Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93121 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

"Trojan.Zeroaccess! khem" is getting on my nerves... :(

Started by thatguy89 , Feb 24 2012 09:11 AM

  • This topic is locked This topic is locked
136 replies to this topic

#121 thatguy89

thatguy89

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 18 March 2012 - 06:25 AM

interesting development! turns out that windows is telling me to install service pack 1 before I can install service pack 2! I'm just downloading it now and then once that's done I'll install SP2 and let you know... PS. Had to do it manually via the microsoft website, windows update wouldn't open (big surprise given the state of my computer eh? haha)

    Advertisements

Register to Remove

#122 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 18 March 2012 - 07:17 AM

Hi, Ok just let me know. That is very odd that your system is telling your that you need to download Service Pack 1 even though it is showing up in all your logs that you already have it. Unfortunately with all the problems created by the infection, a format and reinstall might be the best course of action shortly. :(
Posted Image
 
 

#123 thatguy89

thatguy89

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 18 March 2012 - 08:26 AM

ok, that's not great news but it's a pretty sticky situation isn't it! when i replied i was using safe mode and it wouldn't work, so I tried again normally and there was a little bit of progress; I could open windows updates and it did download some new updates, however it won't download others which is bizarre... Likewise it tried downloading SP2 automatically and I got the same message about needing SP1 installed... I've attached a picture of what succeeded and failed anyway. As I've said before, you're the better judge than me regarding what is and isn't important with the updates; are there any of the failed updates that I can live without and replace with freeware or are they too important to ignore?

Attached Thumbnails

  • Untitled.jpg

#124 thatguy89

thatguy89

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 18 March 2012 - 08:28 AM

Oh I forgot to mention as well, when I tried to install SP1 it wouldn't let me: turns out I already have it! Thanks for that information, Windows ;)

#125 thatguy89

thatguy89

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 18 March 2012 - 09:12 AM

Right, every time I tried to do the downloads this reference number would come up "0x80096001" I googled it and went onto wiki-repairs and downloaded a tool that said it would fix it: it found over 3000 problems, most of which saying "file does not exist" and unbelievably when clicking "run fix" i was redirected to a site asking for money. Gutted!!!! I've attached another screen shot of the problems it found, maybe there's a way to fix it I don't know....

#126 thatguy89

thatguy89

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 18 March 2012 - 09:13 AM

oops, here it is

Attached Thumbnails

  • Untitled2.jpg

#127 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 18 March 2012 - 09:19 AM

Hi,

Yeah this infection has certainly done a number on your system.

Go here and press the Fix It button and see if after that you are able to run Windows Update.
Posted Image
 
 

#128 thatguy89

thatguy89

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 18 March 2012 - 10:05 AM

ahhhh, it doesn't seem to be working. I tried it twice and restarted the system twice, same message when trying to update! :unsure:

#129 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 18 March 2012 - 04:33 PM

Hi,

Please run Farbar Service Scanner.
Type the following in the search box:

SDRSVC;VSS;wuauserv;wscsvc

Click "Export Service" and post the log it makes (FSS.txt).
Posted Image
 
 

