Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP validation error (may be related to zeroaccess rootkit)


  • Please log in to reply
1 reply to this topic

#1 matte17

matte17

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 20 June 2012 - 04:20 AM

Hello,

Thanks for providing this forum. I hope you can help me. I've been referred here by someone from the Microsoft forums. For a while now i've had a problem with my XP Home Edition license intermittently failing genuine validation. As part of chasing down the problem I installed & ran Malwarebytes which reported a zeroaccess.rootkit infection. This is from the MBAM log:

Files Detected: 2
C:\Documents and Settings\LocalService\Local Settings\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.


Remiving this doesn't seem to have cured the problem and it was suggested that I come here and see if you guys can help. The full discussion from the MS forum is here: link.

I've since re-run MBAM and also tried Kaspersky TDDSKiller and both report that there is no infection.

I've been doing some reading around this forum and it looks as though the easiest and most reliable fix might be to somply scorch the machine and do a clean build. So before I start posting for removal advice I wanted to see if that's a suggested route, and whether there's any danger of simply bringing the infection with me if I back up my files and copy them onto the new build?

Thanks in advance,

Matt.

[Moderator edit: post moved to more appropriate forum. jgw]

Edited by jgweed, 20 June 2012 - 08:37 AM.


BC AdBot (Login to Remove)

 


#2 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:09:57 PM

Posted 28 June 2012 - 12:30 PM

Have you resolved your problems?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users