1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

SE redirect or Zero Access suspected on Win XP Pro SP3

By avnublet
Dec 20, 2011
  1. Hello, TechSpot people! I hope your holiday season is going better than mine.
    After struggling on my own to resolve what appears to be a search engine redirect and/or zero access malware, I see from TechSpot that this issue is an enormous hindrance to many people and that you may be able to help me. Without further ado...

    PC Specs:

    Dell Inspiron 9300 (ancient but rugged laptop)
    MS Win XP Pro SP 3, Version/Build 5.1.2600
    Intel X86 Processor, Family 6 1730 MHz
    BIOS: Dell A04, 6/21/2005
    88 GB HD & 2 GB RAM
    1 TSST DVD+/- RW drive
    ATI Radeon X300 w/ 64 MB
    Current browsers: Firefox 8 and IE 8
    All Java and Flash updates are current, and Windows Updates are current

    Important Notes:

    (1) The native display is damaged with two thick white lines running vertically, so I'm using an external 22" Acer LCD monitor (DVI). If the laptop is booted into safe mode (minimal or network), I have to use the damaged display. It's painful, but not impossible.

    (2) Every program installed is legal and is paid for or is freeware. I have never knowingly downloaded spyware, bit torrent clients, or anything similar that could expose this laptop to malware.

    My Problem and Attempted Fixes:

    This PC is used primarily for media editing and web browsing. I own another computer which is my primary and so I have unfortunately neglected updates for this laptop. A few months ago, my browser started redirecting search engine results whenever I clicked on them. This happened with both Firefox 6 and IE 7. Here's what I tried:

    (1) I suspected spyware and so I updated and ran SpyBot, which found nothing. At the time I had AVG as well, but it found nothing either. Frustrated, I downloaded Google Chrome, updated to IE 8, and Firefox 7, ran a Windows update, and updated my versions of Java and Flash. I figured that would fix any exploits. But the redirects still happened on all three brand new web browsers. Then the malware started acting worse, as Firefox would open by itself and launch some suspicious website for random consumer products. So I uninstalled Firefox. Then IE started spontaneously opening.

    (2) Next, I tried multiple system restore attempts in safe mode but all attempts failed, regardless when the save restore point was.

    (3) After Sys Restore failed, I opened the Task Manager, and looked up every process on processlibrary(dot)com. I attempted to kill anything that wasn't critical or looked suspicious. Aha! I found one process that looked strange, called "3414722014:561674036.exe" under User Name "System," and I tried to kill it but it would not die.

    (4) Now it's even worse, because any games I try to play on this laptop result in a warning window stating "Access Denied" due to "insufficient priveliges," even on the Administrator account! So I bought Kaspersky 2011 antivirus. It installed but I can't run it, even as an Administrator, because of the same "access denied / insufficient priveliges" issue. Disgusted, I have uninstalled all of my anti-virus software now.

    Any help you could provide at this point would be appreciated. I'm about to give up on this laptop.
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! Thank you for all the information!

    The entry you found in the Task Manager is surely suspicious and would appear to confirm the ZeroAccess Rootkit:

    About this:
    Please reinstall the AV as soon as you can.
    Trying to install and run a new antivirus program after malware is on the system rarely works and you need some protection on the system. You do not need to disable the security for the following scans.
    I need to see the entries on the system, so please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    If the access denied continues, please see Take Ownership of a File or Folder
    If you had to update all of these, that is most likely why and how you got the malwre in the first place:
    But throwing out programs after malware is on the system doesn't accomplish anything> AVG, Kaspersky, Firefox.
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    Please leave the logs in your next reply.
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Reopening at members request.

    Please note:
    New Holiday Notice! I will not be working on the threads Sat. Dec. 31 or Sunday Jan. 1 I will begin with the oldest threads first on Monday. I will do my best to get you finished or as far along as I can before that.Please do not send a PM during those days.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...