#130 thatguy89

thatguy89

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 18 March 2012 - 04:42 PM

no problem: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\SDRSVC] "DisplayName"="Windows Backup" "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,53,00,44,00,52,00,53,00,56,00,43,00,00,00 "Start"=dword:00000003 "Type"=dword:00000010 "Description"="@%SystemRoot%\\system32\\sdrsvc.dll,-102" "DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,00,00 "ObjectName"="localSystem" "ServiceSidType"=dword:00000001 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\SDRSVC\Parameters] "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 53,00,44,00,52,00,53,00,56,00,43,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\SDRSVC\Enum] "0"="Root\\LEGACY_SDRSVC\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\VSS] "DisplayName"="@%systemroot%\\system32\\vssvc.exe,-102" "ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,76,\ 00,73,00,73,00,76,00,63,00,2e,00,65,00,78,00,65,00,00,00 "Description"="@%systemroot%\\system32\\vssvc.exe,-101" "ObjectName"="LocalSystem" "ErrorControl"=dword:00000001 "Start"=dword:00000003 "Type"=dword:00000010 "DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,00,00 "ServiceSidType"=dword:00000001 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\VSS\Diag] [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\VSS\Diag\SPP] "SppCreate (Enter)"=hex:40,00,00,00,00,00,00,00,83,93,e9,ce,1e,05,cd,01,58,16,\ 00,00,2c,14,00,00,d0,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "SppGatherWriterMetadata (Enter)"=hex:40,00,00,00,00,00,00,00,43,97,75,cf,1e,\ 05,cd,01,58,16,00,00,2c,14,00,00,d3,07,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00 "SppGatherWriterMetadata (Leave)"=hex:40,00,00,00,00,00,00,00,13,94,a3,d9,1e,\ 05,cd,01,58,16,00,00,2c,14,00,00,d3,07,00,00,01,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00 "SppAddInterestingComponents (Enter)"=hex:40,00,00,00,00,00,00,00,13,94,a3,d9,\ 1e,05,cd,01,58,16,00,00,2c,14,00,00,d4,07,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00 "SppAddInterestingComponents (Leave)"=hex:40,00,00,00,00,00,00,00,d3,1e,db,d9,\ 1e,05,cd,01,58,16,00,00,2c,14,00,00,d4,07,00,00,01,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00 "SppCreate (Leave)"=hex:40,00,00,00,00,00,00,00,33,30,36,fe,1e,05,cd,01,58,16,\ 00,00,2c,14,00,00,d0,07,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "SppEnumGroups (Enter)"=hex:40,00,00,00,00,00,00,00,a0,2b,d0,00,58,05,cd,01,08,\ 12,00,00,e8,0d,00,00,d1,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "SppGetSnapshots (Enter)"=hex:40,00,00,00,00,00,00,00,a0,2b,d0,00,58,05,cd,01,\ 08,12,00,00,e8,0d,00,00,d2,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "SppGetSnapshots (Leave)"=hex:40,00,00,00,00,00,00,00,00,e6,6c,12,58,05,cd,01,\ 08,12,00,00,e8,0d,00,00,d2,07,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "SppEnumGroups (Leave)"=hex:40,00,00,00,00,00,00,00,80,97,c2,12,58,05,cd,01,08,\ 12,00,00,e8,0d,00,00,d1,07,00,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\VSS\Diag\SystemRestore] "SrCreateRp (Enter)"=hex:40,00,00,00,00,00,00,00,53,1e,e9,ce,1e,05,cd,01,58,16,\ 00,00,2c,14,00,00,d5,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "SrCreateRp (Leave)"=hex:40,00,00,00,00,00,00,00,83,f3,36,fe,1e,05,cd,01,58,16,\ 00,00,2c,14,00,00,d5,07,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\VSS\Diag\ASR Writer] [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\VSS\Diag\BITS Writer] [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer] [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer] [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\VSS\Diag\Registry Writer] [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer] [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}] [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\VSS\Diag\System Writer] [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\VSS\Diag\VolSnap] "Volume{84d46298-9ccf-11de-a579-806e6f6e6963}DiscoverSnapshots (Enter)"=hex:40,\ 00,00,00,00,00,00,00,8b,cf,d3,5e,20,05,cd,01,00,00,00,00,00,00,00,00,20,00,\ 00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00 "Volume{84d46298-9ccf-11de-a579-806e6f6e6963}Activate (Enter)"=hex:40,00,00,00,\ 00,00,00,00,ae,f3,da,5e,20,05,cd,01,00,00,00,00,00,00,00,00,08,00,00,00,01,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00 "Volume{84d46298-9ccf-11de-a579-806e6f6e6963}ActivateLoop (Enter)"=hex:40,00,\ 00,00,00,00,00,00,ae,f3,da,5e,20,05,cd,01,00,00,00,00,00,00,00,00,1a,00,00,\ 