TROJ_ZACCESS.CQJ

ACL10n · ‎04-03-2012

**NOTE: IF THIS IS BEING POSTED IN THE WRONG PLACE, SOMEBODY PUT IT WHERE IT IS SUPPOSED TO GO PLEASE.**

I have a client that called me because her machine was getting a BSOD every couple of hours or so, and she was complaining about the Trend notifications popping up all the time, so I remoted in to help her out.

-- Performed Trend scan, found nothing.

-- Performed Malwarebytes scan, found nothing.

-- Performed Superantispyware scan, found nothing.

The Trend logs say that it is this TROJ_ZACCESS.CQJ that is the cause of all of her problems, so after doing a little research, I find myself here, asking for help.

I see that some people have come here with this same problem and have received a fix. Apparantly, this can be fixed, but the fix is different for each machine?

Well, my turn. How can I get her back up and running without re-imaging her machine?

Thanks in advance, if anyone has tie for this.

se7en · ‎03-08-2011

Hi ACL10n,

Please try to run a scan using the following:

Trend Micro Housecall:

http://esupport.trendmicro.com/solution/en-us/1038437.aspx

Trend Micro Rootkit Buster:

http://esupport.trendmicro.com/solution/en-us/1034393.aspx

If in case that doesn't solve the issue, you can run TDSS Killer:

http://support.kaspersky.com/faq/?qid=208283363

Regards,

I am a Trend Micro employee. My comments and advice come from my personal knowledge and experience. I’m happy to volunteer what I can to help others have a great Trend Micro experience. If you find my response helpful, appreciation through Kudos is well appreciated!

ACL10n · ‎04-03-2012

I'll do that once I get back into the office tomorrow, thanks. I'll post back to let you know the results.

malwarekiller · ‎08-08-2011

the trend tools wont fix the problem as Zaccess is more of customized stuff.....

Welcome aboard! Posted Image

This is a new varient of sirefef infection which is tad nasty...

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe

netbt.sys

atapi.sys

volsnap.sys

redbook.sys

lsi_sas.sys

lsi_scsi.sys

cdrom*

tcpip.sys
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
C:\Windows\assembly\tmp\U\*.* /s

C:\Program Files\Common Files\ComObjects\*.* /s
CREATERESTOREPOINT

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- attach both logs

http://public.avast.com/~gmerek/aswMBR.htm
Double click the aswMBR.exe to run it Click the "Scan" button to start scan.

Click the [Scan] button to start scan
On completion of the scan click [Save log], save it to your desktop and post in your next reply.

Malware Discussions

TROJ_ZACCESS.CQJ

Re: TROJ_ZACCESS.CQJ

Re: TROJ_ZACCESS.CQJ

Re: TROJ_ZACCESS.CQJ