Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess desktop.ini Trojan


  • Please log in to reply
2 replies to this topic

#1 Boucheman

Boucheman

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 11 December 2012 - 03:55 AM

I have been getting these pop-ups from McAfee telling me that I have a trojan and it can't delete the files. The files names are something like zeroaccess.ini or desktop.ini and they are located in a folder that I can not find and McAfee is saying that they cant be deleted. What is happening is they are turning off McAfee's firewall and real-time scanning capabilities. I have tried running mbam and that didn't work, I've tried running scans with McAfee several times and restarting to remove the trojan and neither worked. What do I do to get rid of this pest? Thank you in advance guys!

*Moderator Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Queen-Evie*

Edited by Queen-Evie, 11 December 2012 - 08:25 AM.


BC AdBot (Login to Remove)

 


#2 Boucheman

Boucheman
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 11 December 2012 - 01:16 PM

I'm sorry I put this in the wrong place.
I have an update to this post though. I started a scan last night in safe mode with networking and here are the results:

12/11/2012 2:27:46 AM Scan Started: 12/11/2012 02:27:46 AM
12/11/2012 2:31:25 AM Total objects scanned: 8024
12/11/2012 2:31:25 AM Objects detected: 0
12/11/2012 2:31:25 AM Scan Done: 12/11/2012 02:31:25 AM
12/11/2012 2:32:13 AM Scan Started: 12/11/2012 02:32:13 AM
12/11/2012 5:29:29 AM Total objects scanned: 615185
12/11/2012 5:29:29 AM Objects detected: 0
12/11/2012 5:29:29 AM Scan Done: 12/11/2012 05:29:29 AM

However, just now after I have restarted my computer to go back into the regular desktop with everything running, I get a pop up from McAfee that says this:

Trojan Detected

McAfee detected an infected file on your PC. Restart your PC so we can fix it.

About This Trojan
Detected: ZeroAccess.hi(Trojan)
Quarantined From: C:\\Windows\assembly\GAC_64\Desktop.ini

We cannot remove a Trojan while the infected file is in use. Restarting your PC frees up the infected file allowing McAfee to fix the issue.


Now, I'm going to restart my computer now by clicking on the "Restart Now" option on this pop up window and see what happens. I will edit this post with the results.


EDIT: Okay, now I have restarted my comp and after about a minute, I get the same pop up except the only difference is the "Quarantined From" location. Everything is the exact same as the first pop up except this:

Quarantined From: C:\\Windows\assembly\GAC_32\Desktop.ini


Edited by Boucheman, 11 December 2012 - 01:24 PM.


#3 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:05:24 AM

Posted 11 December 2012 - 02:11 PM

Welcome to BC! ZeroAccess can be a nasty little bug.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users