Hello, a few days ago Norton Internet Security began notifying me of three trojans attempting to access my computer, which were trojan gen 2, trojan zeroaccess b and trojan zeroaccess c.
Whilst it reported it was able to block, quarantine and remove these threats, they would continually attempt to access my laptop every few minutes when connected to the internet. Aside from this, I was often redirected to spam or ads when browsing. Windows Update and Windows Security Centre were disabled and I was unable to fix them, and the trojan would not let me download any security software or indeed anything(deleting it as a virus immediately), so I had to put them on via USB.
I ran Norton Power Eraser,which removed 2 threats, after which the intrusion attempts and redirects ceased and have not returned since. Tdss killer came back clean, as did SUPERantispyware and Malwarebytes . Microsoft Malicious Software Removal Tool removed a total of 4 threats, which enabled me to download Windows updates again, and the only symptom I had left was being unable to download anything. If it is of any significance whatsoever, all infected files and programs higlighted in scans were located in a Google folder or named Google.
I ran rkill, the log of which showed that zeroaccess was still active. At this point I gave in and did a full factory reset,as the files on my computer were not important to me, and I wasn’t keen on messing around with combofix.
All ‘symptoms’ are gone and all scans have came back clean.
rkill is no longer reporting zeroaccess activity, however it does terminate one process every timewhich is -
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Windows\SysWOW64\ezSharedSvcHost.exe (PID: 1476) [WD-HEUR]
1 proccess terminated!
Is this legit, or evidence of an unresolved threat? 64 bit, Windows 7.
I thank you in advance for any assistance.