cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

ZeroAccess Trojan refuses to leave. HELP

I've tried everything, from McAfee's stinger and rootkit remover, to Malwarebyte's Anti-Malware, to Hitman Pro and nothing seems to be working.

This all started a few days ago when i got hit by Live Security Platinum. I knew it was a scam so i used the stinger to get rid of it. Now i only have 2

trojans left (According to Hitman Pro). There is a tracking cookie. But, anyway, the first trojan is within my system32, its called services.exe. Its protected by the Windows File Protection, therefore, Hitman Pro says it is unable to replace it, or do anything with it. The other is assembly\GAC_32\Desktop.ini Hitman Pro says that it will be deleted when i restart the desktop, and i've tried that multiple times as well. Both of these keep popping up on my Hitman's scan. And now a tracking cookie is showing up as well. Someone please help. I have Windows 7, 64 bit.

4 Replies
Highlighted

Re: ZeroAccess Trojan refuses to leave. HELP

I just tried Malwarebytes Anti-Malware's chameleon and  it tells me nothing is wrong, as in there is no virus. Hitman Pro, however, keeps telling me that 2 of them are still there (the 2 aforementioned ones). And whilst this is going on, Mcafee keeps telling me taht there has been a trojan found and to restart the desktop so that they can kill it. Help soon. Please.

Highlighted
Level 9
Report Inappropriate Content
Message 3 of 5

Re: ZeroAccess Trojan refuses to leave. HELP

Please make sure you cleaned all your cacee files.. cookies, temps, internet temps

One thng i noticed will all my zero access is a folder created under the Windows\installer which is also located under the User profile\app data. The folder names can be random and the font used is different then what is used with the other windows\installer folder names. remove any suspicious looking folders like this  ( always make a back-up first)

Similar to this foldfer name  - it can start with a letter as well.. this is the first number one i found as the others had started with the letter C  {6656b880-b899-5422-f6d7-e212845d7584}

The font tends to be smaller than the others

Highlighted
Level 9
Report Inappropriate Content
Message 4 of 5

Re: ZeroAccess Trojan refuses to leave. HELP

oh dang  i got caught be the date thingy again...  SMH (shakin my head)

Highlighted

Re: ZeroAccess Trojan refuses to leave. HELP

Hello

Hitman pro will not delete services.exe, it`s a Windows core file. It can try to disinfect, otherwise you`ll need a clean copy of services.exe, which you should be able to locate within the dllcache, which is also found in system32 folder. Have the services.exe file found(if any) in dllcache checked at virustotal: or you could send the infected services.exe file to the lab and they should be able to furnish you with an extra.dat to disinfect the infected services.exe.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community