Inactive System infected: ZeroAccess Rootkit Activity 4 and TidServ Activity 2
- Thread starter paulisofi
- Start date
I just opened command prompt and this is what I got:
Administrator: Command Prompt
Microsoft Windows [Version 6.0.6002]
Copyright <c> 2006 Microsoft Corporation. All rights reserved.
C:\Users\paulisofi>_
Where am I supposed to type the command
net user administrator /active: yes
Right next to
C:\Users\paulisofi>here???
Because I tried to create a new command with C:\> but it won't let me because as soon as I hit enter another identical c prompt with users\paulisofi> comes up.
Administrator: Command Prompt
Microsoft Windows [Version 6.0.6002]
Copyright <c> 2006 Microsoft Corporation. All rights reserved.
C:\Users\paulisofi>_
Where am I supposed to type the command
net user administrator /active: yes
Right next to
C:\Users\paulisofi>here???
Because I tried to create a new command with C:\> but it won't let me because as soon as I hit enter another identical c prompt with users\paulisofi> comes up.
In short, it didn't work. These are the details:
1.- As soon as safe mode came back on, a pop up similar to the one before came on:
Microsoft Windows
Windows has recovered from an unexpected shutdown
Windows can check online for a solution to the problem.
View problem details Check for solution Cancel
2.- I clicked on "View problem details" and this is what opened up (here are the few differences):
Problem signature
Problem Event Name: Blue Screen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033
Additional information about the problem:
BCCode: a
BCP1: 00000000
BCP2: 00000002
BCP3: 00000001
BCP4: 8263983C
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1
Files that help describe the problem:
C:\WINDOWS\Minidump|Mini021212-01.dmp
C:\Users\paulisofi\AppData\Local\temp\WER-3539600-0.sysdata.xml
C:\Users\paulisofi\AppData\Local\temp\WERC294.tmp.version.txt
Read our privacy statement:
http://go.microsoft.com/fwlink/?link...63&lcid=0x0409
3.- I followed the instructions to enable built-in administrator account to the letter.
4.- Restarted pc in normal mode and chose Administrator
5.- After some time processing the info, new screen came on, the regular screen when you're normally logged in but with only 3 icons on the desktop and the error message popped up in a bubble in the system tray. I took two pics of that bubble but since I was trying to hurry trying to beat pop up before it went away, and struggling to avoid the glare bet the camera and pc, the pics came out too blurry for me to read. I can only make it says
Windows failed to...
Next time I'll make sure to use the digital voice recorder to record short messages. I'm really sorry about this.
6.- I then waited a minute or two to see if blue screen would come on, but it didn't so I came back to this pc to post this. Then I heard the typical sound of windows restarting, then it had the two icons to choose:
Administrator paulisofi
7.- I didn't do anything since I came back here to post and now again after a few more minutes, I heard the sound of windows restarting one more time. This time I went ahead and shut it down (by choosing "shut down").
1.- As soon as safe mode came back on, a pop up similar to the one before came on:
Microsoft Windows
Windows has recovered from an unexpected shutdown
Windows can check online for a solution to the problem.
View problem details Check for solution Cancel
2.- I clicked on "View problem details" and this is what opened up (here are the few differences):
Problem signature
Problem Event Name: Blue Screen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033
Additional information about the problem:
BCCode: a
BCP1: 00000000
BCP2: 00000002
BCP3: 00000001
BCP4: 8263983C
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1
Files that help describe the problem:
C:\WINDOWS\Minidump|Mini021212-01.dmp
C:\Users\paulisofi\AppData\Local\temp\WER-3539600-0.sysdata.xml
C:\Users\paulisofi\AppData\Local\temp\WERC294.tmp.version.txt
Read our privacy statement:
http://go.microsoft.com/fwlink/?link...63&lcid=0x0409
3.- I followed the instructions to enable built-in administrator account to the letter.
