1 Reply Latest reply on Aug 6, 2012 2:24 PM by Peter M

    Zero Access Trojan- Do not know how to remove it!

      My laptop (running Windows 7 home premium 64-bit) has been infected with Zero Access Trojan (as reported by McAfee). McAfee detected it & mentioned the following location (c:\windows\assembly\GAC_64\desktop.ini). However it could not fix or remove the file.


      The internet access got disabled. McAfee's firewall got disabled & Microsoft Security Essentials service itself has been removed & is no longer running. Windows firewall config has also been disabled/hijacked. I read other threads on this Trojan & first ran RKill & then tried using McAfee's RootkitRemover & Stinger followed by Malwarebytes Anti-Malware, Symantec's FixZeroAccess & Kaspersky's TDSSKiller. None of these could report anything or fix it (I ran all of these as administrator in normal & safe mode with networking).


      Later from reading another thread i tried using RogueKiller (by Tigzy) to remove them. RogueKiller detected the ZeroAccess infection & showed a few registry entries & files. On deleting them as suggested & scanning again i did not find anything. Later a scan with McAfee also did not report it anymore. I also scanned with SUPERAntiSpyware & it also did not report anything except some tracking cookies which i removed as suggested.


      However i am not sure if its been completely removed as the internet access is still disabled & i cannot enable McAfee's firewall or the Windows one.


      Please help nail this one. I can attach the GMER & DDS logs if needed.


      Thanks

        • 1. Re: Zero Access Trojan- Do not know how to remove it!
          Peter M

          You are possibly clean but no guarantee of that unfortunately.  We aren't really equipped here to deal with those logs nor are we qualified but the following forum is and provides excellent help with both DDS, GMER and Hijackthis logs.

           

          http://www.bleepingcomputer.com/forums/forum22.html   Follow the instructions and of course you'll have to enroll as a member there.

           

          (This is to avoid involving McAfee's Virus Removal Service which is a chargeable service, plus although there are some volunteers here who can read those logs it's a question of them being physically here at any given moment).

           

           

           

          Message was edited by: Ex_Brit on 06/08/12 3:24:19 EDT PM