- Joined
- Nov 4, 2005
- Messages
- 12,156 (1.72/day)
| System Name | Compy 386 |
|---|---|
| Processor | 7800X3D |
| Motherboard | Asus |
| Cooling | Air for now..... |
| Memory | 64 GB DDR5 6400Mhz |
| Video Card(s) | 7900XTX 310 Merc |
| Storage | Samsung 990 2TB, 2 SP 2TB SSDs, 24TB Enterprise drives |
| Display(s) | 55" Samsung 4K HDR |
| Audio Device(s) | ATI HDMI |
| Mouse | Logitech MX518 |
| Keyboard | Razer |
| Software | A lot. |
| Benchmark Scores | Its fast. Enough. |
Dear fellow TPUers.
I just spent yesterday cleaning a system at work from a java exploit that resulted in a very serious infection that AVG failed to catch, MSE, Malwarebytes, Blacklight, Sophos, Combofix, and many others failed to remove the infection as well.
The symptoms were, browser redirect, fake system issues, closing programs, hiding all files on HDD, removing all administrative tools and ending their processes when launched, BSOD from thread/memory hijacks when other rootkit tools were ran, system lockup, and full CPU utilization, also it infected the bootsector of the harddrive and rendered the system unable to boot cleanly even in safe mode to run any tools.
Infection started from the one java exploit as a installer that managed to get a rootkit in, the rootkit then downloaded a remote control trojan, system event fake hijackers, and damaging software.
Please http://www.java.com/en/download/index.jsp uninstall all instances of java and update if you need to run java. Java is evil, I know this, you know this. We need it for work.
Please download the following tools.
http://support.kaspersky.com/faq/?qid=208283363 TDSS Killer, anti-rootkit. If you do happen to get infected you must rename the extracted file on a USB stick and insert it and run it as soon as possible as the new variant it catches will check the signature of this file and prevent its launch even when launched from a system level account from the registry on boot.
http://www.bleepingcomputer.com/download/anti-virus/combofix Combo fix, it will clean up the effects of the infection plus any remaining secondary infections that make it past anti-virus or anit-malware.
Malwarebytes, as if you shouldn't have a clean copy of this somewhere on a CD or non-writeable media.
Hijackthis, see above. If you are unsure how to use it you can get a log and post that using a USB stick to transfer it.
The best practices with any infection is immediate isolation of the infected machine, as in physically unplugging the network cable, turning off the switch for wifi, or powering down any access point to limit any secondary infections, or transfer of data. Once the machine is clean a full system scan with each tool and a test of active connections to and from it with a firewall or any modern router to make sure nothing is left to phone home.
Please update all anti-virus signatures and run at least a malware/rootkit scan once a month. For those without anti-virus, get some. There are many free versions, and your belief you are immune or your would "know" is worthless.
Avast
MSE
AVG
There are at least three well known free anti-virus products that are easy to use, and little to no maintenance is required.
******************************************************
Attached is a removal tool that can be copied to a USB stick and it must be copied to the C:\ drive and extracted there.
Extract the zip file after copying by double clicking, then inside the extracted folder double click the "fixit.reg" file to add a runonce line to the registry for the next boot, that then runs a .bat file that renames the anti-rootkit tool and then runs it. Alternately you may double click the bat file and see if it runs.
This removes ZeroAccess rootkit among others, however the damage done by some of the secondary infections will still be present, please download and run the above mentioned tools to help the cleanup and include them on the USB stick to prevent recurring infection after running this tool.
******************************************************************
Neither I, or techpowerup or its members are responsible for any damages from fixing your computer, so after running this if you are still infected, have issues, decide to kill your dog or family, thats your problem.
I just spent yesterday cleaning a system at work from a java exploit that resulted in a very serious infection that AVG failed to catch, MSE, Malwarebytes, Blacklight, Sophos, Combofix, and many others failed to remove the infection as well.
The symptoms were, browser redirect, fake system issues, closing programs, hiding all files on HDD, removing all administrative tools and ending their processes when launched, BSOD from thread/memory hijacks when other rootkit tools were ran, system lockup, and full CPU utilization, also it infected the bootsector of the harddrive and rendered the system unable to boot cleanly even in safe mode to run any tools.
Infection started from the one java exploit as a installer that managed to get a rootkit in, the rootkit then downloaded a remote control trojan, system event fake hijackers, and damaging software.
Please http://www.java.com/en/download/index.jsp uninstall all instances of java and update if you need to run java. Java is evil, I know this, you know this. We need it for work.
Please download the following tools.
http://support.kaspersky.com/faq/?qid=208283363 TDSS Killer, anti-rootkit. If you do happen to get infected you must rename the extracted file on a USB stick and insert it and run it as soon as possible as the new variant it catches will check the signature of this file and prevent its launch even when launched from a system level account from the registry on boot.
http://www.bleepingcomputer.com/download/anti-virus/combofix Combo fix, it will clean up the effects of the infection plus any remaining secondary infections that make it past anti-virus or anit-malware.
Malwarebytes, as if you shouldn't have a clean copy of this somewhere on a CD or non-writeable media.
Hijackthis, see above. If you are unsure how to use it you can get a log and post that using a USB stick to transfer it.
The best practices with any infection is immediate isolation of the infected machine, as in physically unplugging the network cable, turning off the switch for wifi, or powering down any access point to limit any secondary infections, or transfer of data. Once the machine is clean a full system scan with each tool and a test of active connections to and from it with a firewall or any modern router to make sure nothing is left to phone home.
Please update all anti-virus signatures and run at least a malware/rootkit scan once a month. For those without anti-virus, get some. There are many free versions, and your belief you are immune or your would "know" is worthless.
Avast
MSE
AVG
There are at least three well known free anti-virus products that are easy to use, and little to no maintenance is required.
******************************************************
Attached is a removal tool that can be copied to a USB stick and it must be copied to the C:\ drive and extracted there.
Extract the zip file after copying by double clicking, then inside the extracted folder double click the "fixit.reg" file to add a runonce line to the registry for the next boot, that then runs a .bat file that renames the anti-rootkit tool and then runs it. Alternately you may double click the bat file and see if it runs.
This removes ZeroAccess rootkit among others, however the damage done by some of the secondary infections will still be present, please download and run the above mentioned tools to help the cleanup and include them on the USB stick to prevent recurring infection after running this tool.
******************************************************************
Neither I, or techpowerup or its members are responsible for any damages from fixing your computer, so after running this if you are still infected, have issues, decide to kill your dog or family, thats your problem.
Last edited:
Yes, I can see how this "compromise" is a good solution for your situation, especally as you can put the damned thing on probation afterwards with the firewall. 
