1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Rootkit - 0Access.H virus help!!!!!

Discussion in 'General Software' started by DrGreenThumb, May 8, 2012.

  1. DrGreenThumb

    DrGreenThumb New Member

    Joined:
    Jan 6, 2008
    Messages:
    146 (0.06/day)
    Thanks Received:
    12
    Location:
    New Zealand
    (SOLVED)Rootkit - 0Access.H virus help!!!!!

    hi , i wasnt to sure where to post this, so sorry if its in wrong place

    Anyways, i got this crappy virus at the moment, im sure i got it being lazy when one of those stupid pages came up saying "stay/leave page" i selected leave (normally i would close firefox from task manager)

    Now i have two iexplore.exe processes and like three LWUU0j8u.exe, it makes my modem blink like its using the net even tho im not....

    i tryed Malwarebytes (normally it fixes everything) but it doesnt even find it, yet it keeps blocking outgoing ip addresses

    tryed avast! (what a crap) didnt help and you cant even stop or uninstall it with out removel program, tryed spy doctor but its useless scans then trys to get you to register

    It a s.o.b i never had such a hard time getting rid of a virus!! even worm blaster 32 back in the day was easy with its 60 sec count down timer

    Please help!! thanks
     
    Last edited: May 9, 2012
  2. brandonwh64

    brandonwh64 Addicted to Bacon and StarCrunches!!!

    Joined:
    Sep 6, 2009
    Messages:
    18,697 (9.95/day)
    Thanks Received:
    6,159
    Location:
    Chatsworth, GA
    Try AVG free and see what it does, Its good about pesky viruses like this one.
     
    DrGreenThumb says thanks.
    Crunching for Team TPU
  3. DrGreenThumb

    DrGreenThumb New Member

    Joined:
    Jan 6, 2008
    Messages:
    146 (0.06/day)
    Thanks Received:
    12
    Location:
    New Zealand
    thanks ill try that now
     
  4. Laurijan

    Laurijan

    Joined:
    Feb 10, 2007
    Messages:
    2,251 (0.80/day)
    Thanks Received:
    352
    Location:
    Oulu, Finland
    Avast Antivirus should help. If it cant remove the virus in Windows then Avasts boottime scan will.
     
    DrGreenThumb says thanks.
  5. Radical_Edward

    Radical_Edward

    Joined:
    Jan 24, 2010
    Messages:
    3,586 (2.06/day)
    Thanks Received:
    1,927
    Location:
    Oregon, USA
    At this point MSE or a reinstall is your best bet. Strange that an up to date Malwarebyte's can't find it.

    Have you tried TDSSkiller? It's made to kill rootkits.
     
    DrGreenThumb says thanks.
    Crunching for Team TPU
  6. DrGreenThumb

    DrGreenThumb New Member

    Joined:
    Jan 6, 2008
    Messages:
    146 (0.06/day)
    Thanks Received:
    12
    Location:
    New Zealand
    yes sorry i did try tdsskiller also, using change parameters/additional options, didnt show up any high threats, every thin was just skip\\\

    edit: durp i was supposed to change to cure wasnt i, ill try that

    edit, none had cure option
     
    Last edited: May 8, 2012
  7. temp02 New Member

    Joined:
    Mar 18, 2009
    Messages:
    493 (0.24/day)
    Thanks Received:
    166
    Question, if you start the computer in safe-mode (F8) does the virus still get executed (processes and/or services still executing)?
     
    DrGreenThumb says thanks.
  8. ChristTheGreat

    ChristTheGreat

    Joined:
    Jun 29, 2007
    Messages:
    933 (0.35/day)
    Thanks Received:
    383
    You can try this: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    I really like this small software ---> Doesn't work with AVG installed!

    By the way if your computer is fine after a clean, deleted all restore point and make a new one.. shit can be in Restore point.


    it's at your own risk, but I've been using it since 2 years it is amazing how it does well the job!
     
    DrGreenThumb says thanks.
    Crunching for Team TPU
  9. TheMailMan78

    TheMailMan78 Big Member

    Joined:
    Jun 3, 2007
    Messages:
    21,148 (7.81/day)
    Thanks Received:
    7,675
    Be careful with combofix. It can fubar a system.

    DrGreenThumb what do you use as a real time scanner? ALSO run all these scans your doing in safe mode. If nothing works I recommend Kapersky boot disk. Takes forever but works pretty darn well.
     
    DrGreenThumb says thanks.
  10. ChristTheGreat

    ChristTheGreat

    Joined:
    Jun 29, 2007
    Messages:
    933 (0.35/day)
    Thanks Received:
    383
    like any Anti-virus ;) remember AVG winlogon? NOD32 had also a bad update, and some other to crash system.


    On my side, combofix always worked fine :toast: that's why I said it's on his own risk, but if he his going to reinstall, well why not trying it ;)
     
    DrGreenThumb says thanks.
    Crunching for Team TPU
  11. brandonwh64

    brandonwh64 Addicted to Bacon and StarCrunches!!!

    Joined:
    Sep 6, 2009
    Messages:
    18,697 (9.95/day)
    Thanks Received:
    6,159
    Location:
    Chatsworth, GA
    Don't get mail man started on viruses. Just the talk alone will have him formatting his OWN system LOLOLOL

    :roll:
     
    DrGreenThumb says thanks.
    Crunching for Team TPU
  12. TheMailMan78

    TheMailMan78 Big Member

    Joined:
    Jun 3, 2007
    Messages:
    21,148 (7.81/day)
    Thanks Received:
    7,675
    Well yeah if he gonna format it I would try combo fix. But thats a LAST resort IMO.

