02-12-2012 10:56 PM
Tackled a zeroacces variant on a laptop (x86) took a bit of time and 3 restarts and still not all files can be shifted. People love to bag Norton (Symantec) with stating to use even like Avast or AVG etc. but I had a laugh as Zeroaccess on this system selected to infect AVG (Haha, no anti-tamper protection).
c:\windows\$NtUninstallKB16813$ Could not delete folder, had to manually powertool force delete
Still to force delete below, but have copied.
04-19-2012 04:53 AM - edited 04-19-2012 04:55 AM
It was the fact in this open forum, people would tell the user to install or run everything but the kitchen sink, which could make things worse, harder to remove, or start telling the user to run tools I was using, but yet they didn't know how how to properly use the tools, know what they were looking at or how to script / fix a problem if it occurs.
Other times I would be half way through removal and waiting for the user reply, I would be offline. another user would jump in saying do this do that. GEEZ, made things harder.
So I decided it's not a good idea to do advanced removal on a open forum and I can see why removal forums have protection in place.
Given that one-on-one remediation has become necessary again, the forum Admins need to look at options here that will allow you to assist these particular thread authors without interference from third-parties. My initial thoughts on this; is thread access controlled by a Forum Security Group? If so, then could a 'Quads' Forum Security Group be created that had the following attributes:
If so, then Forum Moderators could add users targeted for one-on-on remediation to the 'Quads' Forum Security Group, based solely on an appropriately worded 'Report Inappropriate Content' notification to the Moderators from yourself. Forum Moderators would then add the forum member and apply the 'Quads' Forum Security Group to the thread in question, effectively locking it from third-party interference.
Another reason for this post is that threads like this one hardly reflect a positive forum experience for the user who posted advice with best intentions. Expecting forum members to know the status quo around here by virtue of the fact that you are participating in a thread is hardly an effective way of maintaining thread integrity, as you, yourself, have acknowledged above...
I trust that the forum Moderators/Admins will review this and advise what options are available here.
05-13-2012 10:44 PM
1. Temporarily Disable System Restore
2. To be able to identify even the most recent variant of Trojan.Zeroaccess.B, open your antivirus application and update the virus definition file.
3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 on your keyboard repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Please select Safe Mode with Networking.
- The system will now boot Windows and loads only necessary drivers and files.
4.Delete the following file:
Press CTRL + ALT +DEL to access Task Manager and stop the following process:
7.Delete Associated Files and Folders: