Inactive System infected: ZeroAccess Rootkit Activity 4 and TidServ Activity 2

[Broni]

Remove DVD and try to boot normally.

 

[paulisofi]

I removed dvd, selected shut down ("restart" option was not there) and nothing happened. I went back to that left bottom corner where I had clicked Shut Down but nothing comes up when I click there: left click or right click. So I went ahead and put DVD back in and tried to do the same: go to left bottom corner to click "shut down" but it just won't do anything. I double clicked on OTLPE and it did come on; then I closed it. So that means pc is not frozen but somehow when I go with the mouse to that left bottom corner, nothing comes up, as if the blue window icon was dead.

 

[paulisofi]

I mean to say that now nothing comes up when I click on left bottom corner, it just won't give me any options anymore. Icon seems dead.

 

[paulisofi]

Nothing on that bottom bar seems to be alive. Absolutely nothing happens when you click on any of those icons anywhere on bottom bar. All other icons on screen are fine.

 

[Broni]

Remove DVD and shut the computer down manually.

 

[paulisofi]

It's completely off. Shall I try to boot it up in normal mode now?

 

[Broni]

Yes.............

 

[paulisofi]

as administrator or paulisofi?

 

[Broni]

Try administrator.

 

[paulisofi]

didn't work. I try but I keep getting blue screens with that long error message that I never have time to snap a pic of. It's happened like 3 times already. It's back on in safe mode now.

 

[paulisofi]

I just shut it down for fear of more blue screens with error messages.

 

[Broni]

OK at this point I don't see anything malicious on your computer but it looks like your Windows installation is beyond repair.

I have no choice but to advice Windows reinstallation.
I'm sorry.
We tried....

 

[paulisofi]

do you think I could boot in safe mode as paulisofi and copy all those docs I need in a usb flash drive and then do the reinstallation? Or how else could I get those docs that are not backed up?

 

[Broni]

Yes, absolutely.
After you reinstall Windows make sure you scan all those files with an AV program before putting them back.

 

[paulisofi]

That's some good news. Some questions now:

1.- I'm not sure how to go about scanning those files before putting them back. Do I need to instruct the AV to scan whichever drive has the device with all the files?

2.- I was thinking of saving the files on a large usb flash drive and then using panda vaccination on the reinstalled windows to prevent re-infection. But now on second thought, if instead of using a flash drive, I use those new blank DVDs I bought yesterday, would that still work? (I'd save some money as I already have the DVDs but would have to buy the large usb flash drive)

3.- "Reinstallation" is the same as "Recovery"? I've done that a couple of times in the past but a long, long time ago. How shall I get started? Or maybe you can guide me as I go along?

 

[Broni]

1. Yes

2. You can go either way

3. I believe you have some reinstallation DVD?
If so put it in, restart computer and boot to that DVD.
Follow on screen instructions.

P. S. I'll be pretty much gone for the rest of tonight.

 

[paulisofi]

Now, this virus was able to get in even though I had active Norton Internet Security there. How can I really make sure the files I'll put back in the pc with reinstalled windows are not infected? I'll use Norton again but like I said, this virus was able to get through nonetheless. I don't really know which software would work with this virus. Were you able to figure out what virus this is anyway?

 

[paulisofi]

Thanks so much Broni for all your incredible help. I truly really appreciate it. I now just want to make sure I have the fullest antivirus protection in my pc and that this virus doesn't get through in my PCs again. What do you suggest? I have 2012 Norton Internet Security that I'll install again.

 

[paulisofi]

Broni,

I just wanted to ask you for some final advice in regards to antivirus and malware software. Now, after the experience I had, I've realized Norton Internet Security is not enough to prevent these issues. What do you suggest as a professional in this business? Thank you for all your assistance.

 

[Broni]

Norton is fine.
There is no perfect security program.
There is a difference between viral files per se and secondary files infected by a virus.
Some type of infection may slip through any AV program but any secondary files (like files you're about to back up) should be easily recognized by any AV program.