Windows Server 2008, Sirfef.b/y and zeroaccess

Solved
By avenged187
Aug 9, 2012
  1. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    See if you can access Windows updates.
  2. avenged187

    avenged187 Newcomer, in training Topic Starter Posts: 68

    Yes, Update is working now.
  3. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Excellent.

    ZeroAccess rootkit will often mess up MSE so you may need to reinstall it.

    When ready let me know what else is not working.
  4. avenged187

    avenged187 Newcomer, in training Topic Starter Posts: 68

    Going to reinstall MSE first. But it appears that some of the industry software that we use which is java based is non-functioning now.
  5. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    One thing at a time please.
  6. avenged187

    avenged187 Newcomer, in training Topic Starter Posts: 68

    Sorry. Just listing them off as I'm thinking of them. Been working on trying to get this server back in shape since 6pm last night. :confused:
  7. avenged187

    avenged187 Newcomer, in training Topic Starter Posts: 68

    Ok, MSE reinstalled, updates working fine on that end.
  8. avenged187

    avenged187 Newcomer, in training Topic Starter Posts: 68

    I think the java apps just need to be reinstalled, probably corrupted with all the changes. And just have to replace the firewall rules (ugh). but it seems as though most things are running correctly now.
  9. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Zero Access rootkit is not a joke so I'm not surprised some programs got messed up.
    Hold on. I have to scroll up to see where we're at.
  10. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    OK, see if Security Check will run now.

    Also I'll need Eset scan log.
  11. avenged187

    avenged187 Newcomer, in training Topic Starter Posts: 68

    security check is still not running properly. saying that every command is not recognized as an internal or external command.
     
  12. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Can you give me one example with full wording?
  13. avenged187

    avenged187 Newcomer, in training Topic Starter Posts: 68

    'find' is not recognized as an internal or external command, operable program or batch file.
  14. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Hopefully it's just messed up path not files themselves.

    First check if you can find "find.exe" in d:\Windows\System32 folder.
  15. avenged187

    avenged187 Newcomer, in training Topic Starter Posts: 68

    I see find, as well as many other commands that weren't working in cmd, but its in c:\windows\system32. d: is simply the storage drive. no windows folder
  16. Broni

    Broni Malware Annihilator Posts: 46,164   +251

  17. avenged187

    avenged187 Newcomer, in training Topic Starter Posts: 68

    I have %systemroot%\system32 in there, which I thought should default to c:\windows\system32. I copied it and pasted it to notepad, and could paste it here.
  18. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    It should.
    I'm not really sure what's going on there.

    Since we're getting well outside malware removal subject I want you to run Eset scan so we can wrap up malware removal part.

    As for your other issue you'll have to create new topic in Windows forum.
    I'm simply too busy here.
     
  19. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    I've noticed that FSS was also looking for drivers in "D" drive so it must be something in your "path".
  20. avenged187

    avenged187 Newcomer, in training Topic Starter Posts: 68

    Understood. Did you want me to run TFC first? or just the Eset?
  21. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    TFC then Eset but also read my previous reply.
  22. avenged187

    avenged187 Newcomer, in training Topic Starter Posts: 68

    Also, ESet is not running. When I click to have it run a scan, and accept the terms, it defaults to a blank grey window.
  23. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Try different browser.
  24. avenged187

    avenged187 Newcomer, in training Topic Starter Posts: 68

    ok. TFC just finished. Server is rebooting.
  25. avenged187

    avenged187 Newcomer, in training Topic Starter Posts: 68

    Also, oddly, changing %systemroot% to c: in path apparently fixed the problem, and security check just finished


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.