Zekos - Black Screen of Death

[Th3w01f]

Just downloaded and ran the latest version of Rogue Killer.

root.zekos was detected, after clicking 'delete' I was asked to reboot.  Now getting the black screen of death. 

I found this post but the file does not appear to be accessible any longer - http://www.geekstogo.com/forum/topic/336680-solve-zekos-black-screen-after-rpcssdll-replacement/

Any help would be greatly appreciated and worth a donation.

[Th3w01f]

Your instructions were still very helpful.  I just pulled the drive and used an external cable to modify the rpcss.dll file from another W7 PC.  Everything seems to be working fine now.

[Tigzy]

Hello
What was your RogueKiller version?
This is supposed to no longer happen now

[Th3w01f]

Hello
What was your RogueKiller version?
This is supposed to no longer happen now

RogueKiller V8.8.7 _x64_ [Feb 11 2014] by Tigzy

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : xxxxxx [Admin rights]
Mode : Remove -- Date : 02/15/2014 17:24:46
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[Root.Zekos][File] rpcss.dll : C:\Windows\System32\rpcss.dll [-] --> REPLACED AT REBOOT -> (C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll)

I should have written down the permissions problem but what I do remember is that there were two listed for SYSTEM, the first one did not inherit and the second one did.  There was a second one that was I deleted but I don't remember what it was.

[Tigzy]

Do you remember the permissions given to the new file?
Because this was the issue. Since 8.8.4 it's replacing the replaced file permissions with the ones from the original (infected) one.