Solved Pretty sure I have Rootkit.ZeroAccess on my computer

Delete existing "fixlist.txt" file from your flash drive.

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can start normally.
 

Attachments

  • fixlist.txt
    86 bytes · Views: 3
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-06-2012 01
Ran by SYSTEM at 2012-06-27 14:47:54 Run:4
Running from D:\
==============================================
SAM hive was successfully restored from Restore Point.
SECURITY hive was successfully restored from Restore Point.
Software hive was successfully restored from Restore Point.
System hive was successfully restored from Restore Point.
Default hive was successfully restored from Restore Point.
==== End of Fixlog ====
 
We need to use the Recovery Console to try to fix your issue.

  • You'll need to find your Windows XP installation disk.
  • Insert the Windows XP CD into the CD-ROM drive, then restart your computer.
  • If prompted, click any options that are required to start the computer from the CD-ROM drive.
  • When the Welcome to Setup screen appears, press R to start the Recovery Console.
  • The Recovery Console will start and ask you which Windows installation you would like to log on to.
    • If you have multiple Windows installations, it will list each one, and you would enter the number associated with the installation you would like to work on and press enter. If you have just one Windows installation, type 1 and press Enter.
  • It will then prompt you for the Administrator's password. If there is no password, simply press enter.
  • You will now be presented with a C:\Windows> prompt
  • Type:

  • chkdsk /f /r
    Press Enter
  • See if "chkdsk" will find any errors.
************************

If you don't have Windows CD...
Download Windows Recovery Console: http://www.thecomputerparamedic.com/files/rc.iso
Download, and install free Imgburn: http://www.imgburn.com/index.php?act=download
Using Imgburn, burn rc.iso to a CD.
Boot to the CD...let it finish loading.
When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
 
It's not working when I type chkdsk /f /r . It says "the parameter is not valid. Try /? for help." So I did chkdsk /f /? . It reported back "chkdsk [drive:] [/p] [/r]" and tells me what those 3 do. Below that it says "chkdsk may be used without any parameters, in which case the current drive is checked with no switches. You can specify the listed switches."
"chkdsk requires autochk.exe file. Chkdsk automatically locates autocheck.exe in the startup (boot) directory. If it cannot be found in the startup directory, chkdsk will attempt to locate the windows installation cd. If the installation cd cannot be found, chkdsk prompts for the location of autochk.exe."
 
Make sure you observe "spaces" in the above command.
There is a "space" after "chkdsk" and after "/f"
 
I don't know if it should be but it didn't ask which windows install I wanted to work from or for the admin password when booting from the cd. When I boot the computer a screen also comes up at the beginning asking to select the operating system to start. If I don't touch it it proceeds with windows xp media center edition. But the other two options are "Microsoft windows recovery console" and "do not select this [debugger enabled]" should I try that recovery console option?
 
Yeah, go ahead and try "Microsoft windows recovery console".
When you get to command prompt try "chkdsk" again.
 
Uh it worked when I did just chkdsk /r . It does not like /f at all in this either, it gives the same thing that I posted before about parameter not being valid wether I try it alone without /r or with it..
 
It says "chkdsk found and fixed one or more errors on the volume" and it lists the total disk space and the available disk space, yet we get a blue screen.
 
Run hard drive diagnostics: http://www.tacktech.com/display.cfm?ttid=287
Make sure, you select tool, which is appropriate for the brand of your hard drive.
Depending on the program, it'll create bootable floppy, or bootable CD.
If downloaded file is of .iso type, use ImgBurn: http://www.imgburn.com/ to burn .iso file to a CD (select "Write image file to disc" option), and make the CD bootable.
For Toshiba hard drives, see here: http://storage.toshiba.com/storage-services-support/warranty-support/software-utilities#diagnostic

Note : If you do not know how to set your computer to boot from CD follow the steps here
 
No.
Please re-read my instructions.
You need to identify your hard drive manufacturer and use appropriate tool.
 
Ok, I know who my hard drive is manufactured by but how am I supposed to run it unless I download it on a different computer or can it be downloaded/ran while running off of the ubcd since computer still blue screens? A little confused lol :(
 
I've got a Samsung hard drive from what I saw when I checked during boot up, it said - Driver ID: Samsung HD( I don't remember the numbers and now I am at my next door neighbors). Anyways, there are two different things to choose from when I click on Samsung.. how am I to know which one of these to get? Samsung drive manager or Samsung disk manager? Just trying to check so I don't get the wrong one of these.

edit:nvm, I found it. its called some es-tool.
my bad!
edit again: I'm selecting the bootable cd iso link and its not bringing up the download at all. :(
 
The seatools for windows doesn't say anything about making a iso CD but the seatools for DOS does. What to do?
 
Back