Trojan.ZeroAccess!kmem BIG PROBLEM

shevo11 · ‎03-14-2012

Hi,

i'm having problems with this virus, i read all the post realted to it, but couldn't remove it. I don't know too much about this, so it's dificult for me to understand all the posts.

I run the removal tool, it said that it removed the virus, but it didin't. I also run the Power Eraser, it removed some other files, including this trojan, but then , when running a scan, it detected on windows/system32 as a fil name NTOS. The action is LOG ONLY and the file is left unchanged, what can i do?

Sorry for my english.

SUBASH_PRABU · ‎05-31-2011

Hi

Welcome. And sorry for the trouble you're having. Please tell us what removal tool you ran "I run the removal tool, it said that it removed the virus"

What kind of scan you ran with Norton Power eraser: Is it without Rootkit or with Rootkit ?

shevo11 · ‎03-14-2012

I ran the removal tool that appears on symantec website for this virus, you can find it here http://www.symantec.com/security_response/writeup.jsp?docid=2011-121607-4952-99

This removal tool needs you tu desactivate system restauration.

My antivirus is called Symantec Endpoint Protection.

And the Power Eraser is set with Rootkit Scan, the one that requires system restart.

Thank You.

Quads · ‎07-21-2008

Start NPE, at the main window go to History . Look at the repair point and click Next, it will show what was removed.
You can click on the Link for each item to see the exact file path.

Do Not Run a scan or Undo .

SUBASH_PRABU · ‎05-31-2011

Hi

Sorry for the inconvenience. The Norton Community is for issues dealing with Norton Products offered by Symantec. And there is a separate community available for our Enterprise Products like Symantec Antivirus, Symantec Endpoint Protection,etc

People in our Symantec Community will surely help you out.

- Subash

Quads · ‎07-21-2008

Norton (Symantec) Tech Support are having troubles with these rootkits and trying to clean the computers, probably for one because they are stuck using Symantec products only.

Quads

shevo11 · ‎03-14-2012

Quads, what would you recommend me to do? When i want to see the history on the NPE it opens a window on IE and its full of codes, i don't understand. I want to get this virus removed, any ideas? Is it possible?

By the way, I enter to the other site for Symantec products but couldn't understand where to make my petittion.

Quads · ‎07-21-2008

Do you remember what files the NPE and Zeroaccess Removal Tool found??

Quads

JoelStevens · ‎03-14-2012

I spent several weeks getting this virus removed. Norton's techs could not do it. The second shop finally got rid of it, but I have also lost my battery meter and cannot get it restored.

I would recomend bitting the bullet and reformating your HD.

Quads · ‎07-21-2008

Do not reformat, do not take advive like that especially from people who couldn't work their own infection out, I have infected my system with all of these types of families (Pihar, zeroaccess, MaxSS.......................)

I am just trying to work out which one to use to get a log showing what has changes from using NPE and ZA removal tool.

Quads