ZeroAccess.Rootkit removal
Win Vista home premium Infected system I have removed most of Trojans except this particularly bad one ZeroAccess.rootkit. To date - Cannot run Malwarebytes nor Spyhunet on system, Trojan intercepts - "corrupt image". Removed system drive from laptop and added externally to a WinXP machine with Symantec Endpoint 11, Malwarebytes and Spyhunter. Ran spyhunter scans but Endpoint found files with "access denied". Uninstalled endpoint and re-ran both Malwarebytes and Spyhunter until clean. Re-installed drive in Vista system. Had corrupted desktop that troubleshooter cleaned up. Ran ComboFix which found ZeroAcess.Rootkit. I can get desk top up but have no Internet connection. Properties come back with no IP connections for DNS, Gateway and system. Checked properties to ensure no LAN settings. What can I do now?John Lenz
November 14th, 2011 12:07pm

Please review: Help: I Got Hacked. Now What Do I Do? Carey Frisch
Free Windows Admin Tool Kit Click here and download it now
November 14th, 2011 1:50pm

Please review: Help: I Got Hacked. Now What Do I Do? Carey Frisch
November 14th, 2011 1:50pm

Please review: Help: I Got Hacked. Now What Do I Do? Carey Frisch
Free Windows Admin Tool Kit Click here and download it now
November 14th, 2011 2:00pm

You’ll probably have to reinstall, but before you do, try Microsoft’s Standalone System Sweeper. Although it’s still at the beta testing stage, it runs very well indeed and I’ve removed rootkit infections with it. On a working machine download the appropriate 32-bit or 64-bit version here https://connect.microsoft.com/systemsweeper and burn a CD. Boot from the CD and run a full scan.
November 14th, 2011 2:04pm

You’ll probably have to reinstall, but before you do, try Microsoft’s Standalone System Sweeper. Although it’s still at the beta testing stage, it runs very well indeed and I’ve removed rootkit infections with it. On a working machine download the appropriate 32-bit or 64-bit version here https://connect.microsoft.com/systemsweeper and burn a CD. Boot from the CD and run a full scan.
Free Windows Admin Tool Kit Click here and download it now
November 14th, 2011 2:04pm

You’ll probably have to reinstall, but before you do, try Microsoft’s Standalone System Sweeper. Although it’s still at the beta testing stage, it runs very well indeed and I’ve removed rootkit infections with it. On a working machine download the appropriate 32-bit or 64-bit version here https://connect.microsoft.com/systemsweeper and burn a CD. Boot from the CD and run a full scan.
November 14th, 2011 2:13pm

THX, I'll trry this. I have a extensive set of tools but this trojan is VERY bad. I got one of the 2 systems working and cleaned. Hopefully this standalone run will do the trick. I cna see the infected files "deny access" but did not have the toolo to kill them. I'll post back results. BTW, I do this as a living - keeping systems clean and running.John Lenz
Free Windows Admin Tool Kit Click here and download it now
November 14th, 2011 3:20pm

THX, I'll trry this. I have a extensive set of tools but this trojan is VERY bad. I got one of the 2 systems working and cleaned. Hopefully this standalone run will do the trick. I cna see the infected files "deny access" but did not have the toolo to kill them. I'll post back results. BTW, I do this as a living - keeping systems clean and running.John Lenz
November 14th, 2011 3:20pm

THX, I'll trry this. I have a extensive set of tools but this trojan is VERY bad. I got one of the 2 systems working and cleaned. Hopefully this standalone run will do the trick. I cna see the infected files "deny access" but did not have the toolo to kill them. I'll post back results. BTW, I do this as a living - keeping systems clean and running.John Lenz
Free Windows Admin Tool Kit Click here and download it now
November 14th, 2011 3:29pm

