Security Software [HELP] Computer Virus Issue(s)

[6pack]

^ problem in that method is that even the virus or rootkit will get copied to whatever device he's using to backup his files. then he'll get the virus again when he attaches the usb hdd to his computer to copy back the files.
best option would be to remove the offending virus or rootkit first from all devices like usb drives, external hdd's, and hdd's of both his and his brothers computer. then take a backup of all required files, and then last after checking everything is there, format his computer if he wants to.

another way would be to stop using admin account and make a standard user account in win7. people usually log in as admin and disable uac. uac is the first line of defence against such infections. disabling uac is like keeping the door of your home always open. use the standard account to browse internet or play games or download what every you want. keep the admin account clean.

 

[medpal]

Its not that we are trying to clear a big virus with HJT, but trying to help OP step by step.

your step or guidance is not countered or objected to by any chance, while he gets response from those specialist forums (which takes a lot of time and sometime does not even generate any response I have personal experience).

Same way I had BSOD problem of some corrupt files and driver conflict which I solved through Think Digit forums and TE forums in its earliest days. Since then I have been reading about this kind of problem and trying to help people as much as I can.

So its a community we are helping person in difficulty with our level of knowledge and level of expertise, no one is inferior or no one is superior. Just the road taken is different and goal / destination is the same

Gentlemen, with all due respects...
ZeroAccess cannot be cleaned using a generic scanner like HJT. PERIOD. It's an infection that started out as a Rootkit and/or a MBR infection.
Current strains are not a TDSS but still can infect the MBR. HJT does not have the capability to cleanse.
While RougeKiller is used extensively to clean the infection. One needs to double check with aswMBR & MBRcheck, logs. The MBR will often require a Windows CD to boot to recovery console> CMD to fix.
This was the only reason I directed the OP to a forum of trained Malware fighters. Where the admin is a MSVP in security.
While I could have helped out and fixed the issues, I think it would be a dis-service to both the OP and TE not to get help from qualified malware fighters.

 

[sikvik]

Its not that we are trying to clear a big virus with HJT, but trying to help OP step by step.

your step or guidance is not countered or objected to by any chance, while he gets response from those specialist forums (which takes a lot of time and sometime does not even generate any response I have personal experience).

Same way I had BSOD problem of some corrupt files and driver conflict which I solved through Think Digit forums and TE forums in its earliest days. Since then I have been reading about this kind of problem and trying to help people as much as I can.

So its a community we are helping person in difficulty with our level of knowledge and level of expertise, no one is inferior or no one is superior. Just the road taken is different and goal / destination is the same

Agree. :yes: Meant no disrespect. Hope the OP realises the severity of the infection. I would not be using the machine for online CC transactions/ banking etc..

 

[matt6151]

Listen everyone, the conversation has diverted.
I am beginning to feel that there is no hope for my computer. But, I have my external harddrive that I can not just reformat; it has to much important information! And my brother's laptop that I can't just reinstall.
I don't care how strenuous it is, I HAVE to remove this virus from my external harddrive and my brother's computer. I need to make sure it gets removed and everything is normal.
I need to take care of this, if you can help me remove this dang virus...PLEASE RESPOND!

 

[medpal]

@matt6151 what you can do is try and find someone running Kaspersky Internet Security in your circle. Go to his / her place from the Kaspersky menu download and update the rescue disk.

Burn that iso into a new cd and then boot your pc with that disk and scan it, it will be a temporary linux OS with antivirus fully loaded, your hdd will not boot so the primary MBR level viruses can also be detected.

Then you can try rootkit removal preboot with help of tools like Hiren`s boot cd and like it.

After primary machine is cleaned you can reboot to linux distro and connect the usb disk and remove the problematic virus from it too.

Just do not boot into windows but use a live cd instead.

 

[matt6151]

what you can do is try and find someone running Kaspersky Internet Security in your circle. Go to his / her place from the Kaspersky menu download and update the rescue disk.

Burn that iso into a new cd and then boot your pc with that disk and scan it, it will be a temporary linux OS with antivirus fully loaded, your hdd will not boot so the primary MBR level viruses can also be detected.

Then you can try rootkit removal preboot with help of tools like Hiren`s boot cd and like it.

After primary machine is cleaned you can reboot to linux distro and connect the usb disk and remove the problematic virus from it too.

Just do not boot into windows but use a live cd instead.

Okay, I have no one who is has Kaspersky.
So, can you suggest something else? And please go step by step with the ISO burning.
I could never get bootable discs to work.
I do have DVD-Rs though, if that helps.

 

[medpal]

No need for CDs only you can burn on DVD also. Or if your PC supports booting from USB you can use USB disk also.

Here I am posting link for different anti virus disk from their own respective providers. Instructions are there for how to burn on USB disk.

Data Recovery | AVG Rescue CD | AVG Worldwide

Index of /rescue_cd/2013

Download Avira AntiVir Rescue System | Official Website

Fighting malicious programs

The last one is from kaspersky and its from website but it gives older version, latest version can be built from within KIS only it will be about 233 - 240 MB.

You can try each one in order and try and rescue your system. While also keep looking at at malware forums earlier discussed. If you have posted there kindly post the link here or PM so I can keep a watch and help you out somewhere.

- - - Updated - - -

PS edit :

YOu can try different rootkit remover tools from anti virus providers here are a few :

http://www.sophos.com/en-us/products/free-tools/sophos-anti-rootkit.aspx

http://www.mcafee.com/in/downloads/free-tools/rootkitremover.aspx

http://www.gmer.net/

http://support.kaspersky.com/faq/?qid=208280684

here is a beautiful blog for removal of rootkit : http://www.technibble.com/how-to-remove-a-rootkit-from-a-windows-system/

http://research.pandasecurity.com/New-Panda-Anti-Rootkit-Version-1-07/

try and get a clean laptop from a friend and download all tools and turn by turn run every one of them on machine and if it succeeds and then remove all previous antivirus programs and install a new antivirus program and update it. then reattach the external drive and then scan it with all the tools.

I am pretty much sure you can tackle this problem this way.