Roguekiller finds the patched rpcss.dll but stalls on removal.
MBAM doesn't see the infection at all.
VT:
https://www.virustotal.com/en/file/297ce6ed6b025b3c8c3ba87a34478eae1983b340f8a24fb2b6dbd8dd243be6c0/analysis/1405093483/Direct link to file:
https://www.dropbox.com/s/u9zm73qc3q3bh6c/rpcss.zipOperating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Mona [Admin rights]
Mode : Scan -- Date : 07/11/2014 11:59:25
Switches : -nokill
¤¤¤ Bad processes : 4 ¤¤¤
[Root.Zekos] svchost.exe --
[Root.Zekos] svchost.exe --
[Root.Zekos] svchost.exe --
[Root.Zekos] mbam.exe -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[7] -> [NoKill]
¤¤¤ Registry Entries : 0 ¤¤¤
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Files : 1 ¤¤¤
[Root.Zekos][File] rpcss.dll -- C:\Windows\System32\rpcss.dll -> FOUND
¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 2 (Driver: LOADED) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\PxHelp20 @ Unknown (\SystemRoot\system32\drivers\amdxata.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\System32\Drivers\Fs_Rec.sys)
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3500413AS ATA Device +++++
--- User ---
[MBR] 843e10b5bb6fd48bb30772aabb487e13
[BSP] e58f3ebcd03e6deb444b498b09cac1b6 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: HP Officejet 6500 E USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
Any help will be greatly appreciated
Topic: Zekos - unable to resolve (Read 6742 times)