Hi, I would like to provide the following suggestions: 1. You may specifically give the Administrator the full permissions on this folder and its subfolders and files, and then try to run the antivirus software to remove the virus again. 2. Please contact your antivirus program support to see if they have special update or tools to complete remove it. 3. Actually, the officially recommended method is still to format and re-install the compromised computer from a known good build (i.e. operating system CD + all security patches while disconnected from the network). For more information on hacking, please see these links: Help: I Got Hacked. Now What Do I Do? http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx Help: I Got Hacked. Now What Do I Do? Part II http://www.microsoft.com/technet/community/columns/secmgmt/sm0704.mspx How A Criminal Might Infiltrate Your Network http://www.microsoft.com/technet/technetmag/issues/2005/01/AnatomyofaHack/default.aspx Malicious Software Removal Tool http://www.microsoft.com/security/malwareremove/default.mspx The Day After: Your First Reponse To A Security Breach http://www.microsoft.com/technet/technetmag/issues/2005/01/IncidentResponse 4. You can also contact your antivirus vendor for assistance with identifying or removing virus or worm infections. If you need more help with virus-related issues, contact Microsoft Product Support Services. For support within the United States and Canada, call toll-free (866) PCSAFETY (727-2338). For support outside the United States and Canada, visit the Product Support Services Web page (http://support.microsoft.com/?pr=SecurityHome). I hope this helps. Thank you for your time and cooperation! (Please note that the newsgroups are staffed weekdays by Microsoft Support professionals to answer your non-urgent, break/fix systems and applications questions. Our goal is to provide 24 hour response to all questions. If this response time does not meet your needs, please contact Customer Service and Support (CSS) for more immediate assistance. For more information on available CSS services, please click here: http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607.) Regards, Sabrina TechNet Subscriber Support in forum If you have any feedback on our support, please contact tnmff@microsoft.com.This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
November 14th, 2011 9:29pm

Please review: Help: I Got Hacked. Now What Do I Do? Carey Frisch
Free Windows Admin Tool Kit Click here and download it now
November 14th, 2011 9:50pm

You’ll probably have to reinstall, but before you do, try Microsoft’s Standalone System Sweeper. Although it’s still at the beta testing stage, it runs very well indeed and I’ve removed rootkit infections with it. On a working machine download the appropriate 32-bit or 64-bit version here https://connect.microsoft.com/systemsweeper and burn a CD. Boot from the CD and run a full scan.
November 14th, 2011 10:04pm

THX, I'll trry this. I have a extensive set of tools but this trojan is VERY bad. I got one of the 2 systems working and cleaned. Hopefully this standalone run will do the trick. I cna see the infected files "deny access" but did not have the toolo to kill them. I'll post back results. BTW, I do this as a living - keeping systems clean and running.John Lenz
Free Windows Admin Tool Kit Click here and download it now
November 14th, 2011 11:20pm

Hi, I would like to provide the following suggestions: 1. You may specifically give the Administrator the full permissions on this folder and its subfolders and files, and then try to run the antivirus software to remove the virus again. 2. Please contact your antivirus program support to see if they have special update or tools to complete remove it. 3. Actually, the officially recommended method is still to format and re-install the compromised computer from a known good build (i.e. operating system CD + all security patches while disconnected from the network). For more information on hacking, please see these links: Help: I Got Hacked. Now What Do I Do? http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx Help: I Got Hacked. Now What Do I Do? Part II http://www.microsoft.com/technet/community/columns/secmgmt/sm0704.mspx How A Criminal Might Infiltrate Your Network http://www.microsoft.com/technet/technetmag/issues/2005/01/AnatomyofaHack/default.aspx Malicious Software Removal Tool http://www.microsoft.com/security/malwareremove/default.mspx The Day After: Your First Reponse To A Security Breach http://www.microsoft.com/technet/technetmag/issues/2005/01/IncidentResponse 4. You can also contact your antivirus vendor for assistance with identifying or removing virus or worm infections. If you need more help with virus-related issues, contact Microsoft Product Support Services. For information about Security updates, visit the Microsoft Virus Solution and Security Center for resources and tools to keep your PC safe and healthy. If you are having issues with installing the update itself, visit Support for Microsoft Update for resources and tools to keep your PC updated with the latest updates. I hope this helps. Thank you for your time and cooperation! (Please note that the newsgroups are staffed weekdays by Microsoft Support professionals to answer your non-urgent, break/fix systems and applications questions. Our goal is to provide 24 hour response to all questions. If this response time does not meet your needs, please contact Customer Service and Support (CSS) for more immediate assistance. For more information on available CSS services, please click here: http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607.) Regards, Sabrina TechNet Subscriber Support in forum If you have any feedback on our support, please contact tnmff@microsoft.com. This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
November 15th, 2011 5:19am

The stand alone sweeper was able to find and clean a Trojan embedded in Java. It did not restore networking; however, I then did a O/S recovery and am back up and working. THXJohn Lenz
Free Windows Admin Tool Kit Click here and download it now
November 16th, 2011 3:42pm

