Posts: 24
Threads: 6
Joined: Sep 2014
Reputation:
0
09-13-2014, 04:31 PM
(This post was last modified: 09-23-2014, 08:56 AM by jmitservices.)
I keep getting this sp_data.sys in my roaming folder. I Googled it and a bunch of forms were saying zeroaccess, backdoor, one said Trojan.Dropper.BCMiner. I ran a few scans with TDSSKiller, HitmanPro, and RougeKiller. And my antivirus (KAspersky Pure) found nothing. Anyone know anything about this file?
Posts: 4,727
Threads: 311
Joined: Sep 2014
Reputation:
102
Upload sp_data.sys to Virustotal
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support!
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>
</div></left>
Posts: 4,727
Threads: 311
Joined: Sep 2014
Reputation:
102
09-13-2014, 05:35 PM
(This post was last modified: 09-13-2014, 07:14 PM by Britec.)
Shroomboy69 please follow directions below if you need help in removing Zeroaccess
Important: Before we start any removal process you might want to create a Restore Point
Please Download Farbar Recovery Scan Tool and save it to a flash drive. (For (x86)
Please Download Farbar Recovery Scan Tool x64 and save it to a flash drive. (For x64)
Important: Please leave flash drive plugged into the computer.
How to enter System Recovery Options from the Advanced Boot Options:
· Restart the computer.
· once you see Post Screen start tapping the F8 key repeatedly until Advanced Boot Options appears.
· Use the up and down curser arrow keys to select the Repair your computer menu.
· Please select US Keyboard Language, and then click Next.
· Choose infected operating system you want to repair, then click Next.
· Select your user account then click Next.
On the System Recovery Options choose Command Prompt:
At Command Prompt window type notepad and press Enter
1. Once notepad opens up. Click File and select Open.
2. Select Computer on the left and locate your flash drive letter (you can now close notepad)
3. ]In the command Prompt window type z:\frst.exe (for x64 bit version type z:\frst64) and press Enter
Important: Replace letter z with the drive letter of your flash drive.
4. Farbar Recovery Scan Tool will start to run. Then click Yes to disclaimer.
5. Press Scan button.
6. Once FRST has completed its scan and FRST.txt file has been created, you can close this message.
7. Now type services.exe in search box:
8. Please press the Search button
9. Once search is complete, search.txt alongside FRST.txt will be written to your USB
10.Type exit and Remove USB flash drive and Reboot your computer
Please copy and paste (FRST.txt and Search.txt) logs in your reply.
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support!
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>
</div></left>
Posts: 4,727
Threads: 311
Joined: Sep 2014
Reputation:
102
So you don't want no help? if not I can close thread
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support!
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>
</div></left>
Posts: 24
Threads: 6
Joined: Sep 2014
Reputation:
0
09-13-2014, 08:51 PM
(This post was last modified: 09-13-2014, 08:52 PM by ShroomBoy69.)
Yea, I think I'm just getting paranoid. I did have a zeroaccess before but Kaspersky removed it in a heartbeat. I did contact the guys over at malwareup.org but if something comes back I'll just PM you. If it's important.
Posts: 4,727
Threads: 311
Joined: Sep 2014
Reputation:
102
OK I will close this Thread.
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support!
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>
</div></left>