Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't run any 32bit applications ¿ZeroAccess? [Closed]


  • This topic is locked This topic is locked

#1
McKraken

McKraken

    New Member

  • Member
  • Pip
  • 1 posts
Hello there. My brother's laptop who is running Win 7 64bit recently got infected by some nasty rootkit (Avast! resident antivirus was unable to find it and now it won't start). There aren't any google redirects or another symptoms but right now it's unable to run any 32bit based program but I've managed to run IE64, Hitman Pro 64 and FRST64. I've tried all the utilites recommended in various threads of these forums regarding the ZeroAccess rootkit (rkill, exehelper, otl... etc) and I was only able to run FRST64 and generate a logfile. Here it is, any help would be appreciated:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-10-2012
Ran by BEATRIZ at 15-10-2012 23:29:59
Running from C:\Utilidades
   (X64) OS Language: Spanish Modern Sort 
Attention: Could not load system hive.ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== One Month Created Files and Folders ========

2012-10-15 21:52 - 2012-10-15 21:52 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2012-10-15 21:52 - 2012-10-15 21:52 - 00000756 ____A C:\Windows\System32\bootdelete.lst
2012-10-15 21:48 - 2012-10-15 21:52 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-10-15 20:54 - 2012-10-15 20:54 - 00000000 ____D C:\Users\BEATRIZ\AppData\Roaming\Malwarebytes
2012-10-15 20:50 - 2012-10-15 21:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-15 20:50 - 2012-10-15 20:50 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-10-15 19:56 - 2012-10-15 19:56 - 00000000 ____D C:\Users\BEATRIZ\AppData\Roaming\QuickScan
2012-10-15 19:05 - 2012-10-15 19:05 - 10524080 ____A (Malwarebytes Corporation                                    ) C:\Users\BEATRIZ\Desktop\mbam-setup-1.65.0.1400.exe
2012-10-15 19:04 - 2012-10-15 19:04 - 00388608 ____A (Trend Micro Inc.) C:\Users\BEATRIZ\Desktop\Hijackthis.exe
2012-10-15 18:32 - 2012-10-15 18:32 - 00000000 ____D C:\Nueva carpeta


==================== 3 Months Modified Files ==================

2012-10-15 22:51 - 2010-08-24 03:46 - 00001100 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-15 22:33 - 2011-01-21 20:18 - 01322973 ____A C:\Windows\WindowsUpdate.log
2012-10-15 22:07 - 2009-07-14 05:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-15 22:07 - 2009-07-14 05:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-15 22:02 - 2010-08-24 03:46 - 00001096 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-15 21:59 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-15 21:59 - 2009-07-14 05:51 - 00046766 ____A C:\Windows\setupact.log
2012-10-15 21:52 - 2012-10-15 21:52 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2012-10-15 21:52 - 2012-10-15 21:52 - 00000756 ____A C:\Windows\System32\bootdelete.lst
2012-10-15 19:05 - 2012-10-15 19:05 - 10524080 ____A (Malwarebytes Corporation                                    ) C:\Users\BEATRIZ\Desktop\mbam-setup-1.65.0.1400.exe
2012-10-15 19:04 - 2012-10-15 19:04 - 00388608 ____A (Trend Micro Inc.) C:\Users\BEATRIZ\Desktop\Hijackthis.exe
2012-10-15 15:06 - 2010-08-24 13:17 - 00694830 ____A C:\Windows\System32\perfh00A.dat
2012-10-15 15:06 - 2010-08-24 13:17 - 00134634 ____A C:\Windows\System32\perfc00A.dat
2012-10-15 15:06 - 2009-07-14 06:13 - 01531754 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-16 21:20 - 2011-11-09 21:18 - 00000824 ____A C:\Windows\Tasks\hpwebreg_CN0B63C1N105HX.job
2012-09-02 13:42 - 2011-09-25 15:52 - 00001998 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-08-09 18:38 - 2012-08-09 18:38 - 00000383 ____A C:\Users\BEATRIZ\Documents\Grupo en el hogar - Acceso directo.lnk

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 45%
Total physical RAM: 3834.9 MB
Available physical RAM: 2104.13 MB
Total Pagefile: 7667.94 MB
Available Pagefile: 5667.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:288.11 GB) (Free:253.25 GB) NTFS

  N£m Disco  Estado      Tama¤o   Disp     Din  Gpt
  ---------- ----------  -------  -------  ---  ---
  Disco 0    En l¡nea     298 GB  1024 KB         

Partitions of Disk 0:
===============

  N£m Partici¢n  Tipo              Tama¤o   Desplazamiento
  -------------  ----------------  -------  ---------------
  Partici¢n 1    Recuperaci¢n         9 GB  1024 KB
  Partici¢n 2    Principal          100 MB     9 GB
  Partici¢n 3    Principal          288 GB     9 GB

==================================================================================

Disk: 0
Partici¢n 1
Tipo          : 27
Oculta        : S¡
Activa        : No

  N£m Volumen Ltr  Etiqueta     Fs     Tipo        Tama¤o   Estado     Info
  ----------- ---  -----------  -----  ----------  -------  ---------  --------
* Volumen 3         Recovery    NTFS   Partici¢n      9 GB  Correcto   Oculto  

=========================================================

Disk: 0
Partici¢n 2
Tipo          : 07
Oculta        : No
Activa        : S¡

  N£m Volumen Ltr  Etiqueta     Fs     Tipo        Tama¤o   Estado     Info
  ----------- ---  -----------  -----  ----------  -------  ---------  --------
* Volumen 1         System Res  NTFS   Partici¢n    100 MB  Correcto   Sistema 

=========================================================

Disk: 0
Partici¢n 3
Tipo          : 07
Oculta        : No
Activa        : No

  N£m Volumen Ltr  Etiqueta     Fs     Tipo        Tama¤o   Estado     Info
  ----------- ---  -----------  -----  ----------  -------  ---------  --------
* Volumen 2     C               NTFS   Partici¢n    288 GB  Correcto   Arranque

=========================================================

Last Boot: 2012-02-04 20:44

==================== End Of Log =============================

Edited by McKraken, 15 October 2012 - 06:28 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi that was not run from the recovery console so it did not perform properly

Do you have the recovery console installed ?

Reboot the computer and press then hold F8
Is there an option repair my computer ?
  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP