2 Replies Latest reply on Sep 1, 2012 6:14 PM by clueless1

    trojan horse ZeroAccess

      Recently I receive the message that McAfee removed a trojan horse (ZeroAccess) and that I don't need to take any actions and the computer is safe. But that message keeps showing up every 2 minutes...

      If I do a complete scan, there are no items found.

      I allready removed the items in quarantine, but that didn't work and every time I try to go to the programs in quarantine McAfee seems to freeze completely.

       

      Is my computer really safe? And how do I remove that trojan horse for good?

        • 1. Re: trojan horse ZeroAccess
          exbrit

          Moved to Top Threats.  Check this thread for suggestions:  https://community.mcafee.com/message/245306#245306

           

          Basically try System Restore to before it all started.   If necessary you can initiate it in Safe Mode.  If successful temporarily disable SR to get rid of the infected restore point.

           

          Run Stinger and Malwarebytes Free from this link:  https://community.mcafee.com/docs/DOC-2168

          • 2. Re: trojan horse ZeroAccess

            I had the (ZeroAccess) issue and whilst McAfee Internet Security suggested it removed a trojan horse (sometimes every few minutes) the problem did not go away.

            A warning for others is that a full McAfee scan reported no problems either!


            The first thing I do is isolate my device from the internet.

            I did a Windows System restore to a SR point a few days before the problem manifested itself.
            I ran MacAfee GetSusp, not particularly helpful for this problem, just a long list of allegedly suspicious files, but all seem reasonable.

            I ran MacAfee RootkitRemover, it mentions it deals with ZeroAccess but in my case it said no problems reported, however......

             

            Then I ran MacAfee Stinger and it found the ZeroAccess trojan and deleted it

            C:\WINDOWS\assembly\GAC\Desktop(2).ini

                 Found the ZeroAccess trojan !!!

            C:\WINDOWS\assembly\GAC\Desktop(2).ini is infected with the ZeroAccess virus !!!

            C:\WINDOWS\assembly\GAC\Desktop(2).ini has been deleted.

            C:\WINDOWS\assembly\GAC\Desktop.ini

                 Found the ZeroAccess trojan !!!

            C:\WINDOWS\assembly\GAC\Desktop.ini is infected with the ZeroAccess virus !!!

            C:\WINDOWS\assembly\GAC\Desktop.ini has been deleted.

             

            I also ran MAlware Bytes' Anti-Malware and it deleted(quarantined) two further registry keys and two files, these do not appear related to ZeroAccess issue, but show one product may not capture every issue you have!.

             

            Connected back up to Internet and all seems to be good.