07-03-2012 10:03 PM
NIS 2012 keeps finding the trojan.zeroaccess virus and tells me it's fixed and to reboot my computer. Whenever I do that, it tells me it's found the same virus and it's fixed and to reboot my computer. A complete scan found the bad file in C:\windows\assembly\gac\desktop.ini and continues to find it there every time I scan. First, I can't find such a subdirectory; my c:\windows\assembly folder only has one empty subfolder, called "download." I have hidden files and system files set to not be hidden, so I'm confused as to where this is. Second, how can I stop it from returning every time I turn on my computer? I ran the NPE, but it found nothing except some startup files that I know to be okay.
Solved! Go to Solution.
07-03-2012 10:09 PM
ANY other user other than the thread starter is not to use any instructions, scripts or proceedures, The work though in cleaning a system is individual and only for that system due to a number of factors.
Please do not run any tools unless instructed to do so.
4. Cleanup (including system as a whole)
Please read every post completely before doing anything.
What is your Operating System and is it 32 bit or 64 bit??
07-04-2012 12:10 PM
Have you deleted your restore points ???
OK guys we have a user that has no idea about how zeroaccess works and how it can effect Windows or netsvcs etc.
So don't follow info like this, there is a time and place for System Restore, sometimes after the removal.
07-04-2012 01:15 PM
Oh hahahaha I get more abuse, the user must be angry that he has been told system restore doesn't work with zeroaccess variants and doesn't like it.
I have notified the people that create our tools of the newest change with zeroaccess that does show.
I infect my system with the likes of zeroaccess all the time so I know what changes and what works or doesn't.
07-05-2012 06:22 AM
Don't know what "black" CD means. I have blank CDs, if that's what you meant to type. I will also be away from this computer until Tuesday, so take your time. And thanks again for the assistance.
07-05-2012 07:05 AM
Forgot to tell you what I already tried. I booted Ubuntu as my O/S and found the GAC subfolder and desktop.ini file. I deleted it and rebooted with no issues. When I reboot again, the problem returns, as if the virus is hidden and creating the bad desktop.ini over and over.
07-05-2012 11:39 AM - edited 07-05-2012 11:42 AM
That's the difference I know what I am doing, XP needs a PE enviroment for FRST, where Vista and Windows 7 does not.
I will split this step
a) Please download http://www.bleepingcomputer.com/download/farbar-re
Transfer it on to the Flash Drive ready.
b) Download hxxp://oldtimer.geekstogo.com/OTLPENet.exe to your desktop (change the xx to tt)
Ensure that you have a blank CD in the drive
Double click OTLPENet.exe and this will then open imgburn to burn the file to CD for you ready.