So, I had google redirects. Figured I was infected with something. I ran Malwarebytes. Found and fixed alot of stuff. But still had problems. I ran combofix. After combofix has scanned for a few minutes, it says something to the effect of "you are infected with RootKit ZeroAccess! in the tcp/ip stack". It then says it need to reboot. I say "Ok", it finishes with no errors. So, I ran Combofix again to see if I get the same message again. And I do. Says the same thing, "RootKit ZeroAccess!".
So then, I proceed to scan with other rootkit removal tools. Stating with tdsskiller. If found stuff, and cleaned it. I rerun tdsskiller after reboot to see if it finds anything and says its clean. I then run combofix again, and still, it says "im infected with RootKit ZeroAccess!. I then search for any and all ZeroAccess Removal tools I can find. I found ESET Sirefef remover. Ran that, says Sirefef/ZeroAccess not detected. I downloaded Symantec's tool, FixZeroAccess. It found a couple of files and cleaned. Again, I rebooted, rerun Symantec's tool, and it says it's clean. So, then I rerun combofix. It still says "I'm infected with Rootkit ZeroAccess!". So, I download aswMBR, It doesn't seem to find anything. Then I downloaded Sophos Anti-RootKit. It found a couple of files and cleaned. Again, a rescan of sophos antirookit shows clean, rerun all the above antirootkit scanners all shows clean. However, Combofix still says im infected with ZeroAccess.
Now, as far as symtoms go, None. Computer is working good. This seems strange to me. I'm pretty sure I was infected, and had symtoms of google redirects and system running really slow. Every thing I've read on the ZeroAccess says you will lose internet connection. But I never have. I start to think this is a false positive from combofix. I reload my trend micro,(I had uninstalled before I started to remove anything) I also, ran combofix /uninstall and ran Clean Up in OTL. I scan the system with Trend Micro it doesn't find anything. I then Download SuperAntispyware and disabled Trend Micro and scanned with the SuperAntispyware. All it found was some tracking cookies.
Well, with internet connection always working, I start to think about why would that happen if i had ZeroAccess and I remember that I have a bridged network connection. So when you go into my tcp/ip setting in Network Connections. The Setting are greyed out, and my setting are on the Bridged Connection. So, I proceed to Remove the Bridge, and have it normal, Thinking this is causing a problem or maybe causing combofix to not remove the rootkit. I then Disable Trend Micro, Downoad a fresh new copy of combofix. And run combofix again. Combofix comes up with the same message, "I'm infected with Rootkit ZeroAccess!". Well, I'm thinking maybe this time it will fix it. But after it finishes and reboots. I still have internet connection. And still run combofix again, it still says im infected.
I'm scared to trust this, or this pc now. So, can you guys help me find out if I'm infected or not?
I don't see an attach button to attach any logs.
Edited by zohan, 06 April 2012 - 04:49 PM.