Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.ZeroAccess


  • This topic is locked This topic is locked
4 replies to this topic

#1 JacobE

JacobE

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 07 February 2012 - 08:35 PM

(Windows XP SP3) Malwarebytes is telling me that i have been infected with Rootkit.Zeroaccess! I have heard about how nasty this rootkit is, I've tried to quarantine it, but i read the Malwarebytes log and it told me it could not be quarantined (Error Code 2)! I have run Combofix out of sheer paranoia, as I know about the keyloggers and proxy redirects that come with it, but after I ran it, (and it told me that it removed it) I got a popup from Malwarebytes that it had re-installed itself into a different named folder in the TEMP section of C/:WINDOWS. Please help me! I have no idea how to get rid of it now!

BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:54 AM

Posted 08 February 2012 - 01:14 PM

Hi JacobE and welcome to BC.

Please read the preparation guide: http://www.bleepingcomputer.com/forums/topic34773.html
Post the logs when ready and we will begin from there. Thanks.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 JacobE

JacobE
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 08 February 2012 - 07:11 PM

Hey Sempai, I'm sad to say that the infection was too far progressed to save, I turned my system on this morning to find that my firewall had been taken down and could not be started back up, same with Malwarebytes, Avast, and ZoneAlarm. I have decided to use one of my parents old Windows XP installation discs to format and re-install a fresh copy of Windows, as I know I would never be able to trust my system again, even if the cleaning worked.
Thank you for taking the time to try to help me though, it really means something.
Hope you never evereverever get this rootkit,
Jacob E.

#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:54 AM

Posted 09 February 2012 - 08:38 AM

Good choice, thank you for letting us know. :thumbup2:

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:54 AM

Posted 09 February 2012 - 08:38 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users