New
#31
Hi,
I've done some reading up on Zero Access, and now I know why its so hard to remove - even after throwing multiple well-known tools at it. Apparently, in some cases its impossible to clean. You could spend days throwing other tools at this in the hope that it is eradicated, but success is not guaranteed.
http://www.2-viruses.com/remove-zeroaccess-rootkit
Unless Jacee has other suggestions, bite the bullet, and do a clean install as recommended earlier.
Regards,
Golden
I'm having the same problem so far. I'm currently running the Microsoft Safety Scanner as well as Trend Micro Titanium. Both Full Scans. Afterward I'm going to run the RKill and Malwarebytes. I just installed some Windows 7 updates and I noticed the Action Center informing me about the Windows Firewall. That's how this all started. I'll post a reply with my results. I'm hoping I don't have to do a clean install seeing as how I have over a TB of media on my PC and no way to get a larger HD.
Well, my PC restarted with no problems after the scans. It seems like I may have the same problem with a different cause. I'm gonna continue researching it.
Code:Rkill was run on 05/23/2012 at 22:23:24. Operating System: Windows 7 Professional Processes terminated by Rkill or while it was running: C:\ProgramData\adob\copy.exe C:\ProgramData\adob\svchost.exe C:\Users\Guardian\AppData\Local\Temp\6F45.tmp\rundll32.exe Rkill completed on 05/23/2012 at 22:23:40.Code:Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.24.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Guardian :: G222-ELITE [administrator] 5/23/2012 10:27:19 PM mbam-log-2012-05-24 (00-12-12).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 360734 Time elapsed: 1 hour(s), 29 minute(s), Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Adob (Trojan.Banker) -> Data: C:\ProgramData\adob\color.vbs -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|adobe (Trojan.Banker) -> Data: C:\ProgramData\adob\color.vbs -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\ProgramData\adob\color.vbs (Trojan.Banker) -> No action taken. (end)
Last edited by Guardian Ares; 24 May 2012 at 02:23.
I spent the last 4-5 days working on this Laptop Win7 64 and I finially fixed it and after reading every thing i could I found the answer... If you want to try this it may work for you also. *
BUT get rid of the Virus with Anti virus, and this will help fix the rest for you.... good luck.
Download
Windows repair tool
Extract and launch the Repair_Windows.ex file
Click on Start repairs tab-click on Start
check mark following options alone: (deselect all, and only check these)
Reset registry permissions
reset file permissions
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & Cache
Repair hosts
**Checkmark Restart System When Finished option
click the Start button
System should restart after repair
remember to disable Antivirus before hand... and again good luck!!!
Last edited by rcent; 27 Jan 2013 at 11:34.
rcent,
The posts in these thread date back to 2012.
Also, Windows Repair (All in One) is not a tool used to fix Sirefef or ZeroAccess Rootkit.
It use is meant for doing repairs after an infection is removed.