cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 41 of 80

Re: Help... Artemis!56C9EF26F88B - ZeroAccess

Jump to solution

I had posted a link to CleanBoot 2.0, in my rather large post above. PM me if you are having trouble getting to it.  I'd really like to help you out.

Highlighted
Level 7
Report Inappropriate Content
Message 42 of 80

Re: Help... Artemis!56C9EF26F88B - ZeroAccess

Jump to solution

A big thank you to everyone who is trying to get this problem ASAP.

Unfortunately for me this has been going on for over a week now... (I didn't make this thread straight away as I was trying to find a fix on my own first)... So I wiped the hard-drive of my computer, reseting it back to factory settings... I made a back up yesterday (separate to my backup which is older) if any of those files I saved were infected I will do it again and then wait a month or two so that I know there is a fix for it. Reinstalling everything will actually take me less time than the time I have spent scanning with this tool or that scanner over the last 2 weeks, which is time I dont have now that my holidays are at an end...

Thank you for all your help so far, and I hope that you are able to solve it fairly quickly for all those people who have more patience than I do. Unfortunately I've just got things to do that I can't do on an unsecure computer, that I really need to do before I head back to work on Monday.

Message was edited by: lozah on 07/10/11 05:05:50 CDT
Highlighted

Re: Help... Artemis!56C9EF26F88B - ZeroAccess

Jump to solution

Well I finally fixed this issue. After losing several very expensive days and the problem becoming more and more entrenched and damaging I wiped my laptop clean and restored the factory image. Now the virus is gone. So I'll spend even more time reinstalling apps and backed up data and, of course, have still lost settings, configurations, and data. After several conversations with my trusted IT professionals and in my own judgement I don't see McAfee resolving this anytime soon and am not confident it would ever be completely gone. I certainly don't trust them to protect my network anymore. As has been noted above this has been around and has only gotten worse. So I'm done with McAfee as is my company with many laptops to protect. My sympathy to the rest who've suffered here. I definitely decided it was time to cut and run. Best of luck

Highlighted
Level 7
Report Inappropriate Content
Message 44 of 80

Re: Help... Artemis!56C9EF26F88B - ZeroAccess

Jump to solution

Its a shame what you had to go through to repair your equipment.  If you have read my postings you can see that I mentioned for people to cut their loses and move on.  Its unfortunate, that McAfee knew of this issue and instead of coming out with a patch - they want to give users an essay of steps to follow that I know would be confusing to a novice user.  I hope that the reinstallation goes smoothly with no more mishaps.  As for McAfee...well I believe that faith, trust and hope have all been destroyed.

Highlighted
Level 7
Report Inappropriate Content
Message 45 of 80

Re: Help... Artemis!56C9EF26F88B - ZeroAccess

Jump to solution

David, I would like to commend you on an effort to rectify this situation.  However, you lenghty post is jibberish to a novice user.  Is anyone working on a patch?  Keep it simple.  There are many levels of users reading these post and you do not want to further complicate matters by having them TRY to follow your LENGHTY solution.  Again, kiss it.  Keep it Simple.

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 46 of 80

Re: Help... Artemis!56C9EF26F88B - ZeroAccess

Jump to solution

I appreciate your perspective, but I want to ensure you understand how complicated this really is. That post is obviously only useful to the ones that understand it. To the rest, it will hopefully serve to show we are trying towards a solution, and not just sitting on the beach with all your hard earned money

It's not your everyday malware.  We are adding these files I've harvested from this thread into the dats, which will help out a great deal. And have also connected with some of the users in this thread, to try to get to the bottom of the issue.  Unfortunately, there is no magic bullet as of yet.  If I had a fix, I'd send it to ya

It's just not a simple as sending out a patch.  But, we'll keep working on it for you, and at somepoint, it'll be behind you.

I'll keep working on it.

Highlighted

Re: Help... Artemis!56C9EF26F88B - ZeroAccess

Jump to solution

The first problem that I ran into was OpenCloud Security.  Since that got past McAfee, I looked to other tools to remove it.  Malwarebytes was able to make my computer usable again, but apparently it didn't clean up everything.  I have noticed the problem with the firewall (it wouldn't stay turned on), I have seen McAfee report numerous trojans (probably all that have been listed in this discussion), I get occasional blue screens and most recently, I've noticed that Real Time Scanning is sometimes turned off.

I've started working through your lengthy procedure.

I rebooted in safe mode.

I ran MSCONFIG and unchecked Load Startup Items.

I restarted.

I tried to run the Rootkit Remover, but like everyone else here, I am running 64 bit Windows 7 and the RootKit Remover wouldn't run.

I ran GMER version 1.0.15.15641.  I unchecked Files and selected Options and then IRP Hooks.  Most of the GMER checkboxes are unchecked and disabled.  Your image of the GMER screen looks quite different from mine.  You have System, Sections, IAT/EAT and Devices checked.  These options are disabled for me.  When I click Scan with the limited options available, it finds nothing.

I also tried to get a copy of CleanBoot, but since I don't have a Grant number, I couldn't download it.

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 48 of 80

Re: Help... Artemis!56C9EF26F88B - ZeroAccess

Jump to solution

Thanks for running through it Beagle123. I'll continue to use this information to fine tune the post.

I'm curious, when you run GMER, and you click on the "files" tab. Do you see this folder?  c:\windows\assembly\tmp 

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 49 of 80

Re: Help... Artemis!56C9EF26F88B - ZeroAccess

Jump to solution

dmeier wrote:

  It's not your everyday malware.  

It certainly isn't. Zero Access is a nasty piece of work. For the technically minded, there is a description of how it works at http://blog.webroot.com/2011/07/19/zeroaccess-gets-another-update/  (all right, I know that W*br**t is a rival company, but this sort of information needs to be shared). There's also an ongoing discussion about it on the Wilders Security Forum, where they haven't yet heard the news about it infecting 64-bit systems.

Rootkit.Sirefef (also known as ZeroAccess) :  64-bit operating systems are not affected by Rootkit.Sirefef

- this is going to be an unpleasant surprise to those who thought that 64-bit systems were immune from infection.

Edit : this is a quick overview of Zero Access, from the pchubs.com blog -

ZeroAccess is an extremely dangerous malware parasite also known to be a rootkit. ZeroAccess may infiltrate a computer through security holes or vulnerability within outdated software. Once a system is infected with ZeroAccess, it may open it up to remote sources where additional malware may be ported onto the computer. Because ZeroAccess has rootkit capabilities, it may hide from detection applications and spread other fake applications. ZeroAccess may be detected and removed only through a spyware removal tool that has the ability to destroy rootkit applications.

If anyone is thinking that a rival product like Norton would offer a better defence against this than McAfee, then think again. Zero Access is well able to protect itself from normal antivirus scanning, and Norton's fares no better against it. McAfee is taking this one very seriously indeed, but it's a tough one to deal with.

Message was edited by: Hayton on 06/10/11 02:20:19 IST
Highlighted

Re: Help... Artemis!56C9EF26F88B - ZeroAccess

Jump to solution

Yes, in GMER, when I click on the Files tab, I can drill down to c:\windows\assembly\tmp in the left pane of the window.  When I click on tmp, I see the following in the right pane:

00000001.@

00000002.@

000000c0.@

000000cb.@

000000cf.@

80000000.@

80000032.@

80000064.@

800000c0.@

800000cb.@

800000cf.@

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community