Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef and zeroaccess infection.


  • Please log in to reply
3 replies to this topic

#1 wildfury

wildfury

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 09 March 2013 - 07:29 PM

About six weeks ago I got infected with zeroaccess rootkit from the sirefef virus. It had infected my tpc-ip stack and downloaded loads of backdoor trojans. Unable to kill it, I decided to format my drive and start over.

 

After formatting I still had the infection. I am on my 3rd hard drive. I still have the

infection.

 

Only one tool is still able to find it but unable to remove it. The Mcaffe rootkit removal tool.

I don't think it is a false positive. I had friends try the same tool on their machines as a test.

All other tools - my AV, Malwarebytes, a scan from a 2nd AV, superantispyware, hitman pro --- etc

all detect nothing. A kingsoft AV will detect strange executables from time to time.

 

However, I have just installed a 3 hard drive and so far kinsoft is not finding anything.

 

Of course, XP is telling me I have no AV.

 

Anyway ---- How do I get rid of this thing. Never had a pc problem I couldn't fix and I'm still

flabbergasted that I still have it after installing a 3rd drive and clean install.... !!

 

Thanks much

 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:31 AM

Posted 09 March 2013 - 07:39 PM

Hello and welcome. It is probably in the boot record and we will need you to repost this info in a new topic with the logs from this guide to clean this once and for all.

We should get a deeper look. Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 wildfury

wildfury
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 09 March 2013 - 08:36 PM

Hello and welcome. It is probably in the boot record and we will need you to repost this info in a new topic with the logs from this guide to clean this once and for all.

We should get a deeper look. Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.

Okay - I will read that and repost. I can't see how it could be the boot record. The different hard drives. I am on my third



Hello and welcome. It is probably in the boot record and we will need you to repost this info in a new topic with the logs from this guide to clean this once and for all.

We should get a deeper look. Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.

Okay - I will read that and repost. I can't see how it could be the boot record. The different hard drives. I am on my third

Three different hard drives..... a typo



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:31 AM

Posted 09 March 2013 - 10:13 PM

Then perhaps you have reinstalled the malware from something you backed up. It is possible that it is protected by a driver or a service and I would still use the Guide.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users