Skip to content


Reply
Stone Esquire
magna86
Posts: 3
Registered: ‎10-03-2011

Re: TROJ_ZACCESS.CQJ - ACK!!!

[ Edited ]

What are you doing?

 

Netsvc::  <-- ?

 

NETSVCS REQUIRES REPAIRS - current entries shown


3c1807pd     Related to 3Com WinModem driver
point32         Microsoft IntelliPoint Filter Driver.
GoProto       GoProto protocol driver from Gteko Ltd
s616unic      related to Sony Ericsson Device
se44mdm    System file
adsservice    related to Earth Link
s117nd5     Sony Ericsson Device Driver

 

Do you know what is doing Quarantine:: directv in Combofix???

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

AntiMalwareFighter
Please use plain text.
Stone Emissary
dgwilson
Posts: 21
Registered: ‎04-16-2012

Re: TROJ_ZACCESS.CQJ - ACK!!!

OK, a new day dawns :cathappy:

 

I could not get past the disabling of the keyboard/mouse during the Windows installation disc, so ...

I took the drive out and put it in as a secondary drive in another identical machine here in the computer lab. I used DriveCopy to mirror the functional drive onto the infected one. Replaced the infected drive into its machine and rebooted. Changed the Computer Name to match its location. Reran ComboFix.exe (log attached) after updating ComboFix and disabling OfficeScan.

 

There were NO INFECTION messages! W00t! <<does the happy dance!

 

I am SERIOUSLY DISTURBED that Trend Micro OfficeScan allowed the infection in the first place! WTF is up with that?!?! Is my trust in this product just a fantasy? Seriously considering changing vendors. This was not a good experience. Maybe if we could have cleaned it the first day or so, but TWO FREAKIN WEEKS?!?! not so good.

 

Thank you, malwarekiller, for your patience and sticking with me.

 

Please address the above concerns.

 

 

Please use plain text.
Legendary Emissary
malwarekiller
Posts: 3,944
Registered: ‎08-08-2011

Re: TROJ_ZACCESS.CQJ - ACK!!!

ok so here goes a win for good guys:smileywink:

 

Simply delete and uninstall all tools we used.

 

Well,

 subject to no further problems?

your computer is clean.

Now let me do some tune-ups.

 



Mark this topic as solved...use the options tab of your topic to do so.Select the reply which u think is the solution to your problem..and click on the options tab of that particular reply and select mark as solution.

 

Remove combofix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall(Notice the space between the "x" and "/") then click OK
    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled


For the first run I would recommend a boot defrag and disk check 



Download and run Puran Disc Defragmenter

 

 

u may use this tool to keep junk temp files away:

http://www.piriform.com/ccleaner/download

 

Open OTL and hit cleanup button

 
 Malwarebytes.  Update and run it today also i recommend to run it weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. 

Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

  • Go to this site  and click Do I have Java
  • It will check your current version and then offer to update to the latest version



To manually create a new Restore Point
 

  • Go to Control Panel and select System 
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom 
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones

  • GoStart > All programs > Accessories > system tools 
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one 
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up 
  • Select OK
  • Select Delete.

 

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. 

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide  How did I get infected in the first place ?

 

Stay Safe! :smileyhappy:

 

check your PM List Private Messages

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Stone Emissary
Terry1908
Posts: 23
Registered: ‎05-15-2012

Troj_ZAccess.CQJ

[ Edited ]

Hi Guys,

 

Having a bit of a nightmare getting rid of the above. TrendMicro keeps finding and quarantining and the cleaning files and prompting restart and yet it keeps coming back. Have followed the instructions on the main TrendMicro encyclopedia but didn't find the registry entries (not that know exactly what I'm looking for):

 

http://about-threats.trendmicro.com/Malware.aspx?language=us&name=TROJ_ZACCESS.CQJ

 

Have ran SpyBot and that found 1 trojan and cleaned it, currently in process of running MalwareBytes program, waiting on results although whilst scan in progress, keeps saying "successfully blocked potentially malicious outgoing connection" so I'm assuming something is still running and trying to connect to net. I've disconnected from internet in meantime. I have access to a second computer on diff network so can download any utilities to this and transfer to infected machine with USB. Any help would be greatly appreciated.

 

Thanks

Terry

 

Please use plain text.
Legendary Emissary
malwarekiller
Posts: 3,944
Registered: ‎08-08-2011

Re: Troj_ZAccess.CQJ

Welcome aboard! Posted Image

lets get to it

Download OTL  to your Desktop.

http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe

netbt.sys

atapi.sys

volsnap.sys

redbook.sys

lsi_sas.sys

lsi_scsi.sys

cdrom*

tcpip.sys
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
C:\Windows\assembly\tmp\U\*.* /s

C:\Program Files\Common Files\ComObjects\*.* /s
CREATERESTOREPOINT


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • attach both logs

 NEXT

 

Download aswmbr.exe ( 1.8mb ) to your desktop. 

http://public.avast.com/~gmerek/aswMBR.htm
 Double click the aswMBR.exe to run it  Click the "Scan" button to start scan.

  • Click the [Scan] button to start scan

  • On completion of the scan click [Save log], save it to your desktop and post in your next reply.

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Stone Emissary
Terry1908
Posts: 23
Registered: ‎05-15-2012

Re: Troj_ZAccess.CQJ

Hi MK,

 

Here are the logs

 

Thanks

Terry

Please use plain text.
Stone Emissary
Terry1908
Posts: 23
Registered: ‎05-15-2012

Re: Troj_ZAccess.CQJ

Anyone out there who can help or is Malwarekiller a lone ranger when it comes to fighting the above?

 

Thanks

Terry

Please use plain text.
Legendary Emissary
malwarekiller
Posts: 3,944
Registered: ‎08-08-2011

Re: Troj_ZAccess.CQJ

[ Edited ]

Hi sorry for late response...

 

Download ComboFix from the any of the locations given in this website:

    • IMPORTANT !!! You need to Save ComboFix.exe to your Desktop
      • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here
      • Double click on ComboFix.exe & follow the prompts.
      • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
      • If you already have the Recovery Console preinstalled, it will not ask for the following. If it does prompt, allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

      Posted Image

      Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

      Posted Image

      Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.

      When finished, it shall produce a log for you. Please copy & paste the contents of this log (also found at C:\ComboFix.txt) in your next reply at your topic.
—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Stone Emissary
Terry1908
Posts: 23
Registered: ‎05-15-2012

Re: Troj_ZAccess.CQJ

[ Edited ]

Hi Mk,

 

Thanks for getting back to me. I know you want all current security off before run ComboFix but it is IMPOSSIBLE to completely remove TrendMicro OfficeScan. I have ran the uninstall and then restarted machine. As far as Add/Remove programs and Start Menu Entries and Startup items in MSCONFIG are concerned, it is gone but ComboFix keeps saying that it is still running. So....I ran ComboFix anyway, said that has infected TCP/IP Stack, really difficult to remove blah blah, then done its stuff, restarted, done a load of processes and then said reboot machine again...except it didn't. It got stuck on that screen for about an hour. I ended up manually rebooting (I know it says you shouldn't but literally it was stuck. Wasn't even seeing a lit up "working" light on my PC). Then it came up and generated a log. A copy of which I've attached here.

 

Thanks in advance

Terry

Please use plain text.
Legendary Emissary
malwarekiller
Posts: 3,944
Registered: ‎08-08-2011

Re: Troj_ZAccess.CQJ

Alright! combofix got the most of it.

 

delete the current version of combofix from desktop and download a new one and run it and attach the log.

 



—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.