Hi. I'd be really grateful for help on this.
My realtime scanner showed Zero Access and Generic.grp!jl had infected the PC after a Flash update.
McAfee removed both...allegedly!
Generic.grp!jl kept flashing up every 3 to 4 minutes.
I ran virus scanner-showed nothing.
My firewall started switching off.
I ran the McAfee Virtual Technician-nothing.
I ran McAfee Stinger-nothing.
I continued to get the generic.grp!jl had been found message.
I ran MalwareBytes Anti Malware-it found a false alert trojan and removed it.
I've done all the stuff with deleting system restore points. I've run MBAM and McAfee again multiple times and have also done a clean re-install of McAfee, all to no avail as the generic.grp!jl keeps popping up every 3 to 4 mins.
Similiar problem the solution was reformat.
Some other choices in the thread as well. The new variants are hard to shake.
Try an old restore point if necessary try it in safe mode. Whoops you deleted them sorry missed that.Message was edited by: Peacekeeper on 3/07/12 8:10:11 PM
Thanks for fast reply-much appreciated!
I have backed up to an external h/d-is this likely to be infected also? If so, how to reinstate data in non-infected manner?
Depends are you saying you have a backup on the external drive or just copied important files there?
if a backup and it is before this issue occurred might be a good idea to try it
There is a removal tool for zero access in this link but may need updating . We have informed the lab manager re this but could help as well.
Thanks Tony-it's just files I copied there. I'll try the link but I suspect it's not going to be up to date enough. Now that the system has been compromised a load of other viruses have flooded in and my PC has been severly compromised. It seems McAfee is not functioning. I'd appreciate if there were an update for removal from the lab.
I've made the labs aware that the published information needs updating. I don't doubt that they're busy coping with the latest batch of ZeroAccess variants : at the last count I saw over 600 varieties mentioned in the threats database. There isn't an entry in there yet for the Trojan (Generic.grp!jl).
I'm looking into this and will post in one of the running threads if I find anything.
I also got stung by ZeroAccess last weekend. McAfee Virus Removal team was successful in removing the culprit that continued spawning the new trojans. www.mcafee.com/virusremoval I'm clean now.
One free app that I've heard is doing a good job at removing rootkits like the one behind ZeroAccess is HitmanPro.
If that doesn't do the trick, you may need to let the Virus Removal experts go to work on your PC. At $89.95, McAfee is still the lowest priced player amongst reputable companies.
The McAfee database contains 674 entries for ZeroAccess and I have no idea which of those are recent additions. It would be nice to have an option in the search area to filter results by date.
The Threat Advisory and the analysis of ZeroAccess.a (which is what Peacekeeper's link above takes you to) recommend (among other steps) running GMER and Stinger. I don't know whether that's enough for the latest variants. At least there's a backup program to try (Hitman Pro, recommended by a couple of posters to these threads as being effective).
I think the ZeroAccess documentation may still be awaiting an update. Sam Swift has this in hand, I believe.
News on the latest variants :
"The latest incarnation of ZeroAccess successfully merged its 32-bit and 64-bit code base into a new variant which is both hard to detect and hard to remove."