In excess of 30 files were found to be infected. None could be repaired so they were all deleted. Unfortunately, they were almost all executables associated with services automatically starting at Windows initialisation. The effect was that the system took some 15 minutes before it could be used at all and then, obviously, several things wouldn't work. The system was delivered with Windows pre-installed so I have no installation disk to use for a repair install. All I can do is a total re-install.
ZeroAccess / Sirefef.ER Nightmare
- Thread starter SaltyOldDog
- Start date
Combined Replies:-
bbbbweb; Yes, I've got one or three of those. What do you suggest?
jamescv7; Indeed the preinstalled OS does come with those features but using it removes anything else that's been installed over several years.
Thanks for your input.
bbbbweb; Yes, I've got one or three of those. What do you suggest?
jamescv7; Indeed the preinstalled OS does come with those features but using it removes anything else that's been installed over several years.
Thanks for your input.
Thanks folks. The reason I posted was not so much to get help but to make people aware that following the recipe on the Thread-How-to-completely-remove-ZeroAccess-Sirefef-rootkit-Removal-Guide wasn't necessarily going to result in a successful outcome.
As far as staying safe on line is concerned, I tend not to have problems myself as I'm fairly aware of the need to be risk-averse. The system with the problems belongs to a son-in-law. It's back working again but, because there was no installation disk, it's in the state it came out of the factory about six years ago as far as the software installation is concerned. And, yes, I did do a backup before I started so I could restore his data - not just 'My Documents' but C:\Documents & Settings\{username} & C:\Documents & Settings\Allusers so I could recover cookies, favourites, the desktop, Outlook Express data etc. etc. You have a bit selective in what you restore though or you can end up needing to go through the whole process again. (Norton Ghost 2003 can still be useful!)
As far as staying safe on line is concerned, I tend not to have problems myself as I'm fairly aware of the need to be risk-averse. The system with the problems belongs to a son-in-law. It's back working again but, because there was no installation disk, it's in the state it came out of the factory about six years ago as far as the software installation is concerned. And, yes, I did do a backup before I started so I could restore his data - not just 'My Documents' but C:\Documents & Settings\{username} & C:\Documents & Settings\Allusers so I could recover cookies, favourites, the desktop, Outlook Express data etc. etc. You have a bit selective in what you restore though or you can end up needing to go through the whole process again. (Norton Ghost 2003 can still be useful!)
- Jan 24, 2011
- 9,378
Did you try to Cure the detected files?
In fact to remove a ZerroAcces rootkit you also need to run Combofix (Usually 2 times)... However I'm not sure that this should go in a do-it-yourself guide .. This is why I did not added this step into the guide..
Did you manage to remove the rootkit?
In fact to remove a ZerroAcces rootkit you also need to run Combofix (Usually 2 times)... However I'm not sure that this should go in a do-it-yourself guide .. This is why I did not added this step into the guide..
Did you manage to remove the rootkit?
Unfortunately, none of the routes we tried to get rid of the infection (AVG & Trend Micro Housecall with the HDD connected to another system and the Kaspersky emergency boot on the infected system) offered a cure - only quarantine & delete. Hence the eventual decision to go back to the factory settings when we found how crippled the OS had become. At that point, tracking down the rootkit had become redundant.
- Jan 24, 2011
- 9,378
Would've been interesting to see how Combofix at work.....Nevertheless I do think that you made the right choice ...The ZeroAccess rootkit is very aggressive and to be completely fair it's best just to do a reformat and save yourself the time.
Did you secure the PC to prevent future infections?
Recommended forum for your next post : http://malwaretips.com/Forum-Security-Configuration-Wizard
Did you secure the PC to prevent future infections?
Recommended forum for your next post : http://malwaretips.com/Forum-Security-Configuration-Wizard
Similar threads
- Question
