0 Replies Latest reply on Jul 20, 2012 8:44 AM by shrikke

    zeroaccess variant/version stinger/malwarebytes/rootkit Internet Security Suite unable to remove

      I am an IT professional. I have 2 workstations and a laptop at home as my core "home computing" platform with servers/workstations/laptops coming and going. I recently got lazy and let a friend use my workstation for 2 min to "look something up on the internet". It turns out he got a list of sites for a certain product, ignored the "this site maybe be compromised" warning and clicked on the site and was logged in as admin, (me). About an hour later McAfee Internet Security warned me I had a virus. I did a complete scan, with reboots, etc and after about the 5th time I knew IS was not removing the trojan. The trojan reported was Zeroaccess. I went to various support sites for mcafee and followed all the directions and used ALL the tools with most current updates and even waited a few days to see if stinger/malwarebytes/rootkit might be updated for this variant so they would WORK. This did not help either. I went to McAfee tech support chat and was told to wipe my HDD or pay 80.00 for virus removal service and had my session terminated rudely. I am escallating this issue but I thought I might get help from the community of users like me faster than I might get help from a corporation since I don't have a gold support contract anymore and only contract for large firms/gov/mil etc.

      Can anyone help here? I also saw a couple scattered posts saying things like no support for 64 bit windows 7 but it's hard to tell if that's true since most of the relevant support pages are still talking about xp or vista. It's hard to believe that there is no 64 bit virus support and it's even harder to believe a company I have recommended for 25 years now appears to be telling me to pay 80.00 or wipe my hdd. If that's true I guess I need to look for another product and start giving out hick advice to customers like "just buy a new hdd, it's cheaper than buying antivirus/malware internet protection suites that don't work and then paying them 80.00 to remove the virus". I hope This is a bad week for both me and McAfee and that there is real support and I am not an idiot for recommending this and other products of McAfee's to literally 10s of thousands of folks.

       

      Please Help;

      -Shrikke

       

      Message was edited by: shrikke on 7/19/12 7:46:04 PM CDT

       

      New information: Following the instructions listed in the manditory reading malware/antivirus doc I have DL stinger again, ran it again, it hangs in the same place again: C:\windows\winsxs\amd64_mpio.inf_31bf3856 ad364e35_6.2.7600.16385... File mpio.sys mbr scaned 1 boot sectors 2 and McAfee X your computer is at risk is popping up as always, this time, for the first time it's not firewall is off it was RT scanning, which I can enable and of course Firewall is off, oh, it's winning this battle now it's taken down RT scanning again so now I am up to 2 McAfee services disabled on a product that should protect against this, and claims to provide support if product fails with updates and apparently does not. More to come. No replies after this length of time is scary have all knowlegable users left this product already?

       

      Message was edited by: shrikke on 7/20/12 12:22:18 AM CDT

       

      New Information again, almost useless; following the manditory read before posting I changed the settings on stinger as in section saying "if you're still having trouble", such as "set Heuristic sensitivity to very high" etc., this made no difference, the stinger program again hung on mpio.sys. Twelve hours and 56 reads later still no help from anyone. I should be getting paid for this and definitely not be paying for a program/service and recommending it, when the company appears to only be interested in charging for virus removal.

       

      Message was edited by: shrikke on 7/20/12 8:44:49 AM CDT