Re: Trojan.Zeroaccess!kmem

Greystone · ‎04-15-2009

Thanks for the advice.

I have been working with one of the specialists as suggested and we are making progress, it has infected a host of things.

One problem can't find an answer on forum here amywhere.

Please post procedure to completely shut down Norton Internet Security 2012. We need to do a specialized scan and it dangerously conflicts wit any other utility.

I remember something about turning off Tamper switch and stopping a few processes but I can't find my notes.

Thank You

lmacri · ‎05-05-2009

Hi Greystone:

The tamper protection in NIS 2012 can be turned off at Settings | General | Product Security | Norton Product Tamper Protection. I would also suggest temporarily disabling your Antivirus protection from the Advanced window at a minimum (outlined in red in the screenshot), and possible all four items under Computer Protection (outlined in blue) as well.

NIS 2012 Computer Protection.jpg

I posted in the WhatTheTech malware removal forum last year and ran into the same problem myself with a few of their diagnositic tools - especially ComboFix - and the malware removal specialist eventually asked me to uninstall NIS from my computer while we were running diagnostics.

-------

Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 9.0.1
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

Greystone · ‎04-15-2009

Thanks I will try this. It is ComboFix that is causing the Issue for me to disable Norton.

enigmista63 · ‎06-14-2011

Hello and happy Sunday, keep reading posts where many users have problemswith NIS 2012 because of failure detection, blocking and deletion of someROOTKIT ZEROACCES, MBR, TDSS, TDL 3-4 etc etc. ... I'm trying to see if NIS2012 is not 'i can do its job, I'm trying to download MALWAREDOMAINLIST fromthe latest threats on the network and especially the ROOTKI zeroaccess, butunfortunately I can not do it because I NIS blocks the entry of all URLs that containthe rootkit, even turning off the control of the URL, when you download the infected file, it is detected and eliminated before it on the pc and so I 'can not verify if theSONAR or the virus are able to work at this point, I wonder how it is possible to have your PC infected with these files? My question is: when you do install NIS2012 on a PC clean and formatted? if the installation is done on an infectedcomputer where 'other antivirus did not detect the rootkit, the problem is not' due toNIS ushered roorkit, but the virus 'already' on the PC, also remember that somerootkits are not removed even after formatting. I conclude by saying that I can notdownload the PC nessu rootkits to try to disintegrate the NIS. ..