• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Kudos2 Stats

ZeroAccess: Millions of Computers In US Infected And It Updates With P2P

Getting infected with malware is always a painful experience but new variants of old threats are using new techniques both to spread and cause harm. One such malware is a botnet that infects computers, creating a hidden file storage area for its files and opening a port for ongoing peer to peer communication. This means the infected computer can get updates from the malware author, either to cause more harm or to for the malware to be redesigned to avoid detection. You may recognize the communication method as a form of peer to peer (P2P) network that is often used to share music and video files among fan groups. Here that network communication method is taken advantage of by the malware authors to avoid setting up servers to send out instructions to infected computers. This may help them control better and avoid detection longer.


The malware known as ZeroAccess (sometimes referred to as a Trojan due to the initial infection method; sometimes known as a botnet due to the behavior once on the computer) can take over your internet searches, returning results that are filled with useless ads and other nonsense. This can lead to a lucrative form of click fraud. But there are many versions of this botnet out there, apparently because the creators are compensating other downstream malware authors per install.

Avoiding this botnet requires the user to be really careful about what sites you visit and what links or ads you click on. So the usual warnings about online behavior hold. You may have real difficulty even knowing you are infected with ZeroAccess: watch for strange search results or pop-ups for virus warnings.  This malware/botnet is widespread; some estimate that between 1 and 2 million systems are currently infected. And according to Symantec’s researchers, most of those infected are in the United States. Think you are infected? Our Norton and Symantec teams have a special removal tool for this piece of malware and detailed instructions here.



Here you go Marian,  http://community.norton.com/t5/Malware-Discussion/CLOSED-Auto-Protect-bl...

The user has used NPE, FixZeroaccess, and Norton BootCD, so I don't know what did or what but the FRST log comes back not looking quite right, to what it should be, maybe due to running the Symantec tools, who knows.

Good Luck, with the rest of the infection, or where the rest that should show has gone.