1 2 Previous Next 15 Replies Latest reply on Aug 20, 2012 10:50 AM by dcandrews

    Removal of zeroaccess variant

      We have had a rash of machines hit lately with a variant of the zeroaccess root kit.  Mcafee detected and removed it but after that, the machine became unusable.  Windows is throwing a "this copy of Windows is not genuine" error and nothing will run.  Absolutely nothing.  Not the msc console, no programs, nothing.  I get an error saying that this service is not a avalailbe when attempting to runaway anything.  I did manage to get process explorer to run but I couldn't find any likely process to terminate.

       

      Was this changed by the removal of the root kit by Mcafee or is it the root kit itself ?  Has anyone revolved this issue?  We ended up reimaging the machines, but I wonder if there is another way.

        1 2 Previous Next