Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Help remove zeroaccess rootkit
Message
<blockquote data-quote="Papirus" data-source="post: 94440" data-attributes="member: 4131"><p>OK, I did the following steps to check the MBR and other Rootkit problems:</p><p></p><p>1. Run aswMBR while Adaware and MalwareByte were also running. It found suspicious tpkd.sys file as shown in the log here. [attachment=3064]</p><p>2. Upload the tpkd.sys file into Virus Total web site and re-analyze the file. No virus is found as shown in the review page here. [attachment=3065]</p><p>3. Run MBAR and it could not open the folder due to encryption problems. I suspect it was caused by locking issues with other antivirus programs.</p><p>4. Ad-aware completed the full scan and found one malware in the system (but it is not tpkd.sys file). I cleaned the malware. However, MalwareByte become hung while SBAMsvc.exe is taking over the CPU usage. The PC system became so slow and all CPU usage went to the system idle now after a while. </p><p>5. I run McAfee rootkit remover but no virus found. However, the system was really slow like when I first found the zeroaccess rootkit in the system. System shutdown took about 5 minutes to complete....really slow.</p><p></p><p></p><p>6. The next day, I run MBAR again but this time I closed all programs including Ad-aware real time protection. One malware is found as shown here. [attachment=3066] and [attachment=3067]</p><p>7. Cleaned the malware (including created restore point prior to the cleaning).</p><p>8. Reboot the PC.</p><p>9. Then I run aswMBR again (Adaware is disabled). This time it does not show any potential malware as shown in the log here. [attachment=3068]</p><p></p><p>I have also completed running MalwareByte quick scan with no virus found. I am running the full scan now.</p><p></p><p>BTW. When I run Comodo full scan with Ad-aware real time protection running in the background, Comodo tagged both Adaware.exe and SBAMsvc.exe as malware. Is this a real malware or false positive finding?</p><p></p><p>Thanks.</p></blockquote><p></p>
[QUOTE="Papirus, post: 94440, member: 4131"] OK, I did the following steps to check the MBR and other Rootkit problems: 1. Run aswMBR while Adaware and MalwareByte were also running. It found suspicious tpkd.sys file as shown in the log here. [attachment=3064] 2. Upload the tpkd.sys file into Virus Total web site and re-analyze the file. No virus is found as shown in the review page here. [attachment=3065] 3. Run MBAR and it could not open the folder due to encryption problems. I suspect it was caused by locking issues with other antivirus programs. 4. Ad-aware completed the full scan and found one malware in the system (but it is not tpkd.sys file). I cleaned the malware. However, MalwareByte become hung while SBAMsvc.exe is taking over the CPU usage. The PC system became so slow and all CPU usage went to the system idle now after a while. 5. I run McAfee rootkit remover but no virus found. However, the system was really slow like when I first found the zeroaccess rootkit in the system. System shutdown took about 5 minutes to complete....really slow. 6. The next day, I run MBAR again but this time I closed all programs including Ad-aware real time protection. One malware is found as shown here. [attachment=3066] and [attachment=3067] 7. Cleaned the malware (including created restore point prior to the cleaning). 8. Reboot the PC. 9. Then I run aswMBR again (Adaware is disabled). This time it does not show any potential malware as shown in the log here. [attachment=3068] I have also completed running MalwareByte quick scan with no virus found. I am running the full scan now. BTW. When I run Comodo full scan with Ad-aware real time protection running in the background, Comodo tagged both Adaware.exe and SBAMsvc.exe as malware. Is this a real malware or false positive finding? Thanks. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