00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00 "Volume{84d46298-9ccf-11de-a579-806e6f6e6963}ActivateLoop (Leave)"=hex:40,00,\ 00,00,00,00,00,00,4a,9a,1d,5f,20,05,cd,01,00,00,00,00,00,00,00,00,1b,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00 "Volume{84d46298-9ccf-11de-a579-806e6f6e6963}ComputeIgnorableProduct (Enter)"=hex:40,\ 00,00,00,00,00,00,00,0c,5d,22,5f,20,05,cd,01,00,00,00,00,00,00,00,00,0c,00,\ 00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00 "Volume{84d46298-9ccf-11de-a579-806e6f6e6963}ComputeIgnorableProduct (Leave)"=hex:40,\ 00,00,00,00,00,00,00,52,a5,30,5f,20,05,cd,01,00,00,00,00,00,00,00,00,0d,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00 "Volume{84d46298-9ccf-11de-a579-806e6f6e6963}DeleteProcess (Enter)"=hex:40,00,\ 00,00,00,00,00,00,2e,40,28,ec,22,05,cd,01,00,00,00,00,00,00,00,00,12,00,00,\ 00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00 "Volume{84d46298-9ccf-11de-a579-806e6f6e6963}Activate (Leave)"=hex:40,00,00,00,\ 00,00,00,00,52,a5,30,5f,20,05,cd,01,00,00,00,00,00,00,00,00,09,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00 "Volume{84d46298-9ccf-11de-a579-806e6f6e6963}DiscoverSnapshots (Leave)"=hex:40,\ 00,00,00,00,00,00,00,52,a5,30,5f,20,05,cd,01,00,00,00,00,00,00,00,00,21,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00 "Volume{84d46298-9ccf-11de-a579-806e6f6e6963}SetIgnorable (Enter)"=hex:40,00,\ 00,00,00,00,00,00,14,68,35,5f,20,05,cd,01,00,00,00,00,00,00,00,00,0a,00,00,\ 00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00 "Volume{84d46298-9ccf-11de-a579-806e6f6e6963}SetIgnorable (Leave)"=hex:40,00,\ 00,00,00,00,00,00,41,13,4e,62,20,05,cd,01,00,00,00,00,00,00,00,00,0b,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00 "Volume{84d46298-9ccf-11de-a579-806e6f6e6963}AdjustBitmap (Enter)"=hex:40,00,\ 00,00,00,00,00,00,9e,8d,4f,ea,21,05,cd,01,00,00,00,00,00,00,00,00,04,00,00,\ 00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00 "Volume{84d46298-9ccf-11de-a579-806e6f6e6963}ValidateDiffAreaFiles (Enter)"=hex:40,\ 00,00,00,00,00,00,00,41,13,4e,62,20,05,cd,01,00,00,00,00,00,00,00,00,1c,00,\ 00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00 "VolumesSafeForWrite (Enter)"=hex:40,00,00,00,00,00,00,00,84,c4,02,65,20,05,cd,\ 01,00,00,00,00,00,00,00,00,1e,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "VolumesSafeForWrite (Leave)"=hex:40,00,00,00,00,00,00,00,66,b3,53,65,20,05,cd,\ 01,00,00,00,00,00,00,00,00,1f,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "Volume{84d46298-9ccf-11de-a579-806e6f6e6963}ValidateDiffAreaFiles (Leave)"=hex:40,\ 00,00,00,00,00,00,00,c7,14,56,65,20,05,cd,01,00,00,00,00,00,00,00,00,1d,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00 "Volume{84d46298-9ccf-11de-a579-806e6f6e6963}DeleteProcess (Leave)"=hex:40,00,\ 00,00,00,00,00,00,2e,40,28,ec,22,05,cd,01,00,00,00,00,00,00,00,00,13,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00 "Volume{84d46298-9ccf-11de-a579-806e6f6e6963}AdjustBitmap (Leave)"=hex:40,00,\ 00,00,00,00,00,00,fe,f6,1a,ec,21,05,cd,01,00,00,00,00,00,00,00,00,05,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\VSS\Diag\VssapiPublisher] [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\VSS\Diag\WMI Writer] [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\VSS\Providers] [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\VSS\Providers\{b5946137-7b9f-4925-af80-51abd60b20d5}] @="Microsoft Software Shadow Copy provider 1.0" "Type"=dword:00000001 "Version"="1.0.0.7" "VersionId"="{00000001-0000-0000-0007-000000000001}" [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\VSS\Providers\{b5946137-7b9f-4925-af80-51abd60b20d5}\CLSID] @="{65EE1DBA-8FF4-4a58-AC1C-3470EE2F376A}" [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\VSS\Settings] [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\VSS\Settings\WritersBlockingRevert] "{2707761B-2324-473D-88EB-EB007A359533}"="DFS-R Writer" "{D76F5A28-3092-4589-BA48-2958FB88CE29}"="FRS Writer" "{B2014C9E-8711-4C5C-A5A9-3CF384484757}"="AD Writer" "{DD846AAA-A1B6-42a8-AAF8-03DCB6114BFD}"="ADAM Writer" "TornComponentsBlockRevert"=dword:00000001 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\VSS\VssAccessControl] "NT Authority\\NetworkService"=dword:00000001 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\wuauserv] "PreshutdownTimeout"=dword:036ee800 "DisplayName"="Windows Update" "ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 "Description"="Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API." "ObjectName"="LocalSystem" "ErrorControl"=dword:00000001 "Start"=dword:00000002 "DelayedAutoStart"=dword:00000001 "Type"=dword:00000020 "DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00 "ServiceSidType"=dword:00000001 "RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,\ 00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,\ 65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,\ 00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,\ 61,00,74,00,65,00,50,00,61,00,67,00,65,00,46,00,69,00,6c,00,65,00,50,00,72,\ 00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,63,00,\ 62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,\ 00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,72,00,69,00,6d,00,61,00,72,00,\ 79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\ 00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,\ 6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\ 00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,\ 75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\ 00,00,00,00,00 "FailureActions"=hex(0):80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,\ 00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\wuauserv\Parameters] "ServiceDll"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\ 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,75,00,\ 61,00,75,00,65,00,6e,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 "ServiceMain"="WUServiceMain" "ServiceDllUnloadOnStop"=dword:00000001 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\wuauserv\Security] "Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,48,00,03,00,00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,\ 05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\ 01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\wuauserv\Enum] "0"="Root\\LEGACY_WUAUSERV\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\wscsvc] "DisplayName"="@%SystemRoot%\\System32\\wscsvc.dll,-200" "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\ 00,65,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,52,00,65,00,73,00,74,00,\ 72,00,69,00,63,00,74,00,65,00,64,00,00,00 "Start"=dword:00000002 "Type"=dword:00000020 "Description"="@%SystemRoot%\\System32\\wscsvc.dll,-201" "DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,77,00,69,00,6e,00,\ 6d,00,67,00,6d,00,74,00,00,00,00,00 "ObjectName"="NT AUTHORITY\\LocalService" "ServiceSidType"=dword:00000001 "RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\ 00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\ 67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\ 00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\ 00,00,00,00 "DelayedAutoStart"=dword:00000001 "FailureActions"=hex(0):80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,\ 00,00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,\ 00 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\wscsvc\Parameters] "ServiceDllUnloadOnStop"=dword:00000001 "ServiceDll"=hex(2):25,00,53,00,59,00,53,00,54,00,45,00,4d,00,52,00,4f,00,4f,\ 00,54,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\wscsvc\Security] "Security"=hex:01,00,14,80,c8,00,00,00,d4,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,98,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\ 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\ 00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,\ 00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,28,00,15,00,00,00,01,06,00,\ 00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,\ 7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,\ 00,00,00 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\wscsvc\Enum] "0"="Root\\LEGACY_WSCSVC\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SDRSVC] "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SDRSVC\0000] "Service"="SDRSVC" "Legacy"=dword:00000001 "ConfigFlags"=dword:00000000 "Class"="LegacyDriver" "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}" "DeviceDesc"="@%SystemRoot%\\system32\\sdrsvc.dll,-107" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_wuauserv] "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_wuauserv\0000] "Service"="wuauserv" "Legacy"=dword:00000001 "ConfigFlags"=dword:00000000 "Class"="LegacyDriver" "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}" "DeviceDesc"="@%systemroot%\\system32\\wuaueng.dll,-105" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_wscsvc] "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_wscsvc\0000] "Service"="wscsvc" "Legacy"=dword:00000001 "ConfigFlags"=dword:00000000 "Class"="LegacyDriver" "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}" "DeviceDesc"="@%SystemRoot%\\System32\\wscsvc.dll,-200"

