Spyware, Viruses, & Security forum


ZEROACCESS rootkit symptoms found!

by Lisaponcho / November 27, 2012 10:46 PM PST

I am not sure if this is the same one that I paid Norton to remove a couple of months ago but I think it is ! Can you help please?

Dell Inspiron 1764

Intel Core i5 i5-430M / 2.26 MHz ( 2.53 GHz ) ( Dual-Core ) .
Memory 4.0 GB / 8.0 GB (max) .
Hard Drive 500.0 GB - 5400.0 rpm .
Operating System Microsoft Windows 7 Home Premium 64-bit Edition .
Display Type 17.3 in TFT active matrix .
Max Resolution 1600 x 900 ( HD+ ) .
Graphics Processor Intel HD Graphics .
Optical Drive DVD RW - Integrated .

Answer This Ask For Clarification
Discussion is locked
You are posting a reply to: ZEROACCESS rootkit symptoms found!
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: ZEROACCESS rootkit symptoms found!
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

All Answers

Collapse -
This link shows the find.
by R. Proffitt Forum moderator / November 27, 2012 11:09 PM PST
Collapse -
Malware tools
by Lisaponcho / November 28, 2012 11:25 AM PST

I have now tried every tool out there and Rkill is the only one that shows that. Could it be leftover from before? I am not sure what else I can do short of a reinstall. UGH !
This computer shows no signs of any problems other than IE8 being very very slow with any page that has graphics etc. All other programs work just fine.
I can still boot in safe mode and IE8 shows absolutely no issues at all...... stumped

Collapse -
The rootkit is a nasty.
by R. Proffitt Forum moderator / November 28, 2012 1:30 PM PST
In reply to: Malware tools

And I saw the same symptoms when I last encountered it. Other scanners do pick it up but RKILL is the quick test.

As the PC is 1500 miles away I could not work on it but the few days I was visiting and while we cleaned it up and FireFox was OK, IE was like you reported.

Later he had the OS reinstalled and it's working fine now.

Collapse -
by Lisaponcho / November 28, 2012 8:22 PM PST

So I should just give up and reinstall ?

Collapse -
My repair was too involved.
by R. Proffitt Forum moderator / November 28, 2012 10:07 PM PST
In reply to: Nasty

I know of a repair method but it requires a full version of the OS (the retail version) and is not something I can write in this small box. Also, most folk have restore DVDs so again, the repair I know of can't be done with that.

Let's hope that some one has come up with and easier repair for this nasty. This one was the first that I couldn't find a tool to cure it with. We knew that would happen as if you damage the OS enough, you have to consider repairs exceed what tools we have on hand. That is, the repair I know of requires the installed OS be the full retail version. Let's hope someone somewhere has better news.

Collapse -
Repair too involved
by Lisaponcho / November 30, 2012 8:05 AM PST

So... Will a system recovery actually rid the laptop of the Nasty? Or am I barking up the wrong tree?
Will anyone else possibly chime in here? Someone must have some idea....

Collapse -
Yes it cured it.
by R. Proffitt Forum moderator / November 30, 2012 8:11 AM PST
In reply to: Repair too involved

And restoring to the factory condition did cure my dad's PC. I've alerted your post because I'd like to see if anyone has found an user friendly cure for it.

Collapse -
A note from a friend.
by R. Proffitt Forum moderator / December 3, 2012 8:54 AM PST
Collapse -
Done deal
by Lisaponcho / December 11, 2012 10:21 AM PST
In reply to: A note from a friend.

I would like to thank you for your help. I did a full recovery and everything is now fine.
What a pain in the butt! Why oh why do people do this crap !! Just to make people miserable??
I think I have most of my programs reloaded and am still working on little things little by little.
Thank you again and any suggestions on antivirus? Antimalware? etc? I have no faith in Symantec now as they had supposedly removed this but obviously didn't get the whole thing!

Collapse -
Most of my defense is ... me ...
by R. Proffitt Forum moderator / December 11, 2012 10:49 AM PST
In reply to: Done deal

Let me share what I install and what I use.

1. I don't use IE. Sorry but MSFT lost me long ago. Use Firefox, Chrome or such.

2. Free AVG is good, but the last version interfered with the Windows 7 Snipping Tool so I now have Avast free.

3. Now for more protection. I use WOT (Web Of Trust) and AdBlock Plus on the browser.

That's it. And in many months I have yet to find more than harmless tracking cookies using the tools that Grif listed.

Collapse -
Have you tried?
by MaliciousRogue / December 29, 2012 5:29 AM PST

Have you tried ComboFix?

Collapse -
Why yes I did. Here's why it didn't work.
by R. Proffitt Forum moderator / December 29, 2012 10:13 AM PST
In reply to: Have you tried?

This one changes system files and to fix it you need to undo the registry entries and restore the OS files that were infected. There was a tool to do this but folk seem to not want to pay for it. So at the time I ran into this, none of the free solutions worked except the one the original poster used.

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions

Smart Home Help

Light bulbs you shouldn't buy

There are plenty of dimmable LED light bulbs, but make sure you don't buy the ones that flicker when you dial them down.