cancel
Showing results for 
Search instead for 
Did you mean: 

ZeroAccess trojan removal has broken several applications Windows XP SP3

The other day McAfee removed the ZeroAccess trojan and then I started having trouble with several systems.  Windows Media player keeps popping up a box stating that it can't be opened, Help and Support isn't working and neither is System Restore.  I have tried Google search and someone suggested that it may have modified a restore file, but I checked the history and did not find that to be the case.  Any ideas?

3 Replies
Highlighted
Reliable Contributor Hayton
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: ZeroAccess trojan removal has broken several applications Windows XP SP3

ZeroAccess often comes with other malware - you don't say if that's all that was removed by McAfee. It's likely that the malware attempted to (or actually managed to) modify a number of critical system files and registry settings.

First things first : run Rootkit Remover. ZeroAccess is a complicated piece of malware and removal by the standard McAfee program might have been incomplete, especially as there are many variants of ZeroAccess in circulation.

Then run a McAfee scan - I'd recommend a full scan, but a quick scan might be enough - and follow that with a scan by at least one other AV vendor. Personally I would choose both Microsoft's Safety Scanner and Malwarebytes Free, but there are plenty of others to choose from. The reason for the extra scans is that if hidden malware has been installed it sometimes takes several attempts to clear it all, and using different AV scanners increases your chances of finding it all.

When you've done that, cleaning up the temp directories with something like CCleaner might be a good idea in case the malware has dropped executables in those places.

And finally, I would advise that you run sfc /scannow so that any system files modified by the malware can be restored to their original versions.

As for the applications, if they still have problems after all the above is done you might still have a residual malware infection; alternatively the apps may just have been messed up by ZeroAccess. A full or partial system re-installation may be necessary, it's hard to say at this point.

Reliable Contributor Hayton
Reliable Contributor
Report Inappropriate Content
Message 3 of 4

Re: ZeroAccess trojan removal has broken several applications Windows XP SP3

This has been moved out of Virus & Spyware Protection into  Security Awareness / Top Threats. There are a number of other threads there about ZeroAccess and information and advice in some of the posts may be helpful to you.

Re: ZeroAccess trojan removal has broken several applications Windows XP SP3

First, let me say thank you for taking the time to read and respond to my post. Second, let me say sorry for placing this in the incorrect location. Thank you for correcting it.  I had reviewed the other posts about this virus and perfomed the fixes suggested but none resolved my issues. That is why I decided to post this. Thank you for your advice. I am doing as you suggest now.  I am pretty picky about what I allow to be placed on any of my computers, but my little cousin, whom I allow to play some internet games must have downloaded something because I found Google Chrome on it and I had not downloaded it myself. So I will have to tighten that up.

Message was edited by: saunddj on 1/17/13 11:31:47 AM CST

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community