Assigned Zemana AntiMalware - Would it Install?

[Tony Cole]

Hi Everyone:

I have been using Zemana AntiMalware and find the software to be okay. I was wondering, if your computer was infected with Sirefef or other ZAccess Rootkit, would Zemana install on your PC and be able to remove the infection. They state that if you cannot remove it, they will remotely connect to your PC and remove it for you, but surly ZAccess would block any attempts?

Tony

 

[hjlbx]

Hi Everyone:

I have been using Zemana AntiMalware and find the software to be okay. I was wondering, if your computer was infected with Sirefef or other ZAccess Rootkit, would Zemana install on your PC and be able to remove the infection. They state that if you cannot remove it, they will remotely connect to your PC and remove it for you, but surly ZAccess would block any attempts?

Tony

Hello Tony,

ZAM uses the Kasperksy scan engine which is very likely to detect ZAccess/Sirefef. Kaspersky Labs seem to be fairly adept at developing generic signatures too from what I can tell.

ZAccess is classified as a driver rootkit that delivers unwanted content to browser/re-directs. See here:

https://www.f-secure.com/v-descs/rootkit_w32_zaccess.shtml

If you need absolute unquestionable evidence regarding ZAM then there is one easy way to find out ...

Procure ZAccess sample.

Download ZAM installer.

Use Shadow Defender and enter Shadow Mode.

Disable AV.

Run ZAccess sample.

Attempt ZAM install ... and if it installs attempt to detect and remove ZAccess.

Whether or not ZAM removes ZAccess, before exiting Shadow Mode re-enable your AV and run scan. Remove ZAccess if required.

Exit Shadow Mode.

Re-run your AV, MBAM, and/or HMP again just in case to verify no SD bypass ...

 

[Tony Cole]

I don't know a thing about that, and my new laptop cost just under £2500 and no way am I even attempting to install ZAccess. I just wondered, as I may, may not buy Zemana AntiMalware, if there was a situation where you were infected, would it terminate Zemana/would you be able to install it?

 

[hjlbx]

£2500 ... I'll trade you "Sight Unseen" !!

Yours for mine ... straight-up !

 

[Tony Cole]

Haha. Yes, this one has 46GB and 500GB SSD. It was a custom build. I see you use Windows Firewall, is it any good?

 

[hjlbx]

Good Lord, Tony ... !!!!!!!!

Yes. Windows firewall is sufficient as I am not Enemy-of-the-State No. 1.

Windows firewall is much better than its reputation ... which is unfortunately unjustified.

It is maligned because in its previous versions did have problems. It has since been vastly improved.

BiniSoft's Windows Firewall Control 4 is nothing more than a GUI for outbound connection monitoring.

It compliments Emsi's EAM really well.

Tony,

I should be able to obtain ZAccess/Sirefef samples.

When I do I will test ZAM against them.

I'll post results here at MT ... and PM you that I have done so.

 

[Tony Cole]

Thanks! I just downloaded Shadow Defender, and currently in Shadow Mode, kinda cool. Have excluded Kaspersky files, folders and registry keys, followed advice from website, did you do that?

 

[hjlbx]

Thanks! I just downloaded Shadow Defender, and currently in Shadow Mode, kinda cool. Have excluded Kaspersky files, folders and registry keys, followed advice from website, did you do that?

For maximum protection you do not want to exclude any files or folders.

The reason is cryptomalware. Cryptomalware will encrypt any excluded files and folders.

Even when beta testing I do not exclude Emsisoft files/folders in order to retain logs; instead I save them manually and upload them to the cloud.

When you exit Shadow Mode, your AV will auto-update at system restart...thereby regaining any updates lost when exiting Shadow Mode.

Does that make sense?

 

[Tony Cole]

Is it worth buying?

 

[hjlbx]

Yes. It sits at the top of my short-list:

Shadow Defender
Emsisoft
BiniSoft Windows Firewall Control
Revo Uninstaller Pro

 

[frogboy]

I also highly recommend Shadow Defender as well i have thrown a lot of malware at with no problems at all.

 

[hjlbx]

Tony,

Can you do me a favor?

I am only asking as you are in the unique position of having 46 GB of RAM ...

In Shadow Defender, under Mode Setting ... would you enable Write Cache to RAM by entering a value of 3000 MB and tell me if Shadow Defender behaves any differently? To fully test you have to remain in Shadow Mode until Write Cache reaches 3 GB - as indicated under System Status.

You enter the value for Write Cache to RAM before entering Shadow Mode.

 

[hjlbx]

Is it worth buying?

I also highly recommend Shadow Defender as well i have thrown a lot of malware at with no problems at all.

If I had a choice of making a single softs purchase, then it would be Shadow Defender.

It's that good.

 

[Tony Cole]

I started to use it, all was fine, I was using Shadow Mode and I rebooted and saw Kaspersky was not loading, even with the exclusions in place. I had to do a complete removal of Kaspersky, then reinstall to get it to work???? I have asked for a refund

 

[frogboy]

I would have included Kaspersky as all you would have lost in shadow mode would have been a few m/bytes of updates as you had it set up Kaspersky would have been vulnerable.

 

[emretinaztepe]

Hi Everyone:

I have been using Zemana AntiMalware and find the software to be okay. I was wondering, if your computer was infected with Sirefef or other ZAccess Rootkit, would Zemana install on your PC and be able to remove the infection. They state that if you cannot remove it, they will remotely connect to your PC and remove it for you, but surly ZAccess would block any attempts?

Tony

Hi Tony,

Great question and here is the answer: Zemana AntiMalware 2 can detect and remove *ALL* types of rootkits to name a few: Rustock, TDL3, TDL4, ZeroAccess, MebRoot, FinFisher are just some of them. All you need to do is click "Scan", wait 3-5 minutes and click "Next". You are done! It will even replace the infected system files in case one is found.

As we state in our guarantee, in case you face any issues about cleaning your PC, our engineers will help you out and clean your it for free (eventhough we never had any such request thanks to our well designed cleaning engine)

Please take a look at the screenshots below:

ZeroAccess Cleaning (3 mins 59 secs):



TDSS Cleaning (6 mins 4 secs):

 

[Tony Cole]

So, what your saying is, Zemana has the ability to install on an infected machine i.e., ZeroAccess, which we know blocks all exe's from running, especially security software. It's good Zemana has the ability to repair system files, but that's not answering my question, all you've stated is it can remove ZeroAccess and other serious infection, plus repair system files, HitmanPro can do that, but will not run on an heavily infected machine - I know my friend has currently a major infection Win32/Ramnit.A; which someone on here is going to help me/him.