Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
2369 Views 8 Replies Latest reply: Apr 11, 2013 7:48 AM by tschwab05 RSS
tschwab05 Newcomer 4 posts since
Jan 17, 2013
Currently Being Moderated

Jan 17, 2013 7:31 AM

free tools "rootkitremover"

Hello - I have a client who seems to have a "zero-access-rootkit" on their server.  When I run the "rootkitremover" tool it responds that it has found the trojan, cleaned it, and requires a reboot.  After doing so, I re-run the tool and receive the same message.  This has happened several times and it will not clean.  I have tried numerous scans (sorry, not all McAfee) including Malwarebytes (1st run found and removed 14 infections - reboot required); Kaspersky's TDSSKiller (nothing found); Stinger (nothing found).  Any ideas would be greatly appreciated.







[TimeStamp: 20121228102248]

Rootkit Remover v0.8.9.160 [Dec  4 2012 - 17:44:01]

McAfee Labs.


Windows build 5.2.3790 x86 Service Pack 2

Checking for updates ...

Now Scanning...


    Malware Found --> ZeroAccess trojan detected!!!

      --> Registry key: HKEY_CLASSES_ROOT\CLSID\{f3130cdb-aa52-4c3a-ab32-85ffc23af9c1}\InprocServer32 ( fixed )

      --> Malicious file: c:\windows\system32\wbem\wbemess.dll ( will be deleted after restart )

      --> Registry key: HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 ( fixed )

      --> Malicious file: c:\windows\system32\wbem\fastprox.dll ( will be deleted after restart )

      ZeroAccess trojan was cleaned successfully!


Scan Finished



Other recommendations:

    1. Perform full scan with McAfee VirusScan product after reboot.


Press any key to exit.

More Like This

  • Retrieving data ...

Bookmarked By (0)


  • Correct Answers - 5 points
  • Helpful Answers - 3 points