TechSpot

Pretty sure I have Rootkit.ZeroAccess on my computer

Solved
By Syreynna
Jun 25, 2012
  1. Syreynna

    Syreynna TS Rookie Topic Starter Posts: 74

    No dice with safe or normal mode. ><
  2. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Delete existing "fixlist.txt" file from your flash drive.

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    See if you can start normally.

    Attached Files:

  3. Syreynna

    Syreynna TS Rookie Topic Starter Posts: 74

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-06-2012 01
    Ran by SYSTEM at 2012-06-27 14:47:54 Run:4
    Running from D:\
    ==============================================
    SAM hive was successfully restored from Restore Point.
    SECURITY hive was successfully restored from Restore Point.
    Software hive was successfully restored from Restore Point.
    System hive was successfully restored from Restore Point.
    Default hive was successfully restored from Restore Point.
    ==== End of Fixlog ====
  4. Syreynna

    Syreynna TS Rookie Topic Starter Posts: 74

    Still getting blue screen :(
  5. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    We need to use the Recovery Console to try to fix your issue.

    • You'll need to find your Windows XP installation disk.
    • Insert the Windows XP CD into the CD-ROM drive, then restart your computer.
    • If prompted, click any options that are required to start the computer from the CD-ROM drive.
    • When the Welcome to Setup screen appears, press R to start the Recovery Console.
    • The Recovery Console will start and ask you which Windows installation you would like to log on to.
      • If you have multiple Windows installations, it will list each one, and you would enter the number associated with the installation you would like to work on and press enter. If you have just one Windows installation, type 1 and press Enter.
    • It will then prompt you for the Administrator's password. If there is no password, simply press enter.
    • You will now be presented with a C:\Windows> prompt
    • Type:

    • chkdsk /f /r
      Press Enter
    • See if "chkdsk" will find any errors.
    ************************

    If you don't have Windows CD...
    Download Windows Recovery Console: http://www.thecomputerparamedic.com/files/rc.iso
    Download, and install free Imgburn: http://www.imgburn.com/index.php?act=download
    Using Imgburn, burn rc.iso to a CD.
    Boot to the CD...let it finish loading.
    When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
  6. Syreynna

    Syreynna TS Rookie Topic Starter Posts: 74

    It's not working when I type chkdsk /f /r . It says "the parameter is not valid. Try /? for help." So I did chkdsk /f /? . It reported back "chkdsk [drive:] [/p] [/r]" and tells me what those 3 do. Below that it says "chkdsk may be used without any parameters, in which case the current drive is checked with no switches. You can specify the listed switches."
    "chkdsk requires autochk.exe file. Chkdsk automatically locates autocheck.exe in the startup (boot) directory. If it cannot be found in the startup directory, chkdsk will attempt to locate the windows installation cd. If the installation cd cannot be found, chkdsk prompts for the location of autochk.exe."
  7. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Make sure you observe "spaces" in the above command.
    There is a "space" after "chkdsk" and after "/f"
  8. Syreynna

    Syreynna TS Rookie Topic Starter Posts: 74

    I made sure to type with spaces after both of those and it still doesn't want to run with it.
  9. Syreynna

    Syreynna TS Rookie Topic Starter Posts: 74

    I don't know if it should be but it didn't ask which windows install I wanted to work from or for the admin password when booting from the cd. When I boot the computer a screen also comes up at the beginning asking to select the operating system to start. If I don't touch it it proceeds with windows xp media center edition. But the other two options are "Microsoft windows recovery console" and "do not select this [debugger enabled]" should I try that recovery console option?
  10. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Yeah, go ahead and try "Microsoft windows recovery console".
    When you get to command prompt try "chkdsk" again.
  11. Syreynna

    Syreynna TS Rookie Topic Starter Posts: 74

    Uh it worked when I did just chkdsk /r . It does not like /f at all in this either, it gives the same thing that I posted before about parameter not being valid wether I try it alone without /r or with it..
     
  12. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Did it find any errors?

    Did you try to boot normally?
  13. Syreynna

    Syreynna TS Rookie Topic Starter Posts: 74

    It is only 61% complete.
  14. Broni

    Broni Malware Annihilator Posts: 46,797   +254

  15. Syreynna

    Syreynna TS Rookie Topic Starter Posts: 74

    It says "chkdsk found and fixed one or more errors on the volume" and it lists the total disk space and the available disk space, yet we get a blue screen.
  16. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Run hard drive diagnostics: http://www.tacktech.com/display.cfm?ttid=287
    Make sure, you select tool, which is appropriate for the brand of your hard drive.
    Depending on the program, it'll create bootable floppy, or bootable CD.
    If downloaded file is of .iso type, use ImgBurn: http://www.imgburn.com/ to burn .iso file to a CD (select "Write image file to disc" option), and make the CD bootable.
    For Toshiba hard drives, see here: http://storage.toshiba.com/storage-services-support/warranty-support/software-utilities#diagnostic

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  17. Syreynna

    Syreynna TS Rookie Topic Starter Posts: 74

    Doing this diagnostic on ubcd mode? Or downloading off safe comp to run on sick one?
  18. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    No.
    Please re-read my instructions.
    You need to identify your hard drive manufacturer and use appropriate tool.
  19. Syreynna

    Syreynna TS Rookie Topic Starter Posts: 74

    Ok, I know who my hard drive is manufactured by but how am I supposed to run it unless I download it on a different computer or can it be downloaded/ran while running off of the ubcd since computer still blue screens? A little confused lol :(
  20. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Yes, download the tool and create bootable CD on another working computer.
  21. Syreynna

    Syreynna TS Rookie Topic Starter Posts: 74

    I've got a Samsung hard drive from what I saw when I checked during boot up, it said - Driver ID: Samsung HD( I don't remember the numbers and now I am at my next door neighbors). Anyways, there are two different things to choose from when I click on Samsung.. how am I to know which one of these to get? Samsung drive manager or Samsung disk manager? Just trying to check so I don't get the wrong one of these.

    edit:nvm, I found it. its called some es-tool.
    my bad!
    edit again: I'm selecting the bootable cd iso link and its not bringing up the download at all. :(
  22. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    You want...
    ES-Tool (The Drive Diagnostic Utility) v2.12a (03.12.2009)
    Download ES-Tool Bootable CD ISO (Direct Link)
  23. Syreynna

    Syreynna TS Rookie Topic Starter Posts: 74

    The direct link isn't bringing up a download for me, it is just sending me to their homepage.
  24. Broni

    Broni Malware Annihilator Posts: 46,797   +254

  25. Syreynna

    Syreynna TS Rookie Topic Starter Posts: 74

    The seatools for windows doesn't say anything about making a iso CD but the seatools for DOS does. What to do?


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.