3 Replies Latest reply on Aug 20, 2012 2:50 PM by Peter M

    System Restore and ZeroAccess Trojan

      I made the mistake of falling for the adobe flash update and got the zeroaccess Trojan and two other related ones, but my question is that I immediately realized what I did and attempted a system restore to a point nearly a month ago, the restore was successful but at one point it seemed to be frozen on initializing and I held the power down button and when I hit it again to turn it back on it came right back up to the restore and moved on to the removing registries and finished successfully. My first question, is this normal and was the restore really successful as it appears to be or was I tricked by the Trojans? I did the whole NETSH Reset thing in CMD and it said it was successful, and I ran a full mcafee scan and it found nothing... Also the firewall is working without problems now and I am no longer getting the mcafee found the Trojans and removed them constantly messages...BUT my concern is.... Is it REALLY gone with just a system restore? (since it was in the rookits and registries? Can a system restore remove it successfully? I keep reading that only a full scale recovery can prevent it from reawakening again if it is still hidden somehow.... I am especially concerned because of the ability of the hackers to access my computer and it's data... I don't want passwords or bank info stolen and I'm afraid to log onto those types of websites again for that reason (even though everything appears ok). I'm running windows 7 64 bit if that helps too! Thanks for your answers

        • 1. Re: System Restore and ZeroAccess Trojan
          Peter M

          If Windows told you that System Restore was successful then it was and there should also be a record of it in both the SR window and in Event Viewer.   You are lucky it worked as SR can be notoriously temperamental.    Everything will have to be updated now, Windows and McAfee, which could explain the firewall issue.  It wont be totally out of the system until you destroy that restore point by temporarily disabling System Restore.   Turning it off for a minute or two should be enough.

          I've used it many times to escape a similar issue, even resorting to booting into Safe Mode to initialize it sometimes.

          Adobe Updater does appear occasionally asking me if I want to update and am a little leery of it since several reports of malware masquerading as such but thus far I've been lucky.  Go to Adobe.com and make sure Flash, Shockwave and Reader if applicable, are up to date.   Also go to Java.com to make sure that is up to date.   You don't mention your systrem and service pack but I assume that's the latest and above all, even if you don't use it, make sure that Internet Explorer is the latest and up to date.   Many processes use it behind the scenes, McAfee included, and an unpatched version even if unused could provide a back door to malware.

          If your McAfee continues to act up try using the Virtual Technician to see if it fixes anything: http://mvt.mcafee.com/ and if that fails to fix, Technical Support is a free phone call or online chat away.

          Run a few tools from the following page if you are still unsure, such as Stinger and Malwarebytes Free:  https://community.mcafee.com/docs/DOC-2168

          • 2. Re: System Restore and ZeroAccess Trojan

            So far, so good...reverting to a 2 week old sytem restore point has fixed what nothing else could.  Even the rootkit remover cheerfully popped up a "nothing their" message. 

            Only going back a in time seems to have done the trick.  Thanks for the fix!


            Message was edited by: dcandrews on 8/20/12 2:47:52 PM CDT
            • 3. Re: System Restore and ZeroAccess Trojan
              Peter M

              That;s good.  Now make sure you update everything.