"0" Access Infection

S

sixwheeler2011

Member
Hello All,

Tech here, Just inquiring if any of the Admins or any of the techs' here
have any luck with this infection. killing the process and removing the primary infection leaves a reacuring root kit at this point non removable.
You can run the rescue CD (Lenix) by: AVG and can get it removed, w/ out it it will destroy the PC is has infected.
If Anyone has had some progress in removing this (Mal-ware) -RootKit, please send a post

Thanks In Advance
Sixwheeler.
:):sick:
 

My Computer

System One

  • Manufacturer/Model
    HP/Compac Pasario SR
    CPU
    Single 3.42Ghz rated 4.0
    Motherboard
    Unknown
    Memory
    3GB
    Graphics Card(s)
    3450 series ATI Radeon 512MB
    Sound Card
    Realtek HD Audio
    Monitor(s) Displays
    CRT 17' Compac
    Screen Resolution
    1440x900
    Hard Drives
    150GB/OS
    40GB/Internal/storage
    Case
    Black 5 USB Ports/CD/DVD RW/R
    Cooling
    Double Fans/Single CPU Fan
    Keyboard
    HP
    Mouse
    USB Optical Mouse Optimal/Stobe
Hello sixwheeler2011

Just to give you some sort of idea of what you've got, there's this:

Challenging Rootkit - Geeks to Go Forums

This thread came up a few weeks ago and as you can see, it is a very long one - 16 pages to be precise. Considering the average thread length for malware removal is about 2-3 pages, you can realise how complicated this rootkit is.

If you're really interested in it, then read this: pxnow.prevx.com/content/blog/zeroaccess_analysis.pdf

A hacker (whitehat) broke open the code of the rootkit and released it online so people can develop fixes for it, there's a great analysis of the rootkit

It's a seriously nasty piece of work, it makes hidden partitions and it creates kernel device objects. It disguises itself using Alternate Data Streams (ADS) and kills any process trying to remove these streams

I can't assist you with removing this rootkit, but I would really appreciate it if you could do this for me please:

OTL

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.​

I haven't got a log from a ZeroAccess infection and I would really like to know what to look out for for future reference :)

Thanks,

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
I do not have this Infection, I am At work, and we all are having a real good time with this one

Thanks Tom.:)
 

My Computer

System One

  • Manufacturer/Model
    HP/Compac Pasario SR
    CPU
    Single 3.42Ghz rated 4.0
    Motherboard
    Unknown
    Memory
    3GB
    Graphics Card(s)
    3450 series ATI Radeon 512MB
    Sound Card
    Realtek HD Audio
    Monitor(s) Displays
    CRT 17' Compac
    Screen Resolution
    1440x900
    Hard Drives
    150GB/OS
    40GB/Internal/storage
    Case
    Black 5 USB Ports/CD/DVD RW/R
    Cooling
    Double Fans/Single CPU Fan
    Keyboard
    HP
    Mouse
    USB Optical Mouse Optimal/Stobe
Personally, I reacon that this can be removed, if you know which tools to use, and how to read the logs. Also, how long it takes to clean an infection varies mainly against the skill and speed of the remover, and RKinner isn't exactly renouned for being quick, but still very good, unlike someone like Essexboy who is lightning quick.
 

My Computer

System One

  • Manufacturer/Model
    Dell XPS 420
    CPU
    Intel Core 2 Quad Q9300 2.50GHz
    Motherboard
    Stock Dell 0TP406
    Memory
    4 gb (DDR2 800) 400MHz
    Graphics Card(s)
    ATI Radeon HD 3870 (512 MBytes)
    Sound Card
    Onboard
    Monitor(s) Displays
    1 x Dell 2007FP and 1 x (old) Sonic flat screen
    Screen Resolution
    1600 x 1200 and 1280 x 1204
    Hard Drives
    1 x 640Gb (SATA 300)
    Western Digital: WDC WD6400AAKS-75A7B0

    1 x 1Tb (SATA 600)
    Western Digital: Caviar Black, SATA 6GB/S, 64Mb cache, 8ms
    Western Digital: WDC WD1002FAEX-00Z3A0 ATA Device
    PSU
    Stock PSU - 375W
    Case
    Dell XPS 420
    Cooling
    Stock Fan
    Keyboard
    Dell Bluetooth
    Mouse
    Advent Optical ADE-WG01 (colour change light up)
    Internet Speed
    120 kb/s
    Other Info
    ASUS USB 3.0 5Gbps/SATA 6Gbps - PCI-Express Combo Controller Card (U3S6)
sixwheeler2011 said:
I do not have this Infection, I am At work, and we all are having a real good time with this one

Thanks Tom.:)
Click to expand...

Oops, my mistake :)

niemiro said:
Personally, I reacon that this can be removed, if you know which tools to use, and how to read the logs. Also, how long it takes to clean an infection varies mainly against the skill and speed of the remover, and RKinner isn't exactly renouned for being quick, but still very good, unlike someone like Essexboy who is lightning quick.
Click to expand...

I'm still new enough to not know these sort of things ;) But I'll have to bear that in mind in future. How far into the degree did you get before you took your break? I'm nearing the end of PL4 at the moment

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
This rootkit is nasty, It turns out to be a reload on
most cases. I am a starter at the moment, but have background.
hoping some programers out there will come up w/ something
Tdskiller finds it deleting the files but
not the root cause.

:(
 
Last edited:

My Computer

System One

  • Manufacturer/Model
    HP/Compac Pasario SR
    CPU
    Single 3.42Ghz rated 4.0
    Motherboard
    Unknown
    Memory
    3GB
    Graphics Card(s)
    3450 series ATI Radeon 512MB
    Sound Card
    Realtek HD Audio
    Monitor(s) Displays
    CRT 17' Compac
    Screen Resolution
    1440x900
    Hard Drives
    150GB/OS
    40GB/Internal/storage
    Case
    Black 5 USB Ports/CD/DVD RW/R
    Cooling
    Double Fans/Single CPU Fan
    Keyboard
    HP
    Mouse
    USB Optical Mouse Optimal/Stobe
You must log in or register to reply here.
Back
Top