TechSpot

System infected: ZeroAccess Rootkit Activity 4 and TidServ Activity 2

Inactive
By paulisofi
Feb 6, 2012
  1. Broni

    Broni Malware Annihilator Posts: 47,684   +268

    Remove DVD and try to boot normally.
     
  2. paulisofi

    paulisofi TS Rookie Topic Starter Posts: 145

    I removed dvd, selected shut down ("restart" option was not there) and nothing happened. I went back to that left bottom corner where I had clicked Shut Down but nothing comes up when I click there: left click or right click. So I went ahead and put DVD back in and tried to do the same: go to left bottom corner to click "shut down" but it just won't do anything. I double clicked on OTLPE and it did come on; then I closed it. So that means pc is not frozen but somehow when I go with the mouse to that left bottom corner, nothing comes up, as if the blue window icon was dead.
     
  3. paulisofi

    paulisofi TS Rookie Topic Starter Posts: 145

    I mean to say that now nothing comes up when I click on left bottom corner, it just won't give me any options anymore. Icon seems dead.
     
  4. paulisofi

    paulisofi TS Rookie Topic Starter Posts: 145

    Nothing on that bottom bar seems to be alive. Absolutely nothing happens when you click on any of those icons anywhere on bottom bar. All other icons on screen are fine.
     
  5. Broni

    Broni Malware Annihilator Posts: 47,684   +268

    Remove DVD and shut the computer down manually.
     
  6. paulisofi

    paulisofi TS Rookie Topic Starter Posts: 145

    It's completely off. Shall I try to boot it up in normal mode now?
     
  7. Broni

    Broni Malware Annihilator Posts: 47,684   +268

    Yes.............
     
  8. paulisofi

    paulisofi TS Rookie Topic Starter Posts: 145

    as administrator or paulisofi?
     
  9. Broni

    Broni Malware Annihilator Posts: 47,684   +268

    Try administrator.
     
  10. paulisofi

    paulisofi TS Rookie Topic Starter Posts: 145

    didn't work. I try but I keep getting blue screens with that long error message that I never have time to snap a pic of. It's happened like 3 times already. It's back on in safe mode now.
     
  11. paulisofi

    paulisofi TS Rookie Topic Starter Posts: 145

    I just shut it down for fear of more blue screens with error messages.
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,684   +268

    OK at this point I don't see anything malicious on your computer but it looks like your Windows installation is beyond repair.

    I have no choice but to advice Windows reinstallation.
    I'm sorry.
    We tried....
     
  13. paulisofi

    paulisofi TS Rookie Topic Starter Posts: 145

    do you think I could boot in safe mode as paulisofi and copy all those docs I need in a usb flash drive and then do the reinstallation? Or how else could I get those docs that are not backed up?
     
  14. Broni

    Broni Malware Annihilator Posts: 47,684   +268

    Yes, absolutely.
    After you reinstall Windows make sure you scan all those files with an AV program before putting them back.
     
  15. paulisofi

    paulisofi TS Rookie Topic Starter Posts: 145

    That's some good news. Some questions now:

    1.- I'm not sure how to go about scanning those files before putting them back. Do I need to instruct the AV to scan whichever drive has the device with all the files?

    2.- I was thinking of saving the files on a large usb flash drive and then using panda vaccination on the reinstalled windows to prevent re-infection. But now on second thought, if instead of using a flash drive, I use those new blank DVDs I bought yesterday, would that still work? (I'd save some money as I already have the DVDs but would have to buy the large usb flash drive)

    3.- "Reinstallation" is the same as "Recovery"? I've done that a couple of times in the past but a long, long time ago. How shall I get started? Or maybe you can guide me as I go along?
     
  16. Broni

    Broni Malware Annihilator Posts: 47,684   +268

    1. Yes

    2. You can go either way

    3. I believe you have some reinstallation DVD?
    If so put it in, restart computer and boot to that DVD.
    Follow on screen instructions.

    P. S. I'll be pretty much gone for the rest of tonight.
     
  17. paulisofi

    paulisofi TS Rookie Topic Starter Posts: 145

    Now, this virus was able to get in even though I had active Norton Internet Security there. How can I really make sure the files I'll put back in the pc with reinstalled windows are not infected? I'll use Norton again but like I said, this virus was able to get through nonetheless. I don't really know which software would work with this virus. Were you able to figure out what virus this is anyway?
     
  18. paulisofi

    paulisofi TS Rookie Topic Starter Posts: 145

    Thanks so much Broni for all your incredible help. I truly really appreciate it. I now just want to make sure I have the fullest antivirus protection in my pc and that this virus doesn't get through in my PCs again. What do you suggest? I have 2012 Norton Internet Security that I'll install again.
     
  19. paulisofi

    paulisofi TS Rookie Topic Starter Posts: 145

    Broni,

    I just wanted to ask you for some final advice in regards to antivirus and malware software. Now, after the experience I had, I've realized Norton Internet Security is not enough to prevent these issues. What do you suggest as a professional in this business? Thank you for all your assistance.
     
  20. Broni

    Broni Malware Annihilator Posts: 47,684   +268

    Norton is fine.
    There is no perfect security program.
    There is a difference between viral files per se and secondary files infected by a virus.
    Some type of infection may slip through any AV program but any secondary files (like files you're about to back up) should be easily recognized by any AV program.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.