    Advertisements

Register to Remove

#131 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 19 March 2012 - 02:44 PM

Hi,

Let's give this a try as if there are really that many errors than we really should format and reinstall.

Do you have your Windows Vista CD or can you borrow one from a friend? If so, get it out as we may need this during the following steps:
  • Click on Start, type cmd in the Start Search bar.
  • Right click on Command Prompt at the top of the window and select Run as Administrator.
  • In the Command Prompt Window, type (or copy and paste) sfc /scannow and press Enter.
The scan may take some time, so be patient. Windows will repair any corrupted or missing files that it finds. If information from the installation CD is needed to repair the problem, you may be prompted to insert your Windows Vista CD.

After you run System File Checker, try to run Windows Update.

Let me know how that works. :)
Posted Image
 
 

#132 thatguy89

thatguy89

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 20 March 2012 - 10:13 AM

Hey Jeff! Managed to get a vista cd from a friend, did the SFC and whilst the cd was already in the laptop, it didn't ask once for the installation cd... Also, my friends really good with computers and he did a CHKDSK C:/R disk repair for windows vista using cmd.exe, it took about 2 and a half hours and once it finished i restarted the laptop. Just tried using windows update and it still wont work, prompting the same error message afterwards. That is definitely not a good sign is it.... As I'm preparing for the worst, do you think it's still ok to plug in an external hard drive to get some personal files backed up before the format? I've heard viruses can spread like that, but just to make sure, my system is more or less clean, but the left over damage is the problem, right?

#133 thatguy89

thatguy89

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 20 March 2012 - 10:19 AM

yep, i still need to "install service pack 1" as well before proceeding... forgot to mention but if this makes any sense to you, this is what the chkdsk/ r came up with after the scan: "CHKDSK discovered free space marked as allocated in the master file table <MFT> bitmap. CHKDSK discovered free space marked as allocated in the volume bitmap. Windows has made corrections to the file system. (it then showed a bunch of data in relation to bytes in the system, I didn't get that bit down) Failed to transfer logged messages to the event log with status 50."

#134 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 20 March 2012 - 04:19 PM

Hi,

I am afraid the worst has come. A full reinstall of your operating system is going to be the way to go. I have looked over the message that was produced with chkdsk and basically it's saying that there are too many bad or corrupted sectors. I think that with the number of problems we are having just trying to recover from the problems created by the ZeroAccess infection let alone not being sure there are not other infections still, this is our best course of action from here.

You can go ahead and download all of your pictures, documents and music that you may have saved onto your external hard drive without worry. The infection you had is not a file infector so you won't have any problems.

You can review the page found here >> http://howtoformatac...t-windows-vista to see how to reinstall your operating system.

Sorry to be the bearer of bad news. :(
Posted Image
 
 

#135 thatguy89

thatguy89

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 21 March 2012 - 12:22 PM

yep, :( it's a shame really seeing as you spent so much time trying to help me out. I can't thank you enough though! Even though it's come to a reinstall I at least learned a few things along the way, so thanks a lot for riding it out with me! good news about being able to back up properly at least ^_^ As it turned out Norton was totally unreliable since getting the virus, what would be the best anti-virus/anti-malware/firewall to have so that this doesn't happen to me again? My friend who did the chkdsk told me MSE is a good one...? Again Jeff, thanks a lot for helping me out and not getting too fed up; it's reassuring to know that even though some people get their kicks from wrecking other peoples systems, there'll always be forums with people like you who will dedicate their time to helping people they've never even met. It's what makes the internet so amazing really... Thanks Jeff! :thumbup:

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

4 user(s) are reading this topic

0 members, 4 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·