How to remove Trojan Trojan.Zeroaccess Trojan.Zeroaccess : Trojan.Zeroaccess was detected by Symantec on Jul 12 2011. The number of incidents and its geographical disribution of Trojan.Zeroaccess is low. On Jul 12 2011 Symantec released updates for this Trojan. Norton AntiVirus is capable of protecting your computer against this threat. Removal of trojan Trojan.Zeroaccess is easy. The level of damage Trojan.Zeroaccess can make is low. Trojan.Zeroaccess affects computer systems with Windows XP, Windows Vista, Windows NT, Windows Server 2003, Windows 2000 operating systems. Follow these steps : ZeroAccess Removal Tool (32-bit only) – malwarecity.com ZeroAccess Removal Tool - Kaspersky Labs ZeroAccess Removal Tool- Symantec.com To check it’s presence you have to do one thing. In Windows XP ———————- Click on the start meanu and press on Run. Inside the Run window type CMD and press on Okay. In the black Command Window type NETSH WINSOCK RESET and hit on enter. If you get a message “Sucessfully reset the Winsock Catalog. You must restart the machine in order to complete the reset.” then you are safe. If not your computer is infected. The only solution to fix it is a Fresh Installation. In Windows Vista and Windows 7 ————————————–… Click on the Start Menu and in the Search box type CMD At the top you can see a CMD file. Just right click on that file and select Run as Administrator. In the black Command Window type NETSH WINSOCK RESET and hit on enter. If you get a message “Sucessfully reset the Winsock Catalog. You must restart the machine in order to complete the reset.” then you are safe. If not your computer is infected. In windows Vista and Windows 7 a successful system restore will fix the issue. Try a system restore to a good point. After a successful system restore try to do the same step again. If you got the message “Sucessfully reset the Winsock Catalog. You must restart the machine in order to complete the reset.” your computer is safe and secure.
December 30th, 2011 4:57am

ZeroAccess troubled me a lot too but you should try out Mcafee's RootkitRemover..... The tool worked flawlessly and save many of my office computer's asses. Cheers
Free Windows Admin Tool Kit Click here and download it now
January 5th, 2012 11:42am

ZeroAccess troubled me a lot too but you should try out Mcafee's RootkitRemover..... The tool worked flawlessly and save many of my office computer's asses. Cheers
January 5th, 2012 11:42am

ZeroAccess troubled me a lot too but you should try out Mcafee's RootkitRemover..... The tool worked flawlessly and save many of my office computer's asses. Cheers
Free Windows Admin Tool Kit Click here and download it now
January 5th, 2012 11:44am

ZeroAccess troubled me a lot too but you should try out Mcafee's RootkitRemover..... The tool worked flawlessly and save many of my office computer's asses. Cheers
January 5th, 2012 7:42pm

Another great tool that i have found is combofix it can be found on bleepingcomputer.com and it will remove zeroaccess rootkit and restore your network back to normal and it works well for many other infections and problems such as a missing taskbar. Best of all its free to use.
Free Windows Admin Tool Kit Click here and download it now
February 16th, 2012 3:51pm

Another great tool that i have found is combofix it can be found on bleepingcomputer.com and it will remove zeroaccess rootkit and restore your network back to normal and it works well for many other infections and problems such as a missing taskbar. Best of all its free to use.
February 16th, 2012 3:51pm

Another great tool that i have found is combofix it can be found on bleepingcomputer.com and it will remove zeroaccess rootkit and restore your network back to normal and it works well for many other infections and problems such as a missing taskbar. Best of all its free to use.
Free Windows Admin Tool Kit Click here and download it now
February 16th, 2012 3:58pm

Another great tool that i have found is combofix it can be found on bleepingcomputer.com and it will remove zeroaccess rootkit and restore your network back to normal and it works well for many other infections and problems such as a missing taskbar. Best of all its free to use.
February 16th, 2012 11:51pm

I encountered the same problem as you describe, but didn't want to reinstall Windows as the system contained a lot of proprietary software with complex settings to reconfigure. To fix (if anyone else has the same problem - this worked for me), firstly reboot into the Microsoft Windows Recovery Console, then (where D:\ is the Windows install CD-ROM); expand D:\i386\ipsec.sy_ c:\Windows\system32\drivers\ipsec.sys expand D:\i386\dnsapi.dl_ C:\Windows\system32\dnsapi.dll expand D:\i386\dnsrslvr.dl_ C:\Windows\system32\dnsrslvr.dll (See: http://www.osisecurity.com.au/blog/zeroaccess-rootkit-sirefef-no-internet-connectivity-dns) Then reboot. This should fix the no IP address error in addition to the unable to resolve DNS problem. Goodluck! -Patrick
Free Windows Admin Tool Kit Click here and download it now
March 2nd, 2012 1:14am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics