Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Help remove zeroaccess rootkit
Message
<blockquote data-quote="Papirus" data-source="post: 91243" data-attributes="member: 4131"><p>OK, these were the steps that I did to follow the instructions:</p><p>0. Disable Antivirus</p><p>1. Search using ADWCleaner [attachment=2941]</p><p>2. Select Delete in ADWCleaner after the search is completed [attachment=2942].</p><p>3. Reboot (it asked for a reboot)</p><p>4. Scan using RogueKilller</p><p>5. Select Delete in RogueKiller after the scan is completed [attachment=2944]</p><p>6. Download Combofix from BleepingComputer: </p><p> http://www.bleepingcomputer.com/download/combofix/</p><p>7. Run Combofix</p><p>8. Install Recovery [attachment=2943] </p><p>9. Reboot </p><p>10. Run McAfee Rootkit remover and it somehow stills shows it is infected:</p><p></p><p>Windows build 5.1.2600 x86 Service Pack 3</p><p>Checking for updates ...</p><p></p><p>Now Scanning...</p><p> Malware Found --> ZeroAccess trojan detected!!!</p><p> --> Registry key: HKEY_CLASSES_ROOT\CLSID\{f3130cdb-aa52-4c3a-ab32-85ffc23af</p><p>9c1}\InprocServer32 ( fixed )</p><p> --> Malicious file: C:\WINDOWS\system32\wbem\wbemess.dll ( will be deleted a</p><p>fter restart )</p><p> --> Registry key: HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F</p><p>57F}\InprocServer32 ( fixed )</p><p> --> Malicious file: C:\WINDOWS\system32\wbem\fastprox.dll ( will be deleted</p><p>after restart )</p><p> ZeroAccess trojan was cleaned successfully!</p><p></p><p>Scan Finished</p><p></p><p>PLEASE REBOOT IMMEDIATELY TO COMPLETE CLEANING.</p><p></p><p>Other recommendations:</p><p> 1. Perform full scan with McAfee VirusScan product after reboot.</p><p></p><p>==================================================</p><p></p><p>I have attached all the log files from those steps above.</p><p></p><p>Thanks.</p></blockquote><p></p>
[QUOTE="Papirus, post: 91243, member: 4131"] OK, these were the steps that I did to follow the instructions: 0. Disable Antivirus 1. Search using ADWCleaner [attachment=2941] 2. Select Delete in ADWCleaner after the search is completed [attachment=2942]. 3. Reboot (it asked for a reboot) 4. Scan using RogueKilller 5. Select Delete in RogueKiller after the scan is completed [attachment=2944] 6. Download Combofix from BleepingComputer: http://www.bleepingcomputer.com/download/combofix/ 7. Run Combofix 8. Install Recovery [attachment=2943] 9. Reboot 10. Run McAfee Rootkit remover and it somehow stills shows it is infected: Windows build 5.1.2600 x86 Service Pack 3 Checking for updates ... Now Scanning... Malware Found --> ZeroAccess trojan detected!!! --> Registry key: HKEY_CLASSES_ROOT\CLSID\{f3130cdb-aa52-4c3a-ab32-85ffc23af 9c1}\InprocServer32 ( fixed ) --> Malicious file: C:\WINDOWS\system32\wbem\wbemess.dll ( will be deleted a fter restart ) --> Registry key: HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F 57F}\InprocServer32 ( fixed ) --> Malicious file: C:\WINDOWS\system32\wbem\fastprox.dll ( will be deleted after restart ) ZeroAccess trojan was cleaned successfully! Scan Finished PLEASE REBOOT IMMEDIATELY TO COMPLETE CLEANING. Other recommendations: 1. Perform full scan with McAfee VirusScan product after reboot. ================================================== I have attached all the log files from those steps above. Thanks. [/QUOTE]
Insert quotes…
Verification
Post reply
Top