multiple threats
C:\Users\RIGO\AppData\Local\RivalGaming\Uninstaller.exe a variant of Win32/Adware.Gamevance.CJ application
C:\Users\RIGO\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\xpcomponent.dll a variant of Win32/Adware.Gamevance.CZ application
C:\Users\RIGO\Downloads\asc4-setup.exe multiple threats
C:\Users\RIGO\Downloads\cnet2_coverfetcher-1_2_exe.exe a variant of Win32/InstallCore.D application
C:\Users\RIGO\Downloads\cnet2_coverme_zip.exe a variant of Win32/InstallCore.D application
C:\Users\RIGO\Downloads\cnet2_setup_multilang_exe.exe a variant of Win32/InstallCore.D application
C:\Users\RIGO\Downloads\cnet2_SurfAnonymousFree-2_1_9_8_Setup_exe.exe a variant of Win32/InstallCore.D application
C:\Users\RIGO\Downloads\cnet_EDR_zip.exe a variant of Win32/InstallCore.D application
C:\Users\RIGO\Downloads\cnet_mplayerc_20100214_zip.exe a variant of Win32/InstallCore.D application
C:\Users\RIGO\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application
C:\Users\RIGO\Downloads\imf-setup.exe a variant of Win32/Toolbar.Widgi application
C:\Users\RIGO\Downloads\radarsync.exe a variant of Win32/InstallCore.W application
C:\Users\RIGO\Downloads\setup_50949.exe Win32/Toolbar.Zugo application
C:\Users\RIGO\Downloads\SoftonicDownloader75803.exe a variant of Win32/SoftonicDownloader.A application
C:\Users\RIGO\Downloads\u.zip Win32/UltraReach application
C:\Users\RIGO\Downloads\YourUninstaller.exe a variant of Win32/OpenInstall application
C:\Users\RIGO\Downloads\yusetup7.exe Win32/Toolbar.Zugo application
  • 0

Advertisements


#32
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hi rigs,

Let's do this.

Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    C:\Users\RIGO\AppData\Local\IM\Identities\{E140AD23-16CC-4BD1-B447-528A7A7DD504}\Message Store\Attachments\SoundEditorPro.exe
    C:\Users\RIGO\AppData\Local\RivalGaming\Uninstaller.exe
    C:\Users\RIGO\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\xpcomponent.dll a variant of Win32/Adware.Gamevance.CZ application
    C:\Users\RIGO\Downloads\asc4-setup.exe
    C:\Users\RIGO\Downloads\cnet2_coverfetcher-1_2_exe.exe 
    C:\Users\RIGO\Downloads\cnet2_coverme_zip.exe
    C:\Users\RIGO\Downloads\cnet2_setup_multilang_exe.exe
    C:\Users\RIGO\Downloads\cnet2_SurfAnonymousFree-2_1_9_8_Setup_exe.exe
    C:\Users\RIGO\Downloads\cnet_EDR_zip.exe
    C:\Users\RIGO\Downloads\cnet_mplayerc_20100214_zip.exe
    C:\Users\RIGO\Downloads\iLividSetupV1.exe
    C:\Users\RIGO\Downloads\imf-setup.exe
    C:\Users\RIGO\Downloads\radarsync.exe
    C:\Users\RIGO\Downloads\setup_50949.exe
    C:\Users\RIGO\Downloads\SoftonicDownloader75803.exe
    C:\Users\RIGO\Downloads\u.zip
    C:\Users\RIGO\Downloads\YourUninstaller.exe
    C:\Users\RIGO\Downloads\yusetup7.exe
    :Commands
    [emptytemp]
    [emptyflash]
    [emptyjava]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

  • 0

#33
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
ok, here's the otl report...........

thank you



All processes killed
========== FILES ==========
C:\Users\RIGO\AppData\Local\IM\Identities\{E140AD23-16CC-4BD1-B447-528A7A7DD504}\Message Store\Attachments\SoundEditorPro.exe moved successfully.
C:\Users\RIGO\AppData\Local\RivalGaming\Uninstaller.exe moved successfully.
Invalid Switch: Adware.Gamevance.CZ application
C:\Users\RIGO\Downloads\asc4-setup.exe moved successfully.
C:\Users\RIGO\Downloads\cnet2_coverfetcher-1_2_exe.exe moved successfully.
C:\Users\RIGO\Downloads\cnet2_coverme_zip.exe moved successfully.
C:\Users\RIGO\Downloads\cnet2_setup_multilang_exe.exe moved successfully.
C:\Users\RIGO\Downloads\cnet2_SurfAnonymousFree-2_1_9_8_Setup_exe.exe moved successfully.
C:\Users\RIGO\Downloads\cnet_EDR_zip.exe moved successfully.
C:\Users\RIGO\Downloads\cnet_mplayerc_20100214_zip.exe moved successfully.
C:\Users\RIGO\Downloads\iLividSetupV1.exe moved successfully.
C:\Users\RIGO\Downloads\imf-setup.exe moved successfully.
C:\Users\RIGO\Downloads\radarsync.exe moved successfully.
C:\Users\RIGO\Downloads\setup_50949.exe moved successfully.
C:\Users\RIGO\Downloads\SoftonicDownloader75803.exe moved successfully.
C:\Users\RIGO\Downloads\u.zip moved successfully.
C:\Users\RIGO\Downloads\YourUninstaller.exe moved successfully.
C:\Users\RIGO\Downloads\yusetup7.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: RIGO
->Temp folder emptied: 1718 bytes
->Temporary Internet Files folder emptied: 6552224 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 282591369 bytes
->Flash cache emptied: 7001 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1708360 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 415254 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 746 bytes
RecycleBin emptied: 17095736 bytes

Total Files Cleaned = 294.00 mb


[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest

User: Public

User: RIGO
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: AppData

User: Default

User: Default User

User: Guest

User: Public

User: RIGO
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.59.1 log created on 09032012_183400

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#34
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello again rigs,

The only one left is in quarantine in ComboFix and will be removed when you follow the cleanup instructions below.

Now

We have a couple of last steps to perform and then you're all set.Posted Image

Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.
  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    Posted Image
Step 2
  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to turn back on and update any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
* Consider using an alternate browser.

Opera may be downloaded from here. It is one of the least targeted of all browers.

Avant may be downloaded from here. Another one that is less well known.

Firefox may be downloaded from Here. I use Firefox because I like it. Used to be one of the safest but now targeted probably as much as IE.

Adblock Plus is a good Add-on for Firefox that helps prevent those annoying pop ups.

-----------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future here are some free programs you can look at:

[list]

If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.
Have a safe and happy computing day!
  • 0

#35
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
ok, removed the two programs. I'm also getting ready to delete all the logs and adwcleaner and security check from desktop. can you recomend a free spyware software. If that is all, then I want to thank you for all your help and patience.
  • 0

#36
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
I like Malwarebytes best. We installed it on your machine during the cleaning process. If you still have it, use that, just update and run it say once a week. There is also SuperAntiSpyware which I quite like but it can be a bit confusing when it finds all the cookies which don't always need cleaning. Links below:



If that is all, then I want to thank you for all your help and patience.


Your very welcome. :happy:
  • 0

#37
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP