cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 51 of 80

Re: Help... Artemis!56C9EF26F88B - ZeroAccess

Jump to solution

This confirms that you have the new variant of the TDSS rootkit, and we are working to develop proper detection and cleaning.  Due to issues with GMER on Win764bit, I've been unable to manually clean another poster's system, and am now waiting for some steps from research.

@jdl below - It will be sometime before the 64bit tool will be available.  It requires a great deal more dev time than the 32 bit version, due to how memory is allocated and handled.

If anyone else could please run GMER, and look for the contents of this folder  c:\windoows\assembly\tmp, and please post back here.

Highlighted

Re: Help... Artemis!56C9EF26F88B - ZeroAccess

Jump to solution

Hey, have the same 'firewall won't turn on issue'.  After running GMER get the same as beagle123:

00000001.@

00000002.@

000000c0.@

000000cb.@

000000cf.@

80000000.@

80000032.@

80000064.@

800000c0.@

800000cb.@

800000cf.@

This all started when Open Cloud took over my system.  Was able to remove some stuff so the somputer works...but not having firewall makes me apprehensive to move forward.  Will Mcafee have a fix to download??

thanks

Highlighted
Level 11
Report Inappropriate Content
Message 53 of 80

Re: Help... Artemis!56C9EF26F88B - ZeroAccess

Jump to solution

Could one of you click start  then type c:\windows\assembly\tmp\u and hit enter..

if you get a folder with those files.... just select them all copy those to desktop zip it and upload here please as an attachment

Highlighted
Level 7
Report Inappropriate Content
Message 54 of 80

Re: Help... Artemis!56C9EF26F88B - ZeroAccess

Jump to solution

zipped file requested by vinrod_r2

Highlighted
Level 11
Report Inappropriate Content
Message 55 of 80

Re: Help... Artemis!56C9EF26F88B - ZeroAccess

Jump to solution

thanks for those..

now could all of you upload this particular file from your machine to www.virustotal.com and paste the resultant URL back here please

c:\windows\system32\consrv.dll

Highlighted
Level 7
Report Inappropriate Content
Message 56 of 80

Re: Help... Artemis!56C9EF26F88B - ZeroAccess

Jump to solution

What?

Highlighted
Level 11
Report Inappropriate Content
Message 57 of 80

Re: Help... Artemis!56C9EF26F88B - ZeroAccess

Jump to solution

Please upload that file to the website i reffered to if its present- I suspect that that particular file is malicous

Highlighted
Level 7
Report Inappropriate Content
Message 58 of 80

Re: Help... Artemis!56C9EF26F88B - ZeroAccess

Jump to solution

"file not found"

Highlighted
Level 7
Report Inappropriate Content
Message 59 of 80

Re: Help... Artemis!56C9EF26F88B - ZeroAccess

Jump to solution

Hello,

I have the same problem since 5 days ago, I'm infected by a virus and i have tried a lot of security software , quick and full scan, safe mode and boot mode, nothing , impossible to detect and delete this virus.

One software have detected "consrv.dll" like dangerous and i have deleted this file but after reboot windows crash and reboot again and again, I have used the restoration option for repair..

This security alert pop up around every 10min

Could you create a special removal tool for this threat?

Result URL:

http://www.virustotal.com/file-scan/report.html?id=d85092078f8897109745c02d358692c5351ede2c741ddcc3d...

on 9/10/11 5:16:02 CDT
Highlighted

Re: Help... Artemis!56C9EF26F88B - ZeroAccess

Jump to solution

Here are results from uploading per vinod_r2:

AntivirusVersionLast updateResult
AhnLab-V32011.10.08.002011.10.08-
AntiVir7.11.15.1732011.10.09TR/ATRAPS.Gen2
Antiy-AVL2.0.3.72011.10.09-
Avast6.0.1289.02011.10.09-
AVG10.0.0.11902011.10.07-
BitDefender7.22011.10.09-
ByteHero1.0.0.12011.09.23-
CAT-QuickHeal11.002011.10.07-
ClamAV0.97.0.02011.10.09-
Commtouch5.3.2.62011.10.08-
Comodo103982011.10.09-
DrWeb5.0.2.033002011.10.09-
Emsisoft5.1.0.112011.10.09Trojan.Win64!IK
eSafe7.0.17.02011.10.06-
eTrust-Vet36.1.86052011.10.07-
F-Prot4.6.2.1172011.10.08-
F-Secure9.0.16440.02011.10.09-
Fortinet4.3.370.02011.10.09-
GData222011.10.09-
IkarusT3.1.1.107.02011.10.09Trojan.Win64
Jiangmin13.0.9002011.10.08-
K7AntiVirus9.115.52582011.10.08-
Kaspersky9.0.0.8372011.10.09-
McAfee5.400.0.11582011.10.09Generic.dx!bbd4
McAfee-GW-Edition2010.1D2011.10.08-
NOD3265272011.10.09-
Norman6.07.112011.10.07-
nProtect2011-10-09.012011.10.09-
Panda10.0.3.52011.10.08Suspicious file
PCTools8.0.0.52011.10.09-
Prevx3.02011.10.09-
Rising23.78.06.022011.10.09-
Sophos4.70.02011.10.09Troj/Agent-TPN
SUPERAntiSpyware4.40.0.10062011.10.08-
Symantec20111.2.0.822011.10.09Trojan.Gen.2
TheHacker6.7.0.1.3182011.10.09-
TrendMicro9.500.0.10082011.10.09-
TrendMicro-HouseCall9.500.0.10082011.10.09-
VBA323.12.16.42011.10.07-
VIPRE107092011.10.09Trojan.Win32.Generic!BT
ViRobot2011.10.8.47092011.10.08-
VirusBuster14.1.2.02011.10.08-

                                                                                                                                                                                                   

MD5: 5c75c118f79e130fc39ed9f99f232f4a
SHA1: 3f1a7ab5f874bf8e87fe974e1e807adb5fea3ce5
SHA256: dfc0106bc45793db8902273c7da0dba71ad8356c4f125de490d4cc9803dc91f6
File size: 23555 bytes
Scan date: 2011-10-09 11:05:36 (UTC)

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community