Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How do I know a rootkit.zeroacess is really gone?


  • Please log in to reply
No replies to this topic

#1 StankyPickles

StankyPickles

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:50 AM

Posted 20 December 2011 - 02:27 AM

I recently got infected with the ping.exe virus by allowing a late-night unprotected install of a "new java platform" that popped up in my Windows XP tray (sneaky bastards!). By following the steps on bleepingcomputer.com, I was successfully able to disable the XP Security 2012 bug by using FixNCR, rkill, Malewarebytes', and Microsoft Security Essentials. I then resumed my regularly scheduled activities, when I noticed Ping.exe sucking the life out of my CPU. I returned to BleepingComputer.com and downloaded ComboFix. (Side note: My apologies for running this without professional guidance. I did not realize the strict rules at the time, but I did disable my realtime antivirus protection and patiently allowed it to run its course. So far no problems from the program -- big fan, actually. thanks!)

The combofix immediately detected a rootkit.zeroacess and rebooted to stop the activity, then completed its scan with no further problems. I ran combofix again, and it just scanned as usual, but did not indicate any rootkit activity. The ping.exe CPU hog has disappeared completely. But how do I know that the rootkit is REALLY gone? The only reason I'm concerned is, when ping.exe was going strong, I would hear a random windows XP noise that I have narrowed down to either "Windows XP Asterisk" or "Windows XP Exclamation" (they sound very similar to me, honestly). I am still hearing these noises occasionally, when the computer is idling, or I'm streaming a movie. In other words, I'm not physically inputting anything that should make it give that sound (I'm not clicking things like a dumbass), so it must be internal? I never had these random noises before my infections. Also, are these viruses all related to the rootkit? i.e. are ping.exe and XP security 2012 just manifestations of rootkit.zeroacess? Any help/thoughts would be appreciated, thanks.

I'm kicking it old school with:

Dell Inspiron 1520
Windows XP Professional SP 3
Intel Core 2 Duo
1.66GHz, 2 GB RAM
160 GB HD

Also this is my first post, so I hope this is OK. Please be nice :)

StankyPickles

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users