We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
ZeroAccess rootkit removal (XP)
chunter
Posts: 2,020 Forumite
in Techie Stuff
Anybody got a definitive procedure for removing the ZeroAccess rootkit on XP?
It's the 3rd time I've seen it three weeks.
It's the 3rd time I've seen it three weeks.
0
Comments
-
Ex forum ambassador
Long term forum member0 -
Na, combofix loops in a 'reboot for rootkit removal' and then crashes out and goes back to square one.
TDSS killer finds two problems:
i) fsusbexdisk
ii) device/harddisk0/DR0
I asked TDSS removed both.
I ran combofix again after that and it's still picking it up and going into its reboot loop.
The first time i encountered it, I tried a host of antivirus programs but eventually reformatted.
Even went for the fixboot fixmbr.0 -
tried rkill before running cf??......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0 -
Look for a malicious service loading under the netsvcs group. Boot the RC, take out that service & the service dll + then replace the infected driver - then run your cleanup tools with windows booted normally.
http://www.threatexpert.com/report.aspx?md5=32d78a59abf09258c33e4095924757ac
http://www.threatexpert.com/report.aspx?md5=c9add47cd8008e9706e2fd2b3ab9613f
http://www.threatexpert.com/report.aspx?md5=63fe01015f4ceb19c9b64ad0bccc723b0 -
Got it i think. combofix run a couple more loops and actually finished.
Combofix removed a batch of GoogleUpate / Toolbar files as well as other stuff.
Back on internet, running a full kaspersky on it.
Different from original encounter. Steps taken here allegedly removed it but complete messed up all my network settings and no amount of "fixes" would get me back on the internet.
Maybe combofix and tdsskiller are better at dealing with it now.0 -
Unless the system is desperately mission critical, I would backup everything important and do a total format and reinstall of Windows.
Before copying or installing any files from your backup, it would be very wise if you completely scanned your backup for any viruses using a computer known to be virus free, or using the reinstalled Windows system.0 -
poppellerant wrote: »Unless the system is desperately mission critical, I would backup everything important and do a total format and reinstall of Windows.
THIS. The only way to be sure you've got rid of a rootkit is to scrub the drive, not just format it, and start again.
OP if it is you who've been infected 3 times in a week you may want to look at Linux.
0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.7K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.7K Work, Benefits & Business
- 600.1K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards