3 replies to this topic

[Mahmoud_K]

Hey guys,

i have a Malware don`t know where i got it .. as i have avast internet security .. anyways .. i read a post here earlier regarding zeroaccess and i`m following the steps there i downloaded RogueKiller and made a scan .. and here is the log.


RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : MaHMooD [Admin rights]
Mode : Scan -- Date : 03/02/2013 21:37:43
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] Desktop.ini : C:\windows\Assembly\GAC_32\Desktop.ini [-] --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\windows\Assembly\GAC_64\Desktop.ini [-] --> FOUND
[Susp.ASLR][FILE] services.exe : C:\windows\system32\services.exe [-] --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5075GSX +++++
--- User ---
[MBR] 9635bdefa5d76b496f08607e58c4beb3
[BSP] c1bab54c5f69f6f9777100e87eaf85a8 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 112743 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 233971712 | Size: 350001 Mo
3 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 950773760 | Size: 12695 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_03022013_02d2137.txt >>
RKreport[1]_S_03022013_02d2137.txt


didn`t want to continue until i get a professional opinion .. to know if i continue with the fix or do another steps.

Thanks in advance

[daledoc1]

Hello and welcome:

It does look as if you may be infected.

We can't review scan logs or work on malware diagnostics and removal in this sub-section of the forum.

So, for expert assistance, please follow the recommendations in this sticky topic: Available Assistance For Possibly Infected Computers.
A qualified helper will guide you through the cleanup process.

Thanks,

daledoc1

[Mahmoud_K]

Sorry i Opened the Wrong Section ... i`ll post it in the malware removal section

[daledoc1]

That's OK.
Newcomers often post in this forum section with their malware issues.

The experts over in the malware removal section will help you out.

Good luck,

daledoc1