• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Rootkit - 0Access.H virus help!!!!!

DrGreenThumb

New Member
Joined
Jan 6, 2008
Messages
146 (0.02/day)
Location
New Zealand
System Name Betsy
Processor 3800x2
Motherboard MSI-7168 Nec - NO OC options :(
Cooling 2 fans rear/front
Memory 2gig ddr 400
Video Card(s) GTS 250 512mb
Storage 200gb sata
Display(s) 21 inch crt or 15 samsung lcd pc/tv
Case black
Audio Device(s) Realtek drivers !!
Power Supply 500w SliverStone Strider
Software Xp pro 32 / Vista x64
(SOLVED)Rootkit - 0Access.H virus help!!!!!

hi , i wasnt to sure where to post this, so sorry if its in wrong place

Anyways, i got this crappy virus at the moment, im sure i got it being lazy when one of those stupid pages came up saying "stay/leave page" i selected leave (normally i would close firefox from task manager)

Now i have two iexplore.exe processes and like three LWUU0j8u.exe, it makes my modem blink like its using the net even tho im not....

i tryed Malwarebytes (normally it fixes everything) but it doesnt even find it, yet it keeps blocking outgoing ip addresses

tryed avast! (what a crap) didnt help and you cant even stop or uninstall it with out removel program, tryed spy doctor but its useless scans then trys to get you to register

It a s.o.b i never had such a hard time getting rid of a virus!! even worm blaster 32 back in the day was easy with its 60 sec count down timer

Please help!! thanks
 
Last edited:

brandonwh64

Addicted to Bacon and StarCrunches!!!
Joined
Sep 6, 2009
Messages
19,542 (3.67/day)
Try AVG free and see what it does, Its good about pesky viruses like this one.
 

DrGreenThumb

New Member
Joined
Jan 6, 2008
Messages
146 (0.02/day)
Location
New Zealand
System Name Betsy
Processor 3800x2
Motherboard MSI-7168 Nec - NO OC options :(
Cooling 2 fans rear/front
Memory 2gig ddr 400
Video Card(s) GTS 250 512mb
Storage 200gb sata
Display(s) 21 inch crt or 15 samsung lcd pc/tv
Case black
Audio Device(s) Realtek drivers !!
Power Supply 500w SliverStone Strider
Software Xp pro 32 / Vista x64
thanks ill try that now
 
Joined
Feb 10, 2007
Messages
2,582 (0.41/day)
Location
Oulu, Finland
System Name Enslaver :)
Processor Ryzen 7 7800X3D
Motherboard ASUS TUF Gaming B650-Plus
Cooling CPU: Noctua NH-D14 with LED fans, Case: 2 front in - 1 rear out
Memory 2x16GB Kingston Fury Beast RGB 6000MHz
Video Card(s) ASUS TUF RTX 4070Ti OC
Storage Samsung Evo Plus 1TB NVMe , internal WD Red 4TB for storage, WD Book 8TB
Display(s) LG CX OLED 65"
Case Lian Li LANCOOL II Mesh C Performance
Audio Device(s) HDMI audio powering Dolby Digital audio on 5.1 Z960 speaker system
Power Supply Corsair RM850x
Mouse Logitech G700
Keyboard ASUS Strix Tactic Pro
Software Windows 11 Pro x64
Avast Antivirus should help. If it cant remove the virus in Windows then Avasts boottime scan will.
 
Joined
Jan 24, 2010
Messages
3,603 (0.70/day)
Location
Oregon, USA
System Name GLaDOS
Processor AMD FX-9590 X8 4.7GHz
Motherboard ASUS Sabertooth 990FX
Cooling Corsair H80i v2
Memory Corsair Vengeance 24GB (2x8GB, 2x4GB) DDR3 1600 MHz
Video Card(s) ASUS ROG-STRIX-RX580-O8G-GAMINGOC
Storage WD Blue 3D NAND 1TB Internal PC SSD
Display(s) 2 Acer S231HL 23" LED backlit LCD's on a Dual LCD stand
Case Corsair iCUE 220T RGB Airflow
Audio Device(s) Onboard - Corsair Void Pro Wireless
Power Supply Corsair 850HXi 850W
Mouse Corsair Sabre RGB
Keyboard Corsair K70 LUX RGB
Software Microsoft Windows 10 Pro 64 Bit
At this point MSE or a reinstall is your best bet. Strange that an up to date Malwarebyte's can't find it.

