Sign in to follow this  
Gib

Everything is gone

Recommended Posts

all of my computer data is gone. I only have on my desktop computer icon and recycle bin icon. I had stuff saved up like on my notepad

other programs stuff in my documents. Even the internet was inaccessible until I figured out a way around that. I'm on the internet by the skin of my teeth. Can you help me get everything back like it wass?

Share this post


Link to post
Share on other sites

Please download ComboFix from one of the following links, and follow the instructions below to run it. Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

Link 1

Link 2

* IMPORTANT !!! Save Combo-Fix to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See HERE for help
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

Note:

1. Do not mouseclick combofix's window while it's running. That may cause it to stall!

2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

  • ComboFix (C:\combofix.txt)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Share this post


Link to post
Share on other sites

Just want to let you know I couldn't get system restore to work either. I ran Combofix and it detected I have rootkit.zeroaccess and it told me it would be a difficult infection. combofix was running-> then stage 4-> then BSOD-> then it reboot, but combofix couldn't finish!

Share this post


Link to post
Share on other sites

Please get me a log from TDSSKiller by following the instructions below:

  1. Download TDSSKiller from this link and save it on your desktop.
  2. Run the TDSSKiller download that you saved.
  3. Click on Change parameters as it shows in the following screenshot:
    tdsskiller_report_001.png
  4. Make sure that Verify digital signatures and Detect TDLFS file system are checked as in the following screenshot, and then click OK:
    tdsskiller_report_002.png
  5. Click the Start scan button as in the following screenshot:
    tdsskiller_report_003.png
  6. You will see the following as the scan runs:
    tdsskiller_report_004.png
  7. If there are any threats or malicious items detected, then make sure the option to the right of each item is set to Skip as in the following screenshot (it is very important that TDSSKiller not be allowed to Cure, Quarantine, or Delete these detections!), note that you can click on the selection action to open a list and change it if it is not set to Skip automatically, and then click Continue at the bottom when everything is set to Skip:
    tdsskiller_report_005.png
  8. Click on Report in the upper-right corner, as in the following screenshot:
    tdsskiller_report_006.png
  9. You will see a report similar to the one in the following screenshot. Please click in the report somewhere, then hold down the Ctrl key on your keyboard and tap the A key to select the entire report.
    tdsskiller_report_007.png
  10. Once everything is selected, then it should look similar to the following screenshot, and you will be able to hold down the Ctrl key on your keyboard and tap the C key to copy the entire report.
    tdsskiller_report_008.png
  11. Open Notepad by clicking on the Start button, going to All Programs (or just Programs in Windows 7 and Vista), then Accessories, and clicking on Notepad in the list.
  12. Once Notepad has opened, click on Edit to open the Edit menu, and then click Paste, as in the following screenshot:
    tdsskiller_report_009.png
  13. Once the report has been pasted into Notepad, click File to open the File menu, and then click Save as, as in the following screenshot. Please save the report on your desktop and attach it to a reply by using the More Reply Options button to the lower-right of where you type in your reply.
    tdsskiller_report_010.png

Share this post


Link to post
Share on other sites

I hope I got everything right as far as what I need to provide, you can get my data back right!

Share this post


Link to post
Share on other sites

OK, that does show a ZeroAccess infection. I'll need some more information before we can start repairing this.

Please run a special OTL scan by following the instructions below:

  1. Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run').
  2. Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted.
  3. In the white box at the bottom, labeled Custom Scans/Fixes, please type netsvcs and then click the Run Scan button near the upper-left. Do not change any settings unless otherwise told to do so. The scan will take a few minutes.
  4. When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually.
  5. Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.

Share this post


Link to post
Share on other sites

Whatecver that infection is, its going around, try this OTL log and see if its updated. Sorry but the extras log never got produced.

Share this post


Link to post
Share on other sites

That log has some malicious stuff, however it doesn't show the NetSvcs like I had hoped for. Did you type netsvcs into the Custom Scans/Fixes box before running the scan?

Share this post


Link to post
Share on other sites

Yes I did type in netsvcs, however I was only able to get this one saved by the skin of my teeth, I am running out of options with this computer!

Share this post


Link to post
Share on other sites

The NetSvcs section was missing from that log as well. Our only easy option at this point is to see if TDSSKiller can take care of it on its own.

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Share this post


Link to post
Share on other sites

Sorry, but the bad news is that it didn't fix the problem, there was a threat that I had to put on skip

if I can recall correctly it was, backdoor.multi.zaccess.gen along with some other ones I think it picked

up 5 problems, but don't tell me you're at your wits end and that you can't do anymore. Is this the end?

Well, heres the log

Share this post


Link to post
Share on other sites

I want to add that I can verify that I really typed 'netsvcs', what happened is that it ran a scan for a few minutes after a wh

while during the scan as netsvcs vanishes the standard registry feature highlight went to all and then to the middle option on standard registry where it was originally.

Share this post


Link to post
Share on other sites

I guess I forgot to edit those instructions to ask you to attach the log. I went ahead and did it for you to keep it from getting deleted. ;)

Go ahead and try ComboFix again. Here's the instructions:

Please download ComboFix from one of the following links, and follow the instructions below to run it. Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

Link 1

Link 2

* IMPORTANT !!! Save Combo-Fix to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See HERE for help
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

Note:

1. Do not mouseclick combofix's window while it's running. That may cause it to stall!

2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

  • ComboFix (C:\combofix.txt)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Share this post


Link to post
Share on other sites

About the CF, this time it was able to get further to completed stage 48 before becoming dormant. I think it stayed on 48 for over an hour then I rebotted manually, sorry but I couldn't save the program to the desktop. :(

Share this post


Link to post
Share on other sites
Here's a link to instructions on starting Windows in Safe Mode. Please start your computer in Safe Mode With Networking, and try to download and run ComboFix again.

Share this post


Link to post
Share on other sites

Tried it the first time, CF became passive early. Tried it the second time both times in safe mode w/ networking, it reboots the second time and makes it to the 48th stage. It rebooted the second time I let it run, but when it reboots its obvious that it doesn't reboot back to safe mode w/networking. Thats what the problem is!!!

My recollection: "cannot create file C:\Qoobox\Quarantine\Registry_backups\tcpip.reg" access is denied.

Share this post


Link to post
Share on other sites

OK, lets get a new OTL log. Please run OTL by following the instructions below:

  1. Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run').
  2. Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted.
  3. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes.
  4. When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually.
  5. Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.

Share this post


Link to post
Share on other sites

Righht now, I need help of a different kind as time was passing by my pc was degenerating and it has gotten a lot worse since I last spoke to you. Right now I'm using the internet from a different source. First it started with my internet connection, being affected by the virus; zeoaccess. I tried calling my isp about it and has been told that its an issue with the modm. It has gotten worse to the point where I can no longer get to windows, because once the computer attemps it, then I just get taken to a black screen thats empty. So, thats two recent issues, the connection and desktop failure so to speak. Any advice on my coputer endeavors?

Share this post


Link to post
Share on other sites

TBH, I don't know how my previous reply tripled, but if you want you could delete the excess repliees ty!

Share this post


Link to post
Share on other sites

OK, I deleted the duplicates.

ZeroAccess likes to hijack the network services, and improper removal can damage them and the ZeroAccess infection will just recreate itself with new files and new services. Unfortunately this one seems to be a little tougher than normal, so it could be a newer variant.

Are you able to download utilities from another computer, and transfer them with a USB flash drive?

Share this post


Link to post
Share on other sites

Are you stating that if I had a usb flash drive then I could get to windows, because I can't get to the desktop via safe mode either.

Share this post


Link to post
Share on other sites

Nevermind, is it possible to use a usb flash drive to obtain utilities from a computer at,say, fedex kinkos or the library? The library I'm not sure,but I want you to know the problem is with a laptop.

Share this post


Link to post
Share on other sites

If you can't get to the Windows desktop, then a bootable disk would be needed to resolve the issue. You would need access to a computer with Internet access, a CD burner, and a blank CD.

Share this post


Link to post
Share on other sites

I think I know what you're talking about, a cd to install acopy of windows, am I right? Would kinkos be the place to use a blank cd?

Share this post


Link to post
Share on other sites

I went ahead and did a little research andd found that installation of windows isn't genuine, so I wouldn't consider myself ding that, I did some research on bootable cd as well, but I think that me utilizing one would be whatit takes to grab a little experience. What if on my pc I cannot get a connection to the internet, because when I try to go to a site and hit enter theres no loading, no nothing and the page is blank!

Share this post


Link to post
Share on other sites

If your installation of Windows isn't genuine, then I recommend that you get a genuine copy of Windows and reinstall before we proceed.

Share this post


Link to post
Share on other sites

No, that wasn't what I meant, I was talking about what I found about that particular thing that other people typed and so I found about it made me believe it isn't geuine; but thats, in general. I'm sorry if I confused you, I'm trying my best to explain my intentions!

Share this post


Link to post
Share on other sites

I haave as an os, windows 7 professional, but I prefer win 7 pro, I don't want to deal with win xp.

Share this post


Link to post
Share on other sites

That's OK, I don't want you to reinstall Windows. There's a special disk you can make called Ultimate Boot CD 4 Windows (UBCD4Win), and all you need to make it is a Windows XP disk, a blank CD, and a CD burner. You should be able to run a System Restore from this disk.

Although, now that I think about it, Windows 7 should have an option when starting up to load the Recovery Environment, which you should be able to run a System Restore from as well. That will allow you to restore your computer back to a time before the infection happened, which should repair your system's networking services. You can load the Recovery Environment by following the instructions at this link and select to load the Recovery Environment instead of Safe Mode.

Share this post


Link to post
Share on other sites

I already know how to get to safe mode, the way my ppc is set up it allows me accesss without the f8 key method, but when I get to safe mode the same thing happens that happens at regular desktop attempt, I am taken to a blank creen with "safe mode" on all perimters. I have also tried system restore alone by itself, but this has to be the strongest zeroaccess yet! once I have a win xp disk and blank cd what do I do next because I can probably get this done at kinkos.

Share this post


Link to post
Share on other sites

I don't have a windows 7 disk, but I do want to ask you that once the zeroaccess is cleared and theres no more of it, will I see my destop and all my other stuff I will get back like it was? Also, is this what you are talking about www.ehow.com/m/how_4910631_download-windows-xp-recovery-disk.html

Share this post


Link to post
Share on other sites

The Windows XP recovery disk is a bit different, and probably won't be able to access the System Restore from an installation of Windows 7.

Do you have access to a Windows 7 computer with a CD burner where you have administrative rights?

Share this post


Link to post
Share on other sites

Other than my laptop, a computer I can have access to that has windows 7 is probably the librarys computer, which idk for sure. I did however just goten off the phone with fedex kinkos and they said thattey only have windows xp, but I can also have access to a cd burner. Will I get all my data back?

Share this post


Link to post
Share on other sites

If you have an external hard drive, and a bootable disk (Fedora Linux or Ubuntu for instance) then you should be able to recover your data. A BartPE or UBCD4Win disk will work as well, however they require a Windows XP CD to create.

If you want to try the Linux disks, you can get one of the editions of Fedora from this link (I recommend either the KDE or the Xfce versions, as they will most likely be easier for you to use), and you can get Ubuntu from this link. When you start your computer up off of these disks, you will be able to browse the files on your hard drive and copy them to your flash drive or external hard drive.

Share this post


Link to post
Share on other sites

I don't have a very good question. My question is if I were getting a linux disk shipped t my house, I probably would understand better, but its a download. Did you want me to use a different computer to download and what all do I need for the linux disk?

Share this post


Link to post
Share on other sites

Yes, you will most likely need to create a Linux disk from another computer. It doesn't matter which version of Windows you have, so long as you have a blank CD and can burn data to it.

Linux disks are downloaded as a file that needs to be burned to a disk in a special way. They call it a disk image, or an ISO image, and it usually needs to be burned in a special way. Windows 7 allows you to right-click on an ISO image and burn it to a CD. Most CD burning software also has an option to burn an ISO image to a disk.

Share this post


Link to post
Share on other sites

I plan on taking the laptop into the shop, because of browsing history reasons as one of the reasons. I'm offered to have my files backed up for $45, but I feel that some o my files will be left behind. So, do you feel I could buy me fom Radio Shack a good flash drive with maybe more than 3gb of capacity for less than $45?

Share this post


Link to post
Share on other sites

It looks like you might be able to get a 16GB USB flash drive from RadioShack for under $50, however unless you know how much data you will need to back up, then I do recommend buying an external hard drive with a high capacity. There are external hard drives that can store a significantly larger amount of data than flash drives, although they do tend to be a little larger and heavier, and they are easier to damage when they are dropped or when they receive too much shock from vibrations. Fortunately, even with their drawbacks, they also tend to be inexpensive compared to flash memory and they can store a lot more data at a much lower price.

Share this post


Link to post
Share on other sites

Ok, I just left Office Depot and I almost purchased a flash drive /w 8 gb, but heres the thing I was told, that it will only backup files and not programs and that if my pc is infected that I can spread the infection to the flash drive, but they did offer to fix it which I plan to bring it in tomorrow(if not today)!

Share this post


Link to post
Share on other sites

I hope they know how to deal with ZeroAccess. It is possible to repair a ZeroAccess infection via boot disks, however most techs that work in stores like Office Depot don't know how to do it. I have a feeling that they will want to reinstall Windows.

As for spreading the infection via the flash drive, normally they would be correct, however if you were backing up your data from a Linux boot disk then you would have to manually copy an infected file to the flash drive and then run or open that file on another computer to spread the infection.

Share this post


Link to post
Share on other sites

I just got off the phone with the guy I spoke to at Office Depot and after I told him about my zeroaccess problem, he said that he can take care of zeroaccess,but he said that I can leave everything the way it is and he can just take away the infection and install anti-virus on it. Now, I'm cuious to see what hes going to do, so I plan on taking it in tomorrow! About the linux boot disk download that you gave me, is more of your preference than ubcd, and can a linux cd be used to do system restore?

Share this post


Link to post
Share on other sites

... About the linux boot disk download that you gave me, is more of your preference than ubcd, and can a linux cd be used to do system restore?

I like Linux, however UBCD4Win has so many utilities built into it that it can be an indispensable boot disk. In this case, Linux would have been easier, since it's just a free download.

UBCD4Win is a version of Windows that Microsoft calls Windows PE, and the program that creates a UBCD4Win disk requires a Windows XP or Windows 2003 disk in order to create a UBCD4Win disk (it needs to be able to use the files that are on a Windows XP or Windows 2003 disk), so if you don't have a Windows XP or Windows 2003 disk then you will not be able to create a UBCD4Win disk.

Share this post


Link to post
Share on other sites

A flash drive or an external hard drive would still be needed to back up your data to. The Linux and UBCD4Win disks just provide your with an environment where you will be able to copy your data to a backup drive.

Share this post


Link to post
Share on other sites

I just wanted to know for sure, so that when I go (if I go) to Office Depot today I can purchase it, Well so far what I know is that I need a blank cd, flsh drive and access to cd burner. For a linux boot disk is there anything else I need, because I'm thinking thats everything!

Share this post


Link to post
Share on other sites

As long as you have some sort of USB flash drive to copy your data to once you start your computer up off of the disk, then yes, that's all you need. ;)

Share this post


Link to post
Share on other sites

If your topic gets closed, then just send me a private message, and I can reopen it. ;)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.