[JSntgRvr]

Click on Start, type CMD on the search box, you will see the CMD.exe on top of the Start menu, right click on it and select run as an Administrator.

You should see this: [attachment=65364:CMD.jpg]

[Advertisements]

no still nothing about administrator

[Anilou]

no still nothing about administrator

[JSntgRvr]

Build and run the following batch file:

• Copy the entire contents of the Quote Box below to Notepad.
• Name the file as Reparse. No extension.
• and Save it on the desktop. The file will be saved as Reparse.txt.
• Right click on Start button and select Explore.
• Click on Organize, then on Folders and Search options.
• Click on the View tab.
• Remove the check mark for "Hide Extension for known files"
• Click on Apply then on OK.
• Go to your desktop and right click on the Reparse.txt and select rename.
• Replace the extension .txt for .bat and click on an empty space on the desktop.
• That should convert the text file into a batch file.
• Once saved, right click on the Reparse.bat and select run as an administrator.

@Echo off
cd /d %~dp0
Color 1f
Title Removing Reparse Points by JSntgRvr
ECHO Working....... Please wait
fsutil reparsepoint delete "c:\Program Files\Windows Defender"
fsutil reparsepoint delete "c:\Program Files\Windows Defender\en-US"
fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpAsDesc.dll"
fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpClient.dll"
fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpCmdRun.exe"
fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpCommu.dll"
fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpEvMsg.dll"
fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpOAV.dll"
fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpRTP.dll"
fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpSvc.dll"
fsutil reparsepoint delete "c:\Program Files\Windows Defender\MSASCui.exe"
fsutil reparsepoint delete "c:\Program Files\Windows Defender\MsMpCom.dll"
fsutil reparsepoint delete "c:\Program Files\Windows Defender\MsMpLics.dll"
fsutil reparsepoint delete "c:\Program Files\Windows Defender\MsMpRes.dll"
Echo Seaching for Reparsed Points, please wait.
Dir /s /a:l c:\* >"%Userprofile%\desktop\Report.txt"
Start "%Userprofile%\desktop\Report.txt"
Exit

Once the MSDOS window closes, the Report.txt will open. Post its contents.

Got to get some ZZZZZ. I'll be checking on you tomorrow.

[Anilou]

sleep well thank you

[JSntgRvr]

Were you able to built the batch fife?

[Anilou]

I had a blue screen come up with this file or directory is not a reparse point

[JSntgRvr]

The computer is definitely infected with ZeroAccess, a back door Trojan. In order to remove all reparse points, I would suggest you contact a friend and have FRST downloaded in a USB flashdrive, as explained on Post #4. That will give us the opportunity to remove all lose ends at once. Chances are the reparse points are being protected.

[Anilou]

will do
thank you

[JSntgRvr]