01-13-2012 10:10 AM
I am running Norton Internet Security 2012. A full system scan detected a threat named Trojan.Zeroaccess.B located in c:\windows\system32\consrv.dll and indicated that manual removal was required. I first rebooted in safe mode and ran the scan again with the same results. I have run the Norton Power Eraser (both regular and beta versions) and the Norton Bootable Recovery Tool but the problem remains. I have noted that Norton also lists a Trojan.Zeroaccess Removal Tool but this only runs in a 32 bit environment. I am running Windows 7 Professional 64 bit. Any suggestions?
01-13-2012 10:48 AM
Welcome to the Norton Community Forum
Since manual removal is required, I would recommend you visit one of the free removal sties to help you to clean up your computer. From what I have seen in Google, this infection may be similar to a Rootkit. Please pick one and register with them and they will work with you on a 1 to 1 basis and help you get this cleaned up safely.
Please go to one of these free Forums for help in removing your bad malware or rootkits.
(Thanks to Delph for providing the list of sites)
Please come back and let us know how you made out.. Thanks.
Success always occurs in private and failure in full view.
01-13-2012 02:48 PM
Norton should be allowed to remove the files for X64 systems as they are individual files so as far as I can see. It's the infected file in x86 systems Norton should not be allowed to touch as the file infected is a required Windows file.
For x64 systems as far as I knows there is Hitmanpro x64 version, and Combofix that should be used under supervision.
01-17-2012 05:10 PM
My Norton360 found this last week, but I assumed it had taken care of it until today - now I am confused.
Under "Unresolved Security Risks" it is still listed and 'manual removal required' is noted under the status.
Under the "Resolved Security Risks" it is listed as "Blocked"
When I run a scan, it comes back all clean...
Is it still on my computer? I can't figure out hwo to contact Norton to ask why their program is sending me conflicting messages...