green15
Visitor
green15
Posts: 7
Registered: ‎04-26-2012
Accepted Solution
virus detected but unable to remove

‎04-26-2012 11:38 AM

          I have scanned the file with norton.  It detects it as a virus

      Trojan.Zeroaccessinf2.  It says manual removal required  I scanned in

      safe mode. It says manual removal required.

 

 I clicked on the link

      to take me to manual removal instructions.  I downloaded the manual

      removal tool.  It says no viruses found yet security suite says its

      still there.

 

 I followed step 2 and used NPE.  I then follwed step 3

      and used Norton Bootable recovery tool.  Both say removal failed and

      to manually remove it.

 

 At this point Im not sure if its even a

      virus since it was part of a windows patch in the following directory:

      C:\WINDOWS\$NtUninstallKB2536276-v2$

 

File name was:  mrxsmb.sys

 

 I am running the comcast

      version of norton which has been updated to version 5.2.1.3 with

      latest definitions

 

I submitted the file to norton falss positives website and they responded contact technical support.

 

Report Inappropriate Content
(858 Views)
Quads
Bot Obliterator
Quads
Posts: 13,936
Registered: ‎07-21-2008
Re: virus detected but unable to remove

‎04-26-2012 05:15 PM

In x86 systems zeroaccess patches a legit Windows driver so Norton is not allowed to delete the driver,   

 

Quads

Report Inappropriate Content
(832 Views)
green15
Visitor
green15
Posts: 7
Registered: ‎04-26-2012
Re: virus detected but unable to remove

‎04-26-2012 09:33 PM

Thank you for the response.

 

But what should I do next?  I have the original xp disk.  Is there a way to fix this?

 

thanks!

Report Inappropriate Content
(820 Views)
bsodZeroaccess
Newbie
bsodZeroaccess
Posts: 3
Registered: ‎04-28-2012
Re: virus detected but unable to remove

‎04-28-2012 12:04 PM

I would suggest downloading Hitman pro, it's able to detect this rootkit as it has just done it now in my Virtual Machine.

 

http://www.surfright.nl/en/hitmanpro/

 

Also, get: http://www.malwarebytes.org/

Report Inappropriate Content
(778 Views)
Super Spam Squasher
Super Spam Squasher
cgoldman
Posts: 2,929
Registered: ‎06-25-2008
Re: virus detected but unable to remove

‎04-28-2012 02:19 PM

bsodZeroaccess wrote:

I would suggest downloading Hitman pro, it's able to detect this rootkit as it has just done it now in my Virtual Machine.

 

http://www.surfright.nl/en/hitmanpro/

 

Also, get: http://www.malwarebytes.org/

The problem here is not detection but correction or replacement of the infected file. Since for example malwarebytes specifically does not address rootkits, I do not endorse your suggestion.

Report Inappropriate Content
(768 Views)
green15
Visitor
green15
Posts: 7
Registered: ‎04-26-2012
Re: virus detected but unable to remove

‎05-07-2012 10:47 AM

I solved the problem by going into safe mode and uninstalling hot fix patch KB2536276-v2$.  I then rebooted into safemode went to the microsoft site and redownloaded the hot fix and installed it in safe mode and the virus infected file was overwritten.  Windows update did not work in safemode thats why i had to manually download the hotfix.  Now the scans come up clean.

 

Thaks to everyone that tried to help

Report Inappropriate Content
(705 Views)