Have you tried TDSSkiller? It's made to kill rootkits.
 

DrGreenThumb

New Member
Joined
Jan 6, 2008
Messages
146 (0.02/day)
Location
New Zealand
System Name Betsy
Processor 3800x2
Motherboard MSI-7168 Nec - NO OC options :(
Cooling 2 fans rear/front
Memory 2gig ddr 400
Video Card(s) GTS 250 512mb
Storage 200gb sata
Display(s) 21 inch crt or 15 samsung lcd pc/tv
Case black
Audio Device(s) Realtek drivers !!
Power Supply 500w SliverStone Strider
Software Xp pro 32 / Vista x64
yes sorry i did try tdsskiller also, using change parameters/additional options, didnt show up any high threats, every thin was just skip\\\

edit: durp i was supposed to change to cure wasnt i, ill try that

edit, none had cure option
 
Last edited:

temp02

New Member
Joined
Mar 18, 2009
Messages
493 (0.09/day)
Question, if you start the computer in safe-mode (F8) does the virus still get executed (processes and/or services still executing)?
 
Joined
Jun 29, 2007
Messages
1,243 (0.20/day)
Location
Repentigny, QC, CANADA
System Name CTG Computer
Processor AMD Ryzen 7 5800x
Motherboard Asus Strix B550-F
Cooling Noctua NH-U14S
Memory 2x 16gb G.SKILL F4-3600C16D-32GTZN
Video Card(s) Gigabyte RX6800XT Gaming OC
Storage WD Black SN850 1TB
Display(s) MAG274QRF-QD | Asus vg248qe
Case Fractal Meshify 2
Audio Device(s) Creative SoundBlasterx G6
Power Supply eVGA SuperNova 750w G2
Mouse Logitech G pro Wireless
Keyboard Corsair Strafe RGB MK2
Software Windows 10 Pro x64
You can try this: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

I really like this small software ---> Doesn't work with AVG installed!

By the way if your computer is fine after a clean, deleted all restore point and make a new one.. shit can be in Restore point.


it's at your own risk, but I've been using it since 2 years it is amazing how it does well the job!
 

TheMailMan78

Big Member
Joined
Jun 3, 2007
Messages
22,599 (3.68/day)
Location
'Merica. The Great SOUTH!
System Name TheMailbox 5.0 / The Mailbox 4.5
Processor RYZEN 1700X / Intel i7 2600k @ 4.2GHz
Motherboard Fatal1ty X370 Gaming K4 / Gigabyte Z77X-UP5 TH Intel LGA 1155
Cooling MasterLiquid PRO 280 / Scythe Katana 4
Memory ADATA RGB 16GB DDR4 2666 16-16-16-39 / G.SKILL Sniper Series 16GB DDR3 1866: 9-9-9-24
Video Card(s) MSI 1080 "Duke" with 8Gb of RAM. Boost Clock 1847 MHz / ASUS 780ti
Storage 256Gb M4 SSD / 128Gb Agelity 4 SSD , 500Gb WD (7200)
Display(s) LG 29" Class 21:9 UltraWide® IPS LED Monitor 2560 x 1080 / Dell 27"
Case Cooler Master MASTERBOX 5t / Cooler Master 922 HAF
Audio Device(s) Realtek ALC1220 Audio Codec / SupremeFX X-Fi with Bose Companion 2 speakers.
Power Supply Seasonic FOCUS Plus Series SSR-750PX 750W Platinum / SeaSonic X Series X650 Gold
Mouse SteelSeries Sensei (RAW) / Logitech G5
Keyboard Razer BlackWidow / Logitech (Unknown)
Software Windows 10 Pro (64-bit)
Benchmark Scores Benching is for bitches.
Be careful with combofix. It can fubar a system.

DrGreenThumb what do you use as a real time scanner? ALSO run all these scans your doing in safe mode. If nothing works I recommend Kapersky boot disk. Takes forever but works pretty darn well.
 
Joined
Jun 29, 2007
Messages
1,243 (0.20/day)
Location
Repentigny, QC, CANADA
System Name CTG Computer
Processor AMD Ryzen 7 5800x
Motherboard Asus Strix B550-F
Cooling Noctua NH-U14S
Memory 2x 16gb G.SKILL F4-3600C16D-32GTZN
Video Card(s) Gigabyte RX6800XT Gaming OC
Storage WD Black SN850 1TB
Display(s) MAG274QRF-QD | Asus vg248qe
Case Fractal Meshify 2
Audio Device(s) Creative SoundBlasterx G6
Power Supply eVGA SuperNova 750w G2
Mouse Logitech G pro Wireless
Keyboard Corsair Strafe RGB MK2
Software Windows 10 Pro x64
Be careful with combofix. It can fubar a system.

like any Anti-virus ;) remember AVG winlogon? NOD32 had also a bad update, and some other to crash system.


On my side, combofix always worked fine :toast: that's why I said it's on his own risk, but if he his going to reinstall, well why not trying it ;)
 

TheMailMan78

Big Member
Joined
Jun 3, 2007
Messages
22,599 (3.68/day)
Location
'Merica. The Great SOUTH!
System Name TheMailbox 5.0 / The Mailbox 4.5
Processor RYZEN 1700X / Intel i7 2600k @ 4.2GHz
Motherboard Fatal1ty X370 Gaming K4 / Gigabyte Z77X-UP5 TH Intel LGA 1155
Cooling MasterLiquid PRO 280 / Scythe Katana 4
Memory ADATA RGB 16GB DDR4 2666 16-16-16-39 / G.SKILL Sniper Series 16GB DDR3 1866: 9-9-9-24
Video Card(s) MSI 1080 "Duke" with 8Gb of RAM. Boost Clock 1847 MHz / ASUS 780ti
Storage 256Gb M4 SSD / 128Gb Agelity 4 SSD , 500Gb WD (7200)
Display(s) LG 29" Class 21:9 UltraWide® IPS LED Monitor 2560 x 1080 / Dell 27"
Case Cooler Master MASTERBOX 5t / Cooler Master 922 HAF
Audio Device(s) Realtek ALC1220 Audio Codec / SupremeFX X-Fi with Bose Companion 2 speakers.
Power Supply Seasonic FOCUS Plus Series SSR-750PX 750W Platinum / SeaSonic X Series X650 Gold
Mouse SteelSeries Sensei (RAW) / Logitech G5
Keyboard Razer BlackWidow / Logitech (Unknown)
Software Windows 10 Pro (64-bit)
Benchmark Scores Benching is for bitches.
like any Anti-virus ;) remember AVG winlogon? NOD32 had also a bad update, and some other to crash system.


On my side, combofix always worked fine :toast: that's why I said it's on his own risk, but if he his going to reinstall, well why not trying it ;)
Well yeah if he gonna format it I would try combo fix. But thats a LAST resort IMO.

Don't get mail man started on viruses. Just the talk alone will have him formatting his OWN system LOLOLOL

:roll:
Shit man I would have already formatted. lol. I have backups of backups. Whats funny is Ill fight a virus until Im SURE its gone......then format anyway. lol
 

DrGreenThumb

New Member
Joined
Jan 6, 2008
Messages
146 (0.02/day)
Location
New Zealand
System Name Betsy
Processor 3800x2
Motherboard MSI-7168 Nec - NO OC options :(
Cooling 2 fans rear/front
Memory 2gig ddr 400
Video Card(s) GTS 250 512mb
Storage 200gb sata
Display(s) 21 inch crt or 15 samsung lcd pc/tv
Case black
Audio Device(s) Realtek drivers !!
Power Supply 500w SliverStone Strider
Software Xp pro 32 / Vista x64
Thanks for info everyone!! funny thing it seem to have gone away now... i think

i did try combofix also but i need to enable restore points i let it run anyway lol, i been offline for a few months while moving, and just now did windows update maybe that fixed it? doing AVG fullscan now, will take awhile
 

brandonwh64

Addicted to Bacon and StarCrunches!!!
Joined
Sep 6, 2009
Messages
19,542 (3.67/day)
Thanks for info everyone!! funny thing it seem to have gone away now... i think

i did try combofix also but i need to enable restore points i let it run anyway lol, i been offline for a few months while moving, and just now did windows update maybe that fixed it? doing AVG fullscan now, will take awhile

May end up just reformatting anyway if it has been a long time since your last install.
 

