Hi Greystone:

Cowboy_Coach created a thread here titled Trojan Virus Not Supported by Norton? a few days ago about Trojan.Zeroaccess!kmem that might include some useful information.  floplot's suggestion to get expert help from a malware removal site like bleepingcomputer or WhatTheTech might be your best course of action if this is a rootkit infection, since these types of infections are notoriously difficult to remove.

The only other suggestion I could provide is that you install the free Malwarebytes' Anti-Malware (MBAM) scanner as instructed here in GordoB's thread titled Possible Virus/Malware Not Detected by NIS and run a full system scan of your PC once MBAM is fully updated.

Symantec has posted additional information about Trojan.Zeroaccess!kmem here in a Symantec Security Response article.

---------

Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 9.0.1
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

Malwarebytes by design is not allowed to detect zeroaccess for drivers etc. already infecting a machine, as the engine has no way to cure /delete without causing bigger problems.

It is allowed to detect the dropper though.

You may have to go to a malware removal forum as,

a) depends on the file infected if an x86 system and if the file was removed when it should be cured / disinfected, also if the file involved is actually a file needed for networking.

b) It involves the I.P. stack, so that needs to be fixed.

c) Some of the removal tools created don't remove all of the infection.

If a x64 system removing the file(s) which NPE and the like may do without fixing the subsystems to the original state will cause Windows to become unbootable.

Quads

Had the same bug two days ago. Norton said I had it but could do nothing with it. (Power Eraser) Computer became unbootable so system restore was my only way out.

This is the second time Norton could not bail me out and a system restore was required. I think the first virus was called tideserv actitivy

---

fredb38 wrote:

 

Had the same bug two days ago. Norton said I had it but could do nothing with it. (Power Eraser) Computer became unbootable so system restore was my only way out.

 

---

Hi fredb38:

You've learned the hard way that the Norton Power Eraser is an extremely aggressive scanner and sometimes deletes  important system files that cannot be disinfected, as Quads noted in message # 3 (see examples in delphinium's post here in the Norton Protection Blog).  It should be safe to run the NPE in diagnostic mode (see RichD's instructions here) but I wouldn't use this tool to "fix" any files unless asked to do so by an expert in one of the malware removal forums.  I may revise my opinion of this tool once Symantec has completed the beta testing of NPE v. 2.x (see here for more info) but in the mean time I would use the NPE with extreme caution.

---------

Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 9.0.1
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

Hi guys! Norton can't fix or repair ZeroAccess rootkit. And Trojan.ZeroAccess Removal Tool from Symantec can't fix this malware too. Tool detects infected driver and repairs it, but after reboot infection does not neutralized. It is a critical problem.

Regards from Russia.

Hello

For malware infections of this type, I would strongly recommend the use of free malware removal sites. You need expert instructions from 1 on 1 experts who can guide you along the way. System restores should not be necessary if one goes to these removal sites. Please sign up for them and give the name of the malware in the name of your thread and describe what you have done so far.

Please go to one of these free Forums for help in removing your bad malware or rootkits.


http://www.bleepingcomputer.com

http://www.geekstogo.com/forum/

http://www.cybertechhelp.com/forums/

http://forums.whatthetech.com/

(Thanks to Delph for providing the list of sites)

Please come back and let us know how you made out.  Quads neglected to mention the removal sites, but he knows. Thanks. If you try on your own and do the wrong thing, you will end up with a  system which can't be used.

Unbootable because,

a) x86 systems the driver infected gets deleted, but is required by Windows (like TDL3)

b) x64 systems the file gets deleted but the registry key means Windows still requires the file.

Norton doesn't have the engine (yet) to be able to cure these, Then again I notice the TDSSkiller also misses bits, or variants, I don't like the thought of an AV dealing with the MaxSS group, what if the flag is set incorrectly.

Quads

Quads

Thanks for your comment. I hope, guys from Norton team will develop this engine because it really needs. MBR-threats and rootkits are becoming more aggressive and more dangerous.

Regards from Russia.