4.- Restarted pc in normal mode and chose Administrator
5.- After some time processing the info, new screen came on, the regular screen when you're normally logged in but with only 3 icons on the desktop and the error message popped up in a bubble in the system tray. I took two pics of that bubble but since I was trying to hurry trying to beat pop up before it went away, and struggling to avoid the glare bet the camera and pc, the pics came out too blurry for me to read. I can only make it says
Windows failed to...
Next time I'll make sure to use the digital voice recorder to record short messages. I'm really sorry about this.
6.- I then waited a minute or two to see if blue screen would come on, but it didn't so I came back to this pc to post this. Then I heard the typical sound of windows restarting, then it had the two icons to choose:
Administrator paulisofi
7.- I didn't do anything since I came back here to post and now again after a few more minutes, I heard the sound of windows restarting one more time. This time I went ahead and shut it down (by choosing "shut down").
Broni
Posts: 56,041 +516
Let's see, if we can look at your computer booting from an external source.
Please download OTLPE (filesize 120,9 MB)
Please download OTLPE (filesize 120,9 MB)
- When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
- Reboot your system using the boot CD you just created.
- Note : If you do not know how to set your computer to boot from CD follow the steps HERE
- Your system should now display a REATOGO-X-PE desktop.
- Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
- Double-click on the OTLPE icon.
- When asked Do you wish to load the remote registry, select Yes
- When asked Do you wish to load remote user profile(s) for scanning, select Yes
- Ensure the box Automatically Load All Remaining Users" is checked and press OK
- OTL should now start.
- Press Run Scan to start the scan.
- When finished, the file will be saved in drive C:\OTL.txt
- Copy this file to your USB drive if you do not have internet connection on this system
- Please post the contents of the OTL.txt file in your reply.
All my blank dvd's are brand new and for that I think they all need formatting, like what happened to the one I created for the vista recovery yesterday. How shall I proceed here? Shall I just put dvd in there and see what happens or format it now before putting it in? And how should I format it? I'm sorry but I don't usually use dvd's or cd's at all. Only to watch record and watch tv shows or movies. on tv.
I'm sorry Broni, I had to leave in a hurry for an emergency. I'm totally back hands on to this again. I followed your instructions: put blank DVD in, double clicked on downloaded item and then a pop up asked me:
Do you want to burn this CD?
I clicked Yes and then it started to extract. Then imgburn came on as if wanting to burn DVD. A new pop up came on saying disk needs formatting and asked me if I wanted to do that. I said Yes, and that's what it's doing right now.
Do you want to burn this CD?
I clicked Yes and then it started to extract. Then imgburn came on as if wanting to burn DVD. A new pop up came on saying disk needs formatting and asked me if I wanted to do that. I said Yes, and that's what it's doing right now.
I have the newly created dvd ready and already put it in infected machine. I started reviewing the steps of new instructions and have some questions before proceeding:
Shall I do the next instruction below on infected computer?
Infected computer doesn't have internet connection
For the last instruction above, can I use the same usb flash drive that we used the other day when you asked me also to download and install panda usb vaccination? USB flash drive still has old (infected?) file in it.
Thanks.
Shall I do the next instruction below on infected computer?
Infected computer doesn't have internet connection
For the last instruction above, can I use the same usb flash drive that we used the other day when you asked me also to download and install panda usb vaccination? USB flash drive still has old (infected?) file in it.
Thanks.
I'm sorry, I try to type as quickly and as I can and the phone is not the best device for that, at least for me. Now, typing from clean computer.
I put newly created dvd in infected pc and restarted it. It booted from dvd automatically and after a black screen with a bar that was getting filled in white got all filled up, then windows came on but not windows vista, it said windows xp, with the big window logo as usual. But up on top it said windows xp not vista.
Now it's booted all the way. I don't recognize most of the icons though.
I put newly created dvd in infected pc and restarted it. It booted from dvd automatically and after a black screen with a bar that was getting filled in white got all filled up, then windows came on but not windows vista, it said windows xp, with the big window logo as usual. But up on top it said windows xp not vista.
Now it's booted all the way. I don't recognize most of the icons though.
Similar threads
