We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Unknown software installed on laptop. virus!
Options
Comments
-
RogueKiller V8.5.2 _x64_ [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ash [Admin rights]
Mode : Scan -- Date : 03/05/2013 20:11:01
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[TASK][SUSP PATH] KMS Activation for Office : C:\Windows\KMSAct.exe [x] -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-2969341504-330059944-722473052-1001\$3d458ef0df604cc3632eb76a8efe88cc\n.) [x] -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[Tr.Karagany][FOLDER] plugs : C:\Users\Ash\AppData\Roaming\Adobe\plugs --> FOUND
[Tr.Karagany][FOLDER] shed : C:\Users\Ash\AppData\Roaming\Adobe\shed --> FOUND
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK3265GSX +++++
--- User ---
[MBR] b02bb23df0c34ce7454bcf2c515c7449
[BSP] 5a3d2754a579c6d8cc3bb0ba7b1c11ab : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10594 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21698560 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 21903360 | Size: 294549 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_03052013_02d2011.txt >>
RKreport[1]_S_03052013_02d2011.txt0 -
As I thought from the DDS log - You have Sirefef (ZeroAccess Rootkit) - I just needed to confirm it.
You've a choice, backup then restore/reinstall or clean it. Either way I would ensure you have backups of all your personal files (Docs, music, pics etc)
If you want to clean it:-
Go here and read through the instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial- IMPORTANT! Ensure you temporarily turn off Avira before running.
Instructions here - Save combofix to your desktop.
- Double click combofix.exe & follow the prompts closely.
- Combofix may reboot the PC several times.
- When it's finished, it will automatically produce a log. Post the contents of that log.
- It can also be found on your C:\ drive named combofix.txt
0 - IMPORTANT! Ensure you temporarily turn off Avira before running.
-
I dont have backup at all. Which means i will have to get lots of cd's to transfer all pics.. I have lots!0
-
I would get the backups done. It's better to be safe than sorry
Let me know what you're going to do.0 -
Yes ill do backups Tomorow afternoon. Ill go and get cd's cos important pics like my baby's first pic etx. Thanks. Will let u know once done0
-
No problem.
I would hold off using the PC in the meantime.0 -
Ok thanks ..0
-
Might be easier (if more costly) to get a USB drive to backup the data to?0
-
True. Saying that I have one somewhere. Will have a rummage through. Do I just transfer items onto USB (copy-paste) or any other way to do it?0
-
Given the current state of your PC I'd suggest keeping things simple. So copy/paste.
0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599K Mortgages, Homes & Bills
- 177K Life & Family
- 257.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards