ZeroAccess? Virus Removal help Please!

Page 2 of 2 FirstFirst 12

  1. Posts : 7
    Windows 7 Ultimate x64
    Thread Starter
       #11

    I have 2 versions of windows 7 and both of them are clean DVD's. At this moment I don't have another machine to make another copy. Ive read alot of articles about some rootkits attaching themselves to the bios so reformatting and wiping the drive does no good. Im just wondering if maybe im the lucky one who has it in the bios? I've wiped the drive at least 5 times already and have re-installed windows about 10 times. I'll go run another diskpart and do a clean command. I'll be back soon to check back.
      My Computer


  2. Posts : 7
    Windows 7 Ultimate x64
    Thread Starter
       #12

    ntoskrnl.exe has suspicious modifications according to gmer. Don't know if this helps you at all?
      My Computer


  3. Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
       #13

    It's just a matter of figuring out where the re-infection is coming from. It could be the BIOS, but first examine all the other alternatives. Is it coming from infected files, if so, what is the source. If there is any way you can get to another clean PC & make a new Win 7 disk, that would eliminate one possible source.

    One tool you can use to look at your HDD is GParted. It is a boot partition editor. If you are infected, the rootkit will show up as a hidden boot partition at the end of the drive, usually between 1 - 10 MB. With this tool you can eliminate this partition. Be sure to read the documentation.

    GParted -- A free application for graphically managing disk device partitions
      My Computer


  4. Posts : 3,822
    Windows10 Pro - 64Bit vs.10547
       #14

    You could try running Windows Defender Offline, once you've got the OS installed..
    the virus is obviously re-initializing, so you've got to isolate it before it starts up..
      My Computer


  5. Posts : 7,055
    Windows 7 Home Premium 32 bit
       #15

    It is easy for ZeroAccess virus to come back if one is not thoughtful and prudent. ZeroAccess rootkit virus can return resorting to autorun.inf and other correspondent virus programs generated in local hardware, memory stick or external hard drive with automatic playback function. So you need to sanitize all external devices you connect to your PC apart from your other internal drives.
      My Computer


 
Page 2 of 2 FirstFirst 12

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 09:47.
Find Us