TheMailMan78

Big Member
Joined
Jun 3, 2007
Messages
22,599 (3.68/day)
Location
'Merica. The Great SOUTH!
System Name TheMailbox 5.0 / The Mailbox 4.5
Processor RYZEN 1700X / Intel i7 2600k @ 4.2GHz
Motherboard Fatal1ty X370 Gaming K4 / Gigabyte Z77X-UP5 TH Intel LGA 1155
Cooling MasterLiquid PRO 280 / Scythe Katana 4
Memory ADATA RGB 16GB DDR4 2666 16-16-16-39 / G.SKILL Sniper Series 16GB DDR3 1866: 9-9-9-24
Video Card(s) MSI 1080 "Duke" with 8Gb of RAM. Boost Clock 1847 MHz / ASUS 780ti
Storage 256Gb M4 SSD / 128Gb Agelity 4 SSD , 500Gb WD (7200)
Display(s) LG 29" Class 21:9 UltraWide® IPS LED Monitor 2560 x 1080 / Dell 27"
Case Cooler Master MASTERBOX 5t / Cooler Master 922 HAF
Audio Device(s) Realtek ALC1220 Audio Codec / SupremeFX X-Fi with Bose Companion 2 speakers.
Power Supply Seasonic FOCUS Plus Series SSR-750PX 750W Platinum / SeaSonic X Series X650 Gold
Mouse SteelSeries Sensei (RAW) / Logitech G5
Keyboard Razer BlackWidow / Logitech (Unknown)
Software Windows 10 Pro (64-bit)
Benchmark Scores Benching is for bitches.
Thanks for info everyone!! funny thing it seem to have gone away now... i think

i did try combofix also but i need to enable restore points i let it run anyway lol, i been offline for a few months while moving, and just now did windows update maybe that fixed it? doing AVG fullscan now, will take awhile

Try the kapersky boot disk. You dont have to install ANYTHING. Just boot from the disk and let it run. It will connect to the internet, update and scan EVERYTHING from the DVD/USB.
 

DrGreenThumb

New Member
Joined
Jan 6, 2008
Messages
146 (0.02/day)
Location
New Zealand
System Name Betsy
Processor 3800x2
Motherboard MSI-7168 Nec - NO OC options :(
Cooling 2 fans rear/front
Memory 2gig ddr 400
Video Card(s) GTS 250 512mb
Storage 200gb sata
Display(s) 21 inch crt or 15 samsung lcd pc/tv
Case black
Audio Device(s) Realtek drivers !!
Power Supply 500w SliverStone Strider
Software Xp pro 32 / Vista x64
reformat NEVER lol im to lazy to reinstall everything
 

TheMailMan78

Big Member
Joined
Jun 3, 2007
Messages
22,599 (3.68/day)
Location
'Merica. The Great SOUTH!
System Name TheMailbox 5.0 / The Mailbox 4.5
Processor RYZEN 1700X / Intel i7 2600k @ 4.2GHz
Motherboard Fatal1ty X370 Gaming K4 / Gigabyte Z77X-UP5 TH Intel LGA 1155
Cooling MasterLiquid PRO 280 / Scythe Katana 4
Memory ADATA RGB 16GB DDR4 2666 16-16-16-39 / G.SKILL Sniper Series 16GB DDR3 1866: 9-9-9-24
Video Card(s) MSI 1080 "Duke" with 8Gb of RAM. Boost Clock 1847 MHz / ASUS 780ti
Storage 256Gb M4 SSD / 128Gb Agelity 4 SSD , 500Gb WD (7200)
Display(s) LG 29" Class 21:9 UltraWide® IPS LED Monitor 2560 x 1080 / Dell 27"
Case Cooler Master MASTERBOX 5t / Cooler Master 922 HAF
Audio Device(s) Realtek ALC1220 Audio Codec / SupremeFX X-Fi with Bose Companion 2 speakers.
Power Supply Seasonic FOCUS Plus Series SSR-750PX 750W Platinum / SeaSonic X Series X650 Gold
Mouse SteelSeries Sensei (RAW) / Logitech G5
Keyboard Razer BlackWidow / Logitech (Unknown)
Software Windows 10 Pro (64-bit)
Benchmark Scores Benching is for bitches.

