0

hello, Tcll here
(havn't been able to login, I'm on wii)
^ can repeatedly click the "member login", it does nothing.

before I get into detail with my current situation, let me explain what led up to this.

you may, or may not have heard of this before, but I was infected with the rootkit "ZeroAccess".
this was a particularly difficult infection to remove,
and following the process of using about 6 different programs didn't change a thing,
and actually complicated things even more.

out of the 6, ComboFix was the most effective at restoring my compy,
but it still failed to remove the rootkit itself.
I used TDSS Killer which also found the rootkit, and described it as being "ipsec.sys".

unfortunatly though, after deleting that, I also lost the ability to use TCP/IP,
and my firewall constantly returned an error.
though ComboFix and TDSS Killer no longer reported the rootkit.

this is quite a pain to deal with as:
- Visual Studio can't run/debug, and the interactive interpreter gets stuck in a processing loop
- Eclipse can't report anything and is only a bit more useful than IDLE
- and of course we all know about running IDLE w/o -n

so my current dev setup is using VS (would like to use Eclipse), while using IDLE -n to debug.

I've tried many attempts at reinstallig TCP/IP but have made no success.
I've pretty much lost hope now...
(have been developing like this for months)

can anyone help??
I can't even use IE(8) other than for local web pages.
(I've also tried FF with similar results)

3
Contributors
3
Replies
16
Views
4 Years
Discussion Span
Last Post by Tcll5850
0

With all of these issues you have encountered, other than time... Is there any reason not to simply format the drive and install a fresh clean OS?

0

I would agree with JorgeM. There are rootkits out there that hide in RAM and cannot be detected by current malware scanners.

0

mmmhmm...
thanx for that... :)

know of any XP Black ISOs that'll work over an XP Black installation??
I used to use an XP Home disk, but that was given to the Salvation Army while I was homeless for 2 years...
I have a win7 installation disk, but it won't install...
I'm not sure if I can downgrade either. >_>

my compy's running normally though...
I have RAM scanners that aren't showing anything different from TaskManager...
unless the rootkit hides from them as well >_>

I'd really like to try to just get this up and running again first...
if that fails, I'll try to find a way to reinstall...

ZeroAccess (from what I've read) is just a malware downloader to generate revenue for the host.
nothing too serious there, and I caught it only after it installed 3 malware cases.
(mainly ad-generators which bypassed ad-blockers)

the problem it caused was I wasn't able to use cookies
(browsers reported cookies were off)

removal wasn't too complex at the least...
combofix repaired the system damage, but still couldn't remove the initial file
TDSS Killer couldn't remove it either, but it did tell me what the file was.
I still have no virus reports from a slew of various scanners (including Malware Bytes)

so I believe my system is clean, but if anything comes up if I can fix this, I'll reinstall.

I believe I got the rootkit from network jumping w/o a firewall.
(I was trying to obtain an internet connection)

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.