cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

New trojan-Generic.grp!jl constant reinfection-help

Hi. I'd be really grateful for help on this.

My realtime scanner showed Zero Access and Generic.grp!jl had infected the PC after a Flash update.

McAfee removed both...allegedly!

Generic.grp!jl kept flashing up every 3 to 4 minutes.

I ran virus scanner-showed nothing.

My firewall started switching off.

I ran the McAfee Virtual Technician-nothing.

I ran McAfee Stinger-nothing.

I continued to get the generic.grp!jl had been found message.

I ran MalwareBytes Anti Malware-it found a false alert trojan and removed it.

I've done all the stuff with deleting system restore points. I've run MBAM and McAfee again multiple times and have also done a clean re-install of McAfee, all to no avail as the generic.grp!jl keeps popping up every 3 to 4 mins.

Help........................

8 Replies
Highlighted

Re: New trojan-Generic.grp!jl constant reinfection-help

https://community.mcafee.com/message/245586#245586

Similiar problem the solution was reformat.

Some other choices in the thread as well. The new variants are hard to shake.

Try an old restore point if necessary try it in safe mode. Whoops you deleted them sorry missed that.

Message was edited by: Peacekeeper on 3/07/12 8:10:11 PM
Highlighted

Re: New trojan-Generic.grp!jl constant reinfection-help

Thanks for fast reply-much appreciated!

I have backed up to an external h/d-is this likely to be infected also? If so, how to reinstate data in non-infected manner?

Thanks,

Highlighted

Re: New trojan-Generic.grp!jl constant reinfection-help

Depends are you saying you have a backup on the external drive or just copied important files there?

if a backup and it is before this issue occurred might be a good idea to try it

http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=562354

There is a removal tool for zero access in this link but may need updating . We have informed the lab manager re this but could help as well.

Highlighted

Re: New trojan-Generic.grp!jl constant reinfection-help

Thanks Tony-it's   just files I copied there. I'll try the link but  I suspect it's not going to be up to date enough. Now that the system has been compromised a load of other viruses have flooded in and my PC has been severly compromised. It seems McAfee is not functioning. I'd appreciate if there were an update for removal from the lab.

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 6 of 9

Re: New trojan-Generic.grp!jl constant reinfection-help

I've made the labs aware that the published information needs updating. I don't doubt that they're busy coping with the latest batch of ZeroAccess variants : at the last count I saw over 600 varieties mentioned in the threats database. There isn't an entry in there yet for the Trojan (Generic.grp!jl).

I'm looking into this and will post in one of the running threads if I find anything.

Highlighted

Re: New trojan-Generic.grp!jl constant reinfection-help

Thanks a million!

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 9

Re: New trojan-Generic.grp!jl constant reinfection-help

I also got stung by ZeroAccess last weekend.  McAfee Virus Removal team was successful in removing the culprit that continued spawning the new trojans.  www.mcafee.com/virusremoval  I'm clean now.

One free app that I've heard is doing a good job at removing rootkits like the one behind ZeroAccess is HitmanPro. 

If that doesn't do the trick, you may need to let the Virus Removal experts go to work on your PC.  At $89.95, McAfee is still the lowest priced player amongst reputable companies.

Product Manager, McAfee Consumer Software
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 9 of 9

Re: New trojan-Generic.grp!jl constant reinfection-help

The McAfee database contains 674 entries for ZeroAccess and I have no idea which of those are recent additions. It would be nice to have an option in the search area to filter results by date.

The Threat Advisory and the analysis of ZeroAccess.a (which is what Peacekeeper's link above takes you to) recommend (among other steps) running GMER and Stinger. I don't know whether that's enough for the latest variants. At least there's a backup program to try (Hitman Pro, recommended by a couple of posters to these threads as being effective).

I think the ZeroAccess documentation may still be awaiting an update. Sam Swift has this in hand, I believe.

News on the latest variants :

http://nakedsecurity.sophos.com/2012/06/06/zeroaccess-rootkit-usermode/

http://www.f-secure.com/weblog/archives/00002385.html

http://blog.eset.com/2012/06/25/zeroaccess-code-injection-chronicles

http://hitmanpro.wordpress.com/2012/06/25/zeroaccess-from-rootkit-to-nasty-infection/

"The latest incarnation of ZeroAccess successfully merged its 32-bit and 64-bit code base into a new variant which is both hard to detect and hard to remove."

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community