I hope I didn't discover this invaluable resource too late. I was recently infected with some version of the ZeroAccess or Sirefef Rootkit and have spent the last day or so trying to find a solution. My Norton Security Suite 5.0 through Comcast informed me that manual removal was required of afd.sys.vir (Trojan.Zeroaccess!inf2).
I'm running XP Media Center 2002 w/SP3. I just installed the Norton software when Microsoft Security Essentials alerted me to the infection, about the time I started to lose control of my browsers. It quarantined two instances each of Sirefef.P, Sirefef.AH, and Sirefef.AC.
After doing insufficient research, the first thing I did was run the ESET Sirefef Remover. That seemed to take care of most of the browser behavior. But Norton, which I then installed, was still detecting it, and GMER was showing a lot of SSDT activity. So parts of it seem to still be there.
I ran NPE, which detected nothing, as well as the FixZeroAccess program from Norton. Upon restart, it did detect an infection, but my computer froze as I was re-enabling System Restore, and before I could tell the removal tool to fix it. After reboot, I tried the remover again, and this time it ended up finding no infection. I haven't made any additional changes to the system since this happened. I did run TDSSKiller, and it found nothing.
On a side note, I have downloaded a few free or demo malware scanners to see what they could find. The SpyHunter Demo finds infections by Lop.com and Alexa which Norton, Hitman, and Malwarebytes do not - of course it doesn't allow me to fix them until I buy the full version.
If anyone could walk me through the best way to try to clean my computer, I would greatly appreciate it. And if someone could offer an explanation for why SpyHunter is the only software I've tried that has picked up these other infections, I would be grateful for that as well.
Thanks!
