Jump to content

another UKASH malware infection


Recommended Posts

Thursday night I discovered my wife's laptop to be infected with the UKASH malware. I attacked it with TRK 3.3 on a thumbdrive and was able to at least boot into safe mode (without networking). This AM I continued running other spyware removal tools, still unable to get on the internet. Finally gave up, used my daughter's laptop and eventually found another thread on this forum by, Eric72 and Elise. I am taking the 'well worn path' and using the steps outlined in their thread. Combofix identified the malware as Rootkit.ZeroAccess (which inserted itself into the tcp/ip stack and prevented me from automatically or manually setting the IP on the laptop and accessing the internet).

I debated and decided to start another thread, rather than pollute Eric72's. Hope this is okay. Her laptop is now internet capable, however, it is running slow and downloading 'something' - not sure if it's a Windows Update or a vestige of some other malware. Re-running Combofix and HiJackThis and posting the logs for review.

Thanks and please advise my next course of action.

kcwinters

hijackthis log.txt

combofix log.txt

Link to post
Share on other sites

:welcome:

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.