Author Topic: Zekos  (Read 11016 times)

0 Members and 1 Guest are viewing this topic.

July 08, 2014, 07:14:07 AM

Amara

  • Guest
Zekos
« on: July 08, 2014, 07:14:07 AM »
Hi, I'm having problems with Zekos, that charming little... thing. I've attached the Roguekiller report, but here's some explanation: I'm running Windows 7 on an HP Pavilion laptop. I have Avast as my chief antivirus, and I think it might be blind. ("Oh no, no viruses here. By the way, some program is trying to open shady links and all sorts of gnarly stuff but I stopped it.")

The first time I ran Roguekiller, it informed me that it killed svchost.exe since it was infected. I was fine with this until my computer informed me it would be shutting down.

Upon restart, I went to 'run' and launched Roguekiller with -nokill. svchost.exe is still infected, but at least I got through the prescan and the scan without my computer whining about its favorite process being shut down. When the scan completed, a page loaded on my browser, telling me how to remove Zekos with Roguekiller. Awesome, I thought, and read the page, then watched the video.

Here's my problem, folks - nothing comes up with Roguekiller. The 'processes' tab still has svchost in red, type: Root.Zekos. Nothing in the 'files' tab. Not much of anything at all, in fact: some gray registry entries, everything in the hosts and web browsers tabs is green... and nothing else at all.

However! That random file that was mentioned in System32? Found it. On my computer it shows up as bmzz.faj, and cannot be deleted. At least not by simple human means. I've tried. Extensively. Probably not relevant.

Sooooo... how can I get rid of Zekos? 

Reply #1July 09, 2014, 02:25:51 AM

Amara

  • Guest
Re: Zekos
« Reply #1 on: July 09, 2014, 02:25:51 AM »
Update: I read this thread: http://forum.adlice.com/index.php/topic,110.0.html. Ran Malwarebytes, which did not detect Zekos anywhere. Or anything else, for that matter.

Put my rpcss.dll through VirusTotal (I had the same problem as jvastine and had to copy it to the desktop), and it came up 3/54.

Downloaded the new rpcss.dll, renamed the infected one, copy/pasted the good one into system32, restarted... and black screen of death.

After some research, I found this thread: http://www.geekstogo.com/forum/topic/336680-solve-zekos-black-screen-after-rpcssdll-replacement/. From this I understand that there's an ownership issue with the file which causes the black screen of death. I attempted to change the ownership of the .dll file as per the instructions. I burned a CD and booted from it. I then followed the directions on the pictures and did quite well up until step 4 in the first picture, as I have no idea what step 4 says (the picture cuts off for me). I assume that step 4 would be to click 'change permissions', as that's the only option I have. So I click it, and select all... and here's where I stall out, as the directions say 'delete all' and my 'remove' option is grayed out.

I did as much as I could, then attempted to boot normally, and I still get the black screen of death. I'm not sure what to do next - help? :)

Reply #2July 09, 2014, 10:48:37 AM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Zekos
« Reply #2 on: July 09, 2014, 10:48:37 AM »
Hello
could you give the link to virus total analysis?
That helps

Reply #3July 09, 2014, 06:00:20 PM

Amara

  • Guest
« Last Edit: July 10, 2014, 12:40:27 AM by Amara »

Reply #4July 10, 2014, 10:23:31 AM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Zekos
« Reply #4 on: July 10, 2014, 10:23:31 AM »
Hello
It's now 8/53, no doubt you're infected.
I'll add a signature for the file.

The rpcss.dll you downloaded is probably NOT the same as your operating system needs.
(I've edited the post to avoid further problems with other people)

You'll have better luck with that file: http://www.opendll.com/index.php?file-download=rpcss.dll&arch=64bit&version=6.1.7601.17514&dsc=Distributed-COM-Services#
Same version, clean file: https://www.virustotal.com/en/file/c5003f2c912c5ca990e634818d3b4fd72f871900af2948bd6c4d6400b354b401/analysis/

Reply #5July 12, 2014, 05:54:11 AM

Amara

  • Guest
Re: Zekos
« Reply #5 on: July 12, 2014, 05:54:11 AM »
Ha, wow, I feel a bit dumb, I didn't even consider different operating systems.
I've replaced rpcss.dll, Windows started normally, I ran a VirusTotal scan on rpcss.dll which came up clean, then I ran a Roguekiller scan, and it came up clean too! I'm so ridiculously happy right now. Thank you so, so much, Tigzy! Blessings upon you and your household. I'm going to tell everyone I know about Roguekiller. You've totally saved my bacon. Thank you soooo much!

Reply #6July 14, 2014, 11:47:11 AM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Zekos
« Reply #6 on: July 14, 2014, 11:47:11 AM »
You're welcome, np :)