The information provided shows the characteristics of the ZeroAccess Rootkit.
First, let's take care of this file:
It throws a wrench in the works, and programs will not run successfully...
Please download DummyCreator.zip
Unzip the folder:
Right-click and select: Extract all…
Follow the prompts to extract
Open the new folder that appears on the Desktop:
XP: Double-click DummyCreator (aka: DummyMaker) to run the tool.
Now, copy/paste the following into the blank area:
Press the Create button.
Save the content of the Result.txt to your Desktop, and post it in your reply.
Next, restart the computer!
Note: If the results from DummyCreator look like this...
DummyCreator by Farbar
Ran by Owner (administrator) on 11-10-2011 at 16:30:09
C:\WINDOWS\3175483024 [04-11-2011 16:30:10]
== End of log ==
...then, do the following:
Please remove any previous download of TDSSKiller (if used) and download the latest version:
Windows XP: Double-click the file
Press the button: Start Scan
The tool scans and detects two object types:
'Malicious' (where the malware has been identified)
'Suspicious' (where the malware cannot be identified)
When the scan is over, the tool outputs a list of detected objects (Malicious or Suspicious) with their description.
It automatically selects an action ('Cure' or 'Delete') for 'Malicious' objects. Leave the setting as it is.
It also prompts the User to select an action to apply to 'Suspicious' objects ('Skip', by default). Leave the setting as it is.
After clicking 'Next/Continue', the tool applies the selected actions.
A Reboot Required prompt may appear after a disinfection. Please reboot.
By default, the tool outputs its log to the system disk root folder (the disk with the Windows operating system, normally C:\.
Logs have a name like:
Please post the TDSSKiller log in your reply, by uploading it also.
In: Select files to upload, click 'Browse', and 'Look in' the Desktop.
Select the report you wish to upload, and click on 'Open'
You will see the following:
“Your file has been uploaded successfully: (Name and size of the file)”
Please copy the 'Download link', and provide it in your reply.
If you have ComboFix (CF) already on your Desktop, please remove it. We'll download an updated version:
Save ComboFix.exe to your Desktop!! <<--
Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications. They may interfere with the running of CF.
Information on disabling these programs is available here:
XP: Right-click on 'ComboFix.exe' to run the program.
When given the option, DO install the Recovery Console .
This program can come in very handy if there is trouble.
Click on 'Yes', to continue scanning for malware.
When finished, CF produces a report.
Please provide a copy of the C:\ComboFix.txt in your reply by uploading it to Megauploads, as you did previously.
1. Do not mouse-click the ComboFix window while it is running.
This action may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
3. CF disconnects your machine from the internet. However, the connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Need to see the following in your reply:
**The 'TDSSKiller' log - upload
**Whether TDSSKiller needed a reboot <<<<---!!
**The 'ComboFix log' - upload
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/Member of UNITE and the
Alliance of Security Analysis Professionals