3 Replies Latest reply: Dec 30, 2011 4:36 AM by kuttus RSS

    How to get rid of this trojan?

    bsd

      Hai,

       

      I am using McAfee  Antivirus Plus full version. Recently my laptop detected 2 trojans - "ZeroAccess.b" infected at C:\windows\assembly\GAC_64\Desktop.ini and " "ZeroAccess.b" infected at C:\windows\assembly\GAC_64\Desktop.ini. McAfee detected these 2 trojans, but it showed the status as Quarantine failed, for both these trojans. My McAfee is upto date.

       

      When I went and saw the infected location I never found the file GAC_64\Desktop.ini so that I could have deleted them.

       

       

      Please suggest me how to remove this trojan from my laptop. I am using windows 7 genuine version.

       

      Looking forward for your reply.

       

      Thanking you,

      BSD

        • 1. Re: How to get rid of this trojan?
          THIERRY PENHOAT

          Hi bsd,

          i have exactly the same problem. did you manage to fix it ?

          • 2. Re: How to get rid of this trojan?
            Ex_Brit

            Moved to Malware Discussion > Home User Assistance.

             

            These infections should be removable using up to date VirusScan.  If necessary boot into Safe Mode and re-scan by opening Computer (My Computer in XP) and right-clicking the hard drive and selecting 'Scan'.    You'll see an animated icon near the system clock as the SecurityCenter does not open in Safe Mode.  

             

            If that fails to remove them, download, install, update (important) and run a full scan using the FREE version of THIS software.

            • 3. Re: How to get rid of this trojan?
              kuttus

              There may be one more infection assosiated with it. . To check it's presence you have to do one thing.

               

              In Windows XP

              ----------------------

               

              Click on the start meanu and press on Run.

              Inside the Run window type CMD and press on Okay.

              In the black Command Window type

              NETSH WINSOCK RESET and hit on enter.

               

              If you get a message

              "Sucessfully reset the Winsock Catalog.

              You must restart the machine in order to complete the reset." then you are safe.

              If not your computer is infected.

               

              Steps - 1

               

              Try the above steps.

               

              Steps-2

               

              Ping.exe is a infection. To fix this run a SIGVERIF on the compuiter. For that Click on Start Menue -> Click on Run -> Type SIGVERIF and press on Ok.

              Follow the instructions.

               

              It will detect one infected *.sys  file. You have to replace that file from the recovery console.

               

              The other solution to fix it is a Fresh Installation.

               

              In Windows Vista and Windows 7

              --------------------------------------…

               

              Click on the Start Menu and in the Search box type CMD

              At the top you can see a CMD file. Just right click on that file and select Run as

               

              Administrator.

               

              In the black Command Window type

              NETSH WINSOCK RESET and hit on enter.

               

              If you get a message

              "Sucessfully reset the Winsock Catalog.

              You must restart the machine in order to complete the reset." then you are safe.

               

              If not your computer is infected. In windows Vista and Windows 7 a successful system restore

               

              will fix the issue. Try a system restore to a good point.

               

              After a successful system restore try to do the same step again.

              If you got the message "Sucessfully reset the Winsock Catalog.

              You must restart the machine in order to complete the reset." your computer is safe and secure.