    Shit man I would have already formatted. lol. I have backups of backups. Whats funny is Ill fight a virus until Im SURE its gone......then format anyway. lol
     
    DrGreenThumb and brandonwh64 say thanks.
  13. DrGreenThumb

    DrGreenThumb New Member

    Joined:
    Jan 6, 2008
    Messages:
    146 (0.06/day)
    Thanks Received:
    12
    Location:
    New Zealand
    Thanks for info everyone!! funny thing it seem to have gone away now... i think

    i did try combofix also but i need to enable restore points i let it run anyway lol, i been offline for a few months while moving, and just now did windows update maybe that fixed it? doing AVG fullscan now, will take awhile
     
  14. brandonwh64

    brandonwh64 Addicted to Bacon and StarCrunches!!!

    Joined:
    Sep 6, 2009
    Messages:
    18,697 (9.95/day)
    Thanks Received:
    6,159
    Location:
    Chatsworth, GA
    May end up just reformatting anyway if it has been a long time since your last install.
     
    DrGreenThumb says thanks.
    Crunching for Team TPU
  15. TheMailMan78

    TheMailMan78 Big Member

    Joined:
    Jun 3, 2007
    Messages:
    21,148 (7.81/day)
    Thanks Received:
    7,675
    Try the kapersky boot disk. You dont have to install ANYTHING. Just boot from the disk and let it run. It will connect to the internet, update and scan EVERYTHING from the DVD/USB.
     
    DrGreenThumb says thanks.
  16. DrGreenThumb

    DrGreenThumb New Member

    Joined:
    Jan 6, 2008
    Messages:
    146 (0.06/day)
    Thanks Received:
    12
    Location:
    New Zealand
    reformat NEVER lol im to lazy to reinstall everything
     
  17. TheMailMan78

    TheMailMan78 Big Member

    Joined:
    Jun 3, 2007
    Messages:
    21,148 (7.81/day)
    Thanks Received:
    7,675
    What do you use for a real time scanner?
     
    DrGreenThumb says thanks.
  18. DrGreenThumb

    DrGreenThumb New Member

    Joined:
    Jan 6, 2008
    Messages:
    146 (0.06/day)
    Thanks Received:
    12
    Location:
    New Zealand
    umm nothing , i only use Malwarebytes when i know theres a problem, i may sound pretty computer illiterate , but i been using comps 20 years and def know when somethings up

    Edit tryed safe mode of coarse also
     
  19. temp02 New Member

    Joined:
    Mar 18, 2009
    Messages:
    493 (0.24/day)
    Thanks Received:
    166
    Then it would be best if you re-install Windows, no need to format, just do a "custom" installation and when asked if you want to format, select "keep files" and "delete current windows installation" (or replace, can't remember).
    Good luck.
     
    DrGreenThumb says thanks.
  20. Steevo

    Steevo

    Joined:
    Nov 4, 2005
    Messages:
    8,380 (2.55/day)
    Thanks Received:
    1,230
    The issue with 0.access is that it is a smart rootkit, it loads during boot time, and intercepts all processes to control what can and can't be seen. The only way to remove it successfully since you can't install anti-virus with it running and it prevents the correct use of tddskiller or combofix is to use the batch script tool I made and uploaded or to use a anti-virus with the drive loaded in another secure PC.
    http://www.techpowerup.com/forums/showthread.php?t=156917&highlight=fixit

    Download and get the most current version of TDDS killer to put in the archive.

    Copy to a USB stick and then use your recycle bin to launch an explorer window to copy to your C drive and follow the instructions.
     
    DrGreenThumb says thanks.
    10 Million points folded for TPU
  21. TheMailMan78

    TheMailMan78 Big Member

    Joined:
    Jun 3, 2007
    Messages:
    21,148 (7.81/day)
    Thanks Received:
    7,675
    Well what you got hit with was from java. If you are running nothing as a scanner they make plug ins for Firefox that will help against bad java scripts. Even something simple like MSE can block bad Java and it has a VERY small foot print.

    Kapersky boot disk does the same thing.
     
    DrGreenThumb says thanks.
  22. DrGreenThumb

    DrGreenThumb New Member

    Joined:
    Jan 6, 2008
    Messages:
    146 (0.06/day)
    Thanks Received:
    12
    Location:
    New Zealand
    yeah i did notice the java icon pop up very briefly when this nonsense happend, the first thing i did was uninstall java and get latest ver

    I feel like just puttin IE in the recycle bin again lol i done it before, dolphin gc/wii emulator had probs at a time launching with IE installed on XP

    thanks again ill try the Kapersky boot disk thing if it makes another appearance
     
  23. TheMailMan78

    TheMailMan78 Big Member

    Joined:
    Jun 3, 2007
    Messages:
    21,148 (7.81/day)
    Thanks Received:
    7,675
    Stop looking at porn also.
     
    DrGreenThumb says thanks.
  24. brandonwh64

    brandonwh64 Addicted to Bacon and StarCrunches!!!

    Joined:
    Sep 6, 2009
    Messages:
    18,697 (9.95/day)
    Thanks Received:
    6,159
    Location:
    Chatsworth, GA
    DrGreenThumb says thanks.
    Crunching for Team TPU
  25. Drone

    Drone

    Joined:
    Sep 1, 2010
    Messages:
    2,754 (1.81/day)
    Thanks Received:
    1,491
    DrGreenThumb says thanks.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page