Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Rootkit.ZeroAcess Infection- No internet/DVD drive

  • Please log in to reply
1 reply to this topic

#1 haiden


  • Members
  • 2 posts
  • Local time:08:34 PM

Posted 21 December 2011 - 11:19 AM

Windows XP Professional SP3

*Application ran to detect rootkit- UnHackMe + Combofix. After running Combofix, I received ""Rootkit.ZeroAcess! is in tcp/ip stack". I am sorry, the log for Combofix was not saved, or I am unsure where it was sent to by default. Yes, I am aware I should not have run it. But I do not nothing was deleted, or nothing was asked to be deleted.

This all started 3 days ago. I noticed in the taskbar that "XP Antispyware 2012" was running. Immediately I knew it was an infection, so I attempted to run a scan using Avast, which of course did not detect. I then attempted to try out Firefox, to no avail. So I proceeded to search Google using my laptop, and found this website.

I also tried "ipconfig", and it showed the following" Ethernet adapter Hamachi:
Connection-specific DNS suffix . :
IP Address...................... :
Subnet Mask..................... :
Deafult Gateway................. :

I do recall before this issue, that the above was not Hamachi, it was "Local Area Connection".

Also tried: ipconfig /renew and got the following:

An error occurred while renewing interface Local Area Connection : The RPC server is unavailable.

Looking at the services, I do see the Remote Procedure Call is in fact started.

I am also unable to start DHCP. After attempting to, I get the following:

Could not start the DHCP Client service on Local Computer.
Error 1075:The dependency service does not exist or has been marked for deletion.

I hope I have listed all that needs to be listed, as per the rules of the forums. Thank you for reading.

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,769 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:34 PM

Posted 21 December 2011 - 01:43 PM

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application.

You have a serious malware infection. Disinfection will probably require the use of more powerful tools than we recommend in this forum. Before that can be done you will need to create and post a DDS log for further investigation.

Please follow the instructions in the Preparation Guide For Requesting Help starting at Step 6. When you have done that, start a new topic and post the required logs to include your ComboFix log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts. After doing this, please reply back in this thread with a link to the new topic so we can closed this one.

If HelpBot replies to your topic, please follow Step One so it will report your topic to the team members.

Note: If you're not sure where to find the log, ComboFix will create and save it to the root directory, usually C:\ComboFix.txt. To retrieve the log, launch Windows Explorer, navigate to the root directory and double-click on it to open in Notepad.

If you cannot find the ComboFix log, then follow the above directions and post the DDS/GMER logs.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users