Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: ZeroAccess? Virus Removal help Please!

25 Jul 2014   #1

Windows 7 Ultimate x64
 
 
ZeroAccess? Virus Removal help Please!

I have been fighting this virus for weeks now and still cannot get rid of it. I have ran the following programs already with very little to no luck at all: combofix, ckscanner, dds, hitmanpro, gmer, JRT, roguekiller, rootkitremover, tdsskiller, eset online scan, f-secure online scan, malwarebytes, Bitdefender, nod32, and im probably forgetting some. I've had this before and got rid of it but it took me almost a month to do so and did so many different attempts at removing it I dont quite remember which one worked. The only things that seemed to have found anything were both the online scanners. The last one ran was f-secure and it said that it found and removed w32/ZeroAccess.e623c78f39!Online. I also did a low level format multiple times w/ multiple programs. Dban seems to work the best and I ran dban in every option possible with still no luck. Everytime I re-install windows its still there so I need some other options here from some of you pro's. You tell me what logs you need and I'll provide them for you since I already have all the ones you will probably ask for. After the last install of Win 7 Ultimate x64 I cannot access certain folders because it says I don't have administrative rights but I do. I don't know what other information you guys need at this point my brain is shot and im just tired of dealing with this. Last note: im currently running Emisoft Emergency Kit. Sorry for the long post and thanks in advance!

My System SpecsSystem Spec
.

25 Jul 2014   #2

Microsoft Community Contributor Award Recipient

Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

How did you reinstall windows? I mean did you do "diskpart clean" to destroy the MBR totally?
Are you willing to reinstall Windows 7 again? I mean... you have all important stuff on backup already and know how to "clean install", install drivers and put files back from backup. Put only data files back like doc, mp3, xls etc. Otherwise you probably restore the virus as well.

Are you willing to give it one more try?
My System SpecsSystem Spec
25 Jul 2014   #3

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

Rootkits install a hidden boot partition that can survive a reinstall. It's best to wipe the disk before doing a reinstall to be sure you get rid of that partition. Most AV's have a problem with removing rootkits.

There is a tool that is specialized for removing rootkits, TDSSKiller generally does a good job of eliminating rootkits.

TDSSKiller Download

If you wish to try again with a clean install, here is a list of disk erasers.

http://www.techrepublic.com/blog/fiv...erasing-tools/

Clean Install Windows 7
My System SpecsSystem Spec
.


25 Jul 2014   #4

Windows 7 Ultimate x64
 
 

I have no problem reinstalling windows again. I used dariks boot and nuke and did a complete wipe of the drive. But apparently im not reinstalling the MBR and sys files? What do you think the best way to do it is then? I figured a complete HD wipe and then I entered dos before installing and even made sure to do a MBR delete and then I reinstalled windows 7. Still no luck. So You tell me what you think the next best route is please. Thanks. Oh ya, I did run TDSSkiller multiple times and it never found anything.
My System SpecsSystem Spec
26 Jul 2014   #5

Microsoft Community Contributor Award Recipient

Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

Quote   Quote: Originally Posted by zippo View Post
I have no problem reinstalling windows again. I used dariks boot and nuke and did a complete wipe of the drive. But apparently im not reinstalling the MBR and sys files? What do you think the best way to do it is then? I figured a complete HD wipe and then I entered dos before installing and even made sure to do a MBR delete and then I reinstalled windows 7. Still no luck. So You tell me what you think the next best route is please. Thanks. Oh ya, I did run TDSSkiller multiple times and it never found anything.
Did you boot from a clean virus free DVD and wiped the harddisk? How did you wipe it exactly?
you can very easy wip the disk using the "diskpart clean" command. "clean all" is not needed!
Disk - Clean and Clean All with Diskpart Command
My System SpecsSystem Spec
28 Jul 2014   #6

Windows 7 Ultimate x64
 
 

