Help - Search - Members
Full Version: Backdoor.win32.ZAccess.anq corrupted KAV
Kaspersky Lab Forum > English User Forum > Virus-related issues
Rajesh .L.R
I am getting a Alarm while running the virus removal tool that the object "C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini"" contains the Trojan program "Backdoor.win32.ZAccess.anq" and another virus "Backdoor.Win32.ZAccess.ob" and it asks for special disinfection procedure. But after finishing the auto procedure, it starts to scan again and dsplay the same alarm from time to time.

I was running a licensed version of KAV2011 in my system and once this virus infected it was corrupted and I was not able to access the KAV exe anymore. Also I was not able to repair it either. So I removed the components and reinstalled it. But still the KAV is not accessible. I am attaching the sysinfo gathered using Virus removal tool.

Could you please help me to resolve the issue.

Rajesh
richbuff
Welcome. Please post the GetSystemInfo report link that is requested in the first Important topic.

Uninstall Kaspersky Virus Removal Tool, reboot, then please attach the AVZ .zip log that is also requested.
Rajesh .L.R
Thanks for your reply.

I am attaching the required files as you mentioned.
thyrex
Please make TDSSkiller's report http://support.kaspersky.com/faq/?qid=208283363 and attach it to message
Rajesh .L.R
Thanks for your help.

I run the TDSSKiller program and attaching the report here.
thyrex
Please make new TDSSkiller's report after reboot
Rajesh .L.R
I am attaching the TDSSkillers Report after reboot.

thyrex
Is you problem solved now?
If problem not solved make this report http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Rajesh .L.R
Thanks for your help.

I run the combofix program since still I was not able to open the KAV . I am attaching the log along with this.

I tried to access the KAV after running combofix program but the issue was still there, The message showing was
"Windows cannot access the specified device,path, or file. You may not have the appropriate permissions to access the item".

And then I tried to repair KAV with the option available and it showed an error in between installation. the error was "Error 1321. The Setup Wizard has insufficient privileges to modify the file "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"".

If my laptop is completely cure, should I uninstall KAV and then install it again?

Please advice.


thyrex
1. Please delete manually folder c:\documents and settings\Raj\Local Settings\Application Data\545a7f9a (it is hidden and system)

2. Change all password which you use

3. Try reinstall antivirus
Rajesh .L.R
I had deleted the specified folder manually as you mentioned.

After that I uninstall KAV and then again installed it and it is working fine at last.

Thanks for your extensive support and patience.

Before closing this post, I had one more question. I believe that , Autorun.inf is infected in my couple of USP drives as well from this system. How can I disinfect it permanently? Earlier I tried to disinfect using my KAV, but it normally will not be disinfected completely.

Thanks
thyrex
You can manually delete autorun.inf file in your USB drives

Please delete ComboFix
Start button - Run - type ComboFix /Uninstall - press OK
Rajesh .L.R
Thanks for your help,

I had uninstalled combofix.

I will try to remove it manually.

Thanks:)

I am having another infected machine. that is my Desktop(which had another licensed version of KAV10). I will post the issue after couple of days.
Thanks for all your help so far. And thanks for cleaning up my Laptop.

Rajesh
thyrex
Remember: you need to create new topic for your Desktop computer
Rajesh .L.R
Okay sure,

Thanks for your info:)

Regards
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2014 Invision Power Services, Inc.