Spyware, Viruses, & Security forum

Question

ZEROACCESS rootkit symptoms found!

by Lisaponcho / November 27, 2012 10:46 PM PST

I am not sure if this is the same one that I paid Norton to remove a couple of months ago but I think it is ! Can you help please?

Dell Inspiron 1764

Intel Core i5 i5-430M / 2.26 MHz ( 2.53 GHz ) ( Dual-Core ) .
Memory 4.0 GB / 8.0 GB (max) .
Hard Drive 500.0 GB - 5400.0 rpm .
Operating System Microsoft Windows 7 Home Premium 64-bit Edition .
Display Type 17.3 in TFT active matrix .
Max Resolution 1600 x 900 ( HD+ ) .
Graphics Processor Intel HD Graphics .
Optical Drive DVD RW - Integrated .

Answer This Ask For Clarification
Discussion is locked
You are posting a reply to: ZEROACCESS rootkit symptoms found!
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: ZEROACCESS rootkit symptoms found!
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

All Answers

Collapse -
Answer
This link shows the find.
by R. Proffitt Forum moderator / November 27, 2012 11:09 PM PST
Collapse -
Malware tools
by Lisaponcho / November 28, 2012 11:25 AM PST

I have now tried every tool out there and Rkill is the only one that shows that. Could it be leftover from before? I am not sure what else I can do short of a reinstall. UGH !
This computer shows no signs of any problems other than IE8 being very very slow with any page that has graphics etc. All other programs work just fine.
I can still boot in safe mode and IE8 shows absolutely no issues at all...... stumped

Collapse -
The rootkit is a nasty.
by R. Proffitt Forum moderator / November 28, 2012 1:30 PM PST
In reply to: Malware tools

And I saw the same symptoms when I last encountered it. Other scanners do pick it up but RKILL is the quick test.

As the PC is 1500 miles away I could not work on it but the few days I was visiting and while we cleaned it up and FireFox was OK, IE was like you reported.

Later he had the OS reinstalled and it's working fine now.
Bob

Collapse -
Nasty
by Lisaponcho / November 28, 2012 8:22 PM PST

So I should just give up and reinstall ?

Collapse -
My repair was too involved.
by R. Proffitt Forum moderator / November 28, 2012 10:07 PM PST
In reply to: Nasty

I know of a repair method but it requires a full version of the OS (the retail version) and is not something I can write in this small box. Also, most folk have restore DVDs so again, the repair I know of can't be done with that.

Let's hope that some one has come up with and easier repair for this nasty. This one was the first that I couldn't find a tool to cure it with. We knew that would happen as if you damage the OS enough, you have to consider repairs exceed what tools we have on hand. That is, the repair I know of requires the installed OS be the full retail version. Let's hope someone somewhere has better news.
Bob

Collapse -
Repair too involved
by Lisaponcho / November 30, 2012 8:05 AM PST

So... Will a system recovery actually rid the laptop of the Nasty? Or am I barking up the wrong tree?
Will anyone else possibly chime in here? Someone must have some idea....

Collapse -
Yes it cured it.
by R. Proffitt Forum moderator / November 30, 2012 8:11 AM PST
In reply to: Repair too involved

And restoring to the factory condition did cure my dad's PC. I've alerted your post because I'd like to see if anyone has found an user friendly cure for it.
Bob

Collapse -
Answer
A note from a friend.
by R. Proffitt Forum moderator / December 3, 2012 8:54 AM PST
Collapse -
Done deal
by Lisaponcho / December 11, 2012 10:21 AM PST
In reply to: A note from a friend.

I would like to thank you for your help. I did a full recovery and everything is now fine.
What a pain in the butt! Why oh why do people do this crap !! Just to make people miserable??
I think I have most of my programs reloaded and am still working on little things little by little.
Thank you again and any suggestions on antivirus? Antimalware? etc? I have no faith in Symantec now as they had supposedly removed this but obviously didn't get the whole thing!
Lisa

Collapse -
Most of my defense is ... me ...
by R. Proffitt Forum moderator / December 11, 2012 10:49 AM PST
In reply to: Done deal

Let me share what I install and what I use.

1. I don't use IE. Sorry but MSFT lost me long ago. Use Firefox, Chrome or such.

2. Free AVG is good, but the last version interfered with the Windows 7 Snipping Tool so I now have Avast free.

3. Now for more protection. I use WOT (Web Of Trust) and AdBlock Plus on the browser.

That's it. And in many months I have yet to find more than harmless tracking cookies using the tools that Grif listed.
Bob

Collapse -
Answer
Have you tried?
by MaliciousRogue / December 29, 2012 5:29 AM PST

Have you tried ComboFix?

Collapse -
Why yes I did. Here's why it didn't work.
by R. Proffitt Forum moderator / December 29, 2012 10:13 AM PST
In reply to: Have you tried?

This one changes system files and to fix it you need to undo the registry entries and restore the OS files that were infected. There was a tool to do this but folk seem to not want to pay for it. So at the time I ran into this, none of the free solutions worked except the one the original poster used.
Bob

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Big stars on small screens

Smosh tells CNET what it took to make it big online

Internet sensations Ian Hecox and Anthony Padilla discuss how YouTube has changed and why among all their goals, "real TV" isn't an ambition.