DrGreenThumb

New Member
Joined
Jan 6, 2008
Messages
146 (0.02/day)
Location
New Zealand
System Name Betsy
Processor 3800x2
Motherboard MSI-7168 Nec - NO OC options :(
Cooling 2 fans rear/front
Memory 2gig ddr 400
Video Card(s) GTS 250 512mb
Storage 200gb sata
Display(s) 21 inch crt or 15 samsung lcd pc/tv
Case black
Audio Device(s) Realtek drivers !!
Power Supply 500w SliverStone Strider
Software Xp pro 32 / Vista x64
What do you use for a real time scanner?
umm nothing , i only use Malwarebytes when i know theres a problem, i may sound pretty computer illiterate , but i been using comps 20 years and def know when somethings up

Edit tryed safe mode of coarse also
 

temp02

New Member
Joined
Mar 18, 2009
Messages
493 (0.09/day)
tryed safe mode of coarse also

Then it would be best if you re-install Windows, no need to format, just do a "custom" installation and when asked if you want to format, select "keep files" and "delete current windows installation" (or replace, can't remember).
Good luck.
 
Joined
Nov 4, 2005
Messages
11,655 (1.73/day)
System Name Compy 386
Processor 7800X3D
Motherboard Asus
Cooling Air for now.....
Memory 64 GB DDR5 6400Mhz
Video Card(s) 7900XTX 310 Merc
Storage Samsung 990 2TB, 2 SP 2TB SSDs and over 10TB spinning
Display(s) 56" Samsung 4K HDR
Audio Device(s) ATI HDMI
Mouse Logitech MX518
Keyboard Razer
Software A lot.
Benchmark Scores Its fast. Enough.
The issue with 0.access is that it is a smart rootkit, it loads during boot time, and intercepts all processes to control what can and can't be seen. The only way to remove it successfully since you can't install anti-virus with it running and it prevents the correct use of tddskiller or combofix is to use the batch script tool I made and uploaded or to use a anti-virus with the drive loaded in another secure PC.
http://www.techpowerup.com/forums/showthread.php?t=156917&highlight=fixit

Download and get the most current version of TDDS killer to put in the archive.

Copy to a USB stick and then use your recycle bin to launch an explorer window to copy to your C drive and follow the instructions.
 

TheMailMan78

Big Member
Joined
Jun 3, 2007
Messages
22,599 (3.68/day)
Location
'Merica. The Great SOUTH!
System Name TheMailbox 5.0 / The Mailbox 4.5
Processor RYZEN 1700X / Intel i7 2600k @ 4.2GHz
Motherboard Fatal1ty X370 Gaming K4 / Gigabyte Z77X-UP5 TH Intel LGA 1155
Cooling MasterLiquid PRO 280 / Scythe Katana 4
Memory ADATA RGB 16GB DDR4 2666 16-16-16-39 / G.SKILL Sniper Series 16GB DDR3 1866: 9-9-9-24
Video Card(s) MSI 1080 "Duke" with 8Gb of RAM. Boost Clock 1847 MHz / ASUS 780ti
Storage 256Gb M4 SSD / 128Gb Agelity 4 SSD , 500Gb WD (7200)
Display(s) LG 29" Class 21:9 UltraWide® IPS LED Monitor 2560 x 1080 / Dell 27"
Case Cooler Master MASTERBOX 5t / Cooler Master 922 HAF
Audio Device(s) Realtek ALC1220 Audio Codec / SupremeFX X-Fi with Bose Companion 2 speakers.
Power Supply Seasonic FOCUS Plus Series SSR-750PX 750W Platinum / SeaSonic X Series X650 Gold
Mouse SteelSeries Sensei (RAW) / Logitech G5
Keyboard Razer BlackWidow / Logitech (Unknown)
Software Windows 10 Pro (64-bit)
Benchmark Scores Benching is for bitches.
umm nothing , i only use Malwarebytes when i know theres a problem, i may sound pretty computer illiterate , but i been using comps 20 years and def know when somethings up

Edit tryed safe mode of coarse also

Well what you got hit with was from java. If you are running nothing as a scanner they make plug ins for Firefox that will help against bad java scripts. Even something simple like MSE can block bad Java and it has a VERY small foot print.

