Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible ZeroAccess or hacker? Could use some expert advice? [Solved]


  • This topic is locked This topic is locked

#16
Kman4488

Kman4488

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
there were 2 logs it my directory possibly from a previous scan here is the other







00:59:09.0810 0x1388 TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
00:59:09.0810 0x1388 UEFI system
00:59:17.0969 0x1388 ============================================================
00:59:17.0969 0x1388 Current date / time: 2014/01/11 00:59:17.0969
00:59:17.0969 0x1388 SystemInfo:
00:59:17.0969 0x1388
00:59:17.0969 0x1388 OS Version: 6.2.9200 ServicePack: 0.0
00:59:17.0969 0x1388 Product type: Workstation
00:59:17.0969 0x1388 ComputerName: NEWOS8
00:59:17.0969 0x1388 UserName: Karl
00:59:17.0969 0x1388 Windows directory: C:\WINDOWS
00:59:17.0969 0x1388 System windows directory: C:\WINDOWS
00:59:17.0969 0x1388 Running under WOW64
00:59:17.0969 0x1388 Processor architecture: Intel x64
00:59:17.0969 0x1388 Number of processors: 4
00:59:17.0969 0x1388 Page size: 0x1000
00:59:17.0969 0x1388 Boot type: Normal boot
00:59:17.0969 0x1388 ============================================================
00:59:18.0905 0x1388 KLMD registered as C:\WINDOWS\system32\drivers\15319123.sys
00:59:19.0092 0x1388 System UUID: {1B9D1B86-4DAB-C999-A438-71CE0AA50E81}
00:59:19.0841 0x1388 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:59:19.0857 0x1388 Drive \Device\Harddisk1\DR1 - Size: 0x3AE00000 (0.92 Gb), SectorSize: 0x200, Cylinders: 0x78, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:59:19.0997 0x1388 ============================================================
00:59:19.0997 0x1388 \Device\Harddisk0\DR0:
00:59:20.0028 0x1388 GPT partitions:
00:59:20.0028 0x1388 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {6B139546-F3E4-423C-8A5A-5429389899B4}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x96000
00:59:20.0028 0x1388 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {1ECA3787-605B-4E4E-947E-603B155F5389}, Name: Basic data partition, StartLBA 0x96800, BlocksNum 0x1C2000
00:59:20.0028 0x1388 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {453316B9-F18D-4E99-9434-C5F0B6DD80A8}, Name: Microsoft reserved partition, StartLBA 0x258800, BlocksNum 0x40000
00:59:20.0028 0x1388 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {A5DC35F6-5A5E-47F9-97D2-207DDF78489E}, Name: Basic data partition, StartLBA 0x298800, BlocksNum 0x37839800
00:59:20.0028 0x1388 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {297B2F4A-1D68-4536-A576-883CC01C92E2}, Name: , StartLBA 0x37AD2000, BlocksNum 0xAF000
00:59:20.0028 0x1388 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {14FA438D-4143-4E70-923A-F3A4F971CEB9}, Name: Basic data partition, StartLBA 0x37B81000, BlocksNum 0x2805000
00:59:20.0028 0x1388 MBR partitions:
00:59:20.0028 0x1388 \Device\Harddisk1\DR1:
00:59:20.0028 0x1388 Can't read MBR
00:59:20.0028 0x1388 ============================================================
00:59:20.0122 0x1388 C: <-> \Device\Harddisk0\DR0\Partition4
00:59:20.0122 0x1388 ============================================================
00:59:20.0122 0x1388 Initialize success
00:59:20.0122 0x1388 ============================================================
00:59:25.0270 0x123c KLMD registered as C:\WINDOWS\system32\drivers\78018508.sys
00:59:26.0268 0x123c Deinitialize success
  • 0

Advertisements


#17
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

it looks like nothing has been detected?


Yes, I was just checking to make sure you didn't have another rootkit infection.

Didn't expect it was there but just wanted to make sure. Sometimes you can get more than one infection lol.

there were 2 logs it my directory possibly from a previous scan here is the other


Thanks for that. Nothing to add to the above.

Now

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • If you are given an option to quarantine files ensure the scan is set to do so.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic and tell me how your machine is now.

  • 0

#18
Kman4488

Kman4488

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
  • 0

#19
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
So that shows it registered okay.

Did ESET run and did it find anything?
  • 0

#20
Kman4488

Kman4488

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
nope found nothing on Eset


now the only thing im still concerned with is that I have a 500 gb external for music and stuff , what is safe way o go about making sure that is clean , uim scared to plug it in if im clean now. Also will my system still be clean if I use any of the system refresh / restore /reset options?

Edited by Kman4488, 11 January 2014 - 12:11 AM.

  • 0

#21
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
And my question about how your machine is now?
  • 0

#22
Kman4488

Kman4488

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Im sorry , Everything seems to be stable . now hopefully it will stay that way
  • 0

#23
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

Everything seems to be stable .


Good news. I think you are good to go now.

We have a couple of last steps to perform and then you're all set.Posted Image

Please go here to download OTC.

Run this program to remove most of the tools we have been using.

If you are asked to reboot the machine to finish the Cleanup process choose Yes.

Any remaining tools may be deleted. That includes the ones you have downloaded including ComboFix.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Java warning

Java is a popular point of entry to your computer for malicous programs. The United States Department of Homeland Security recommends that computer users disable Java, see here. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it, then the next safest option is to disable it in your browsers until you need it, then enable it.

How to disable Java in your web browser and How to unplug Java from the browser

If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

CryptoLocker Warning

There is a particularly nasty infection out there at the moment.

Go here for information about CryptoLocker Ransomeware

Download CryptoPrevent free for home use.

--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!
  • 0

#24
Kman4488

Kman4488

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
thank you so much for all your help!
  • 0

#25
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

thank you so much for all your help!


You are very welcome. :happy:

I will keep this topic open for a day or two in case any issues arise.
  • 0

Advertisements


#26
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

now the only thing im still concerned with is that I have a 500 gb external for music and stuff , what is safe way o go about making sure that is clean , uim scared to plug it in if im clean now. Also will my system still be clean if I use any of the system refresh / restore /reset options?


I have just noticed this. You must have edited that post and added that sentence and I missed it earlier.

As far as the external drive is concerned. I would attach it to your computer, turn it on and run a full scan with an ESET online scan. Make sure it's a full scan covering all drives. You might like to do that with your McAfee AV as well. It will take a long time but worth it for your peace of mind.

Turning to your question about system refresh etc. Do this:

Open System by right-clicking Computer, and then clicking Properties.

  • In the left pane, click System protection. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Under Protection Settings, click the radio button Configure.
  • Under Disk Space Usage, click the radio button Delete.
  • Click Continue, and then click OK.
Tell me if you have any questions. :)
  • 0

#27
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP