Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
2369 Views 8 Replies Latest reply: Apr 11, 2013 7:48 AM by tschwab05 RSS
tschwab05 Newcomer 4 posts since
Jan 17, 2013
Currently Being Moderated

Jan 17, 2013 7:31 AM

free tools "rootkitremover"

Hello - I have a client who seems to have a "zero-access-rootkit" on their server.  When I run the "rootkitremover" tool it responds that it has found the trojan, cleaned it, and requires a reboot.  After doing so, I re-run the tool and receive the same message.  This has happened several times and it will not clean.  I have tried numerous scans (sorry, not all McAfee) including Malwarebytes (1st run found and removed 14 infections - reboot required); Kaspersky's TDSSKiller (nothing found); Stinger (nothing found).  Any ideas would be greatly appreciated.

 

Thanks

Tim

 

ex

.

[TimeStamp: 20121228102248]

Rootkit Remover v0.8.9.160 [Dec  4 2012 - 17:44:01]

McAfee Labs.

 

Windows build 5.2.3790 x86 Service Pack 2

Checking for updates ...

Now Scanning...

 

    Malware Found --> ZeroAccess trojan detected!!!

      --> Registry key: HKEY_CLASSES_ROOT\CLSID\{f3130cdb-aa52-4c3a-ab32-85ffc23af9c1}\InprocServer32 ( fixed )

      --> Malicious file: c:\windows\system32\wbem\wbemess.dll ( will be deleted after restart )

      --> Registry key: HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 ( fixed )

      --> Malicious file: c:\windows\system32\wbem\fastprox.dll ( will be deleted after restart )

      ZeroAccess trojan was cleaned successfully!

 

Scan Finished

PLEASE REBOOT IMMEDIATELY TO COMPLETE CLEANING.

 

Other recommendations:

    1. Perform full scan with McAfee VirusScan product after reboot.

 

Press any key to exit.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points