Yes I used a clean virus free CD and wiped the disk. Unless when I burned the dban onto a new cd it somehow got infected also? I did notice that when I went to burn the cd there was a hidden file desktop.ini that also tried to burn to the cd and I removed it(there are desktop.ini hidden files in every single folder now..sometimes 2 or 3 of them in each folder). I have never really noticed that many desktop.ini files before so I don't know if thats something with the virus or not? But anyways, Yes I Booted from a cd with dban and wiped the drive completely. After that I then inserted the cd that came with my mobo (asus crosshair IV formula) and booted into command prompt and made sure to delete the MBR again and format the drive another time from command prompt. The only thing I have not done this time that I did last time that worked is flash the bios. The only problem there is that the bios ver. that is currently on the mobo is the newest version and it wont let me flash back to an older version? Is there a way around that so that I can flash back to an older version or is that a bad idea? I'll go run another diskpart now and do a cleanall just to be safe. I know its not needed but its really not an issue at this point and I want this thing rid of for good. I'll be back to check for a response after. Once again, thank you for your assistance!
My System SpecsSystem Spec
28 Jul 2014   #7

Windows 7 Ultimate x64
 
 

No luck. Virus still remains. Bios flash?
My System SpecsSystem Spec
29 Jul 2014   #8

Microsoft Community Contributor Award Recipient

Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

Quote   Quote: Originally Posted by zippo View Post
Yes I used a clean virus free CD and wiped the disk. Unless when I burned the dban onto a new cd it somehow got infected also? I did notice that when I went to burn the cd there was a hidden file desktop.ini that also tried to burn to the cd and I removed it(there are desktop.ini hidden files in every single folder now..sometimes 2 or 3 of them in each folder). I have never really noticed that many desktop.ini files before so I don't know if thats something with the virus or not? But anyways, Yes I Booted from a cd with dban and wiped the drive completely. After that I then inserted the cd that came with my mobo (asus crosshair IV formula) and booted into command prompt and made sure to delete the MBR again and format the drive another time from command prompt. The only thing I have not done this time that I did last time that worked is flash the bios. The only problem there is that the bios ver. that is currently on the mobo is the newest version and it wont let me flash back to an older version? Is there a way around that so that I can flash back to an older version or is that a bad idea? I'll go run another diskpart now and do a cleanall just to be safe. I know its not needed but its really not an issue at this point and I want this thing rid of for good. I'll be back to check for a response after. Once again, thank you for your assistance!
Did you create the installation DVD from here? http://www.heidoc.net/joomla/technol...download-links
Did you burn it from a CLEAN machine?

Last time: How did you wipe the disk?
My System SpecsSystem Spec
29 Jul 2014   #9

Windows 7 Ultimate x64
 
 

No I did not download it from there. I have a clean windows 7 ultimate cd that I purchased a long time ago. The last wipe I did was with diskpart and I did a cleanall command. After that I cleared the cmos and then re-installed Windows 7. Now I am having issues with connecting to the internet, and still have no administrative rights to certain folders/files. Also when trying to go to google it tells me that there is a problem with this websites security certificate? I also grabbed a copy of Avast to see if that would maybe catch the virus running a boot scan and full system scan and that failed to find anything also. So whats next on the list to try haha? Only thing I can think of is flashing the bios after wiping the drive again. But I still don't know how to flash the bios back to an older version because it won't let me go to an older version, only a newer version. Any other Ideas?
My System SpecsSystem Spec
29 Jul 2014   #10

Microsoft Community Contributor Award Recipient

Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

  1. Boot from CD/DVD/USB and use diskpart->clean ("clean all" not needed) to wipe the disk. You must boot from a 100% virus free source. I should use Windows 7 Direct Download Links, Official Disk Images from Digital River and burn the ISO on a "clean" machine.
  2. Install Windows 7 from a virus free DVD/USB.
CMOS and BIOS are not related to this virus problem.
My System SpecsSystem Spec
Reply

 ZeroAccess? Virus Removal help Please!




Thread Tools



Similar help and support threads for2: ZeroAccess? Virus Removal help Please!
Thread Forum
Solved Power icon missing after removal ZeroAccess rootkit General Discussion
Want ideas for Virus removal if virus shows up in safemode CMD System Security
Virus Removal System Security
no internet after virus removal Network & Sharing
After Virus Removal System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:38 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33