The issue with 0.access is that it is a smart rootkit, it loads during boot time, and intercepts all processes to control what can and can't be seen. The only way to remove it successfully since you can't install anti-virus with it running and it prevents the correct use of tddskiller or combofix is to use the batch script tool I made and uploaded or to use a anti-virus with the drive loaded in another secure PC.
http://www.techpowerup.com/forums/showthread.php?t=156917&highlight=fixit

Download and get the most current version of TDDS killer to put in the archive.

Copy to a USB stick and then use your recycle bin to launch an explorer window to copy to your C drive and follow the instructions.

Kapersky boot disk does the same thing.
 

DrGreenThumb

New Member
Joined
Jan 6, 2008
Messages
146 (0.02/day)
Location
New Zealand
System Name Betsy
Processor 3800x2
Motherboard MSI-7168 Nec - NO OC options :(
Cooling 2 fans rear/front
Memory 2gig ddr 400
Video Card(s) GTS 250 512mb
Storage 200gb sata
Display(s) 21 inch crt or 15 samsung lcd pc/tv
Case black
Audio Device(s) Realtek drivers !!
Power Supply 500w SliverStone Strider
Software Xp pro 32 / Vista x64
Well what you got hit with was from java. If you are running nothing as a scanner they make plug ins for Firefox that will help against bad java scripts. Even something simple like MSE can block bad Java and it has a VERY small foot print.



Kapersky boot disk does the same thing.

yeah i did notice the java icon pop up very briefly when this nonsense happend, the first thing i did was uninstall java and get latest ver

I feel like just puttin IE in the recycle bin again lol i done it before, dolphin gc/wii emulator had probs at a time launching with IE installed on XP

thanks again ill try the Kapersky boot disk thing if it makes another appearance
 

TheMailMan78

Big Member
Joined
Jun 3, 2007
Messages
22,599 (3.68/day)
Location
'Merica. The Great SOUTH!
System Name TheMailbox 5.0 / The Mailbox 4.5
Processor RYZEN 1700X / Intel i7 2600k @ 4.2GHz
Motherboard Fatal1ty X370 Gaming K4 / Gigabyte Z77X-UP5 TH Intel LGA 1155
Cooling MasterLiquid PRO 280 / Scythe Katana 4
Memory ADATA RGB 16GB DDR4 2666 16-16-16-39 / G.SKILL Sniper Series 16GB DDR3 1866: 9-9-9-24
Video Card(s) MSI 1080 "Duke" with 8Gb of RAM. Boost Clock 1847 MHz / ASUS 780ti
Storage 256Gb M4 SSD / 128Gb Agelity 4 SSD , 500Gb WD (7200)
Display(s) LG 29" Class 21:9 UltraWide® IPS LED Monitor 2560 x 1080 / Dell 27"
Case Cooler Master MASTERBOX 5t / Cooler Master 922 HAF
Audio Device(s) Realtek ALC1220 Audio Codec / SupremeFX X-Fi with Bose Companion 2 speakers.
Power Supply Seasonic FOCUS Plus Series SSR-750PX 750W Platinum / SeaSonic X Series X650 Gold
Mouse SteelSeries Sensei (RAW) / Logitech G5
Keyboard Razer BlackWidow / Logitech (Unknown)
Software Windows 10 Pro (64-bit)
Benchmark Scores Benching is for bitches.
yeah i did notice the java icon pop up very briefly when this nonsense happend, the first thing i did was uninstall java and get latest ver

I feel like just puttin IE in the recycle bin again lol i done it before, dolphin gc/wii emulator had probs at a time launching with IE installed on XP

thanks again ill try the Kapersky boot disk thing if it makes another appearance

Stop looking at porn also.
 
Top