Zero Access Trojan

After scanning one of my drives I get a notification that I need to remove "Zeroaccess Trojan". I follow direction given by NIS to the T, run Zer Access Fix Tool, etc...but at the end I get a prompt that Zero Access was not detected. I even run Norton Power Eraser to no avail. has anyone encountered this? could it be a false read.? Thanks

What is the file name and location of where it was detected??

 

Quads

It's on drive "g" second partition of an auxiliray drive.

g: WINDOWS\systems32\avg7rsxp.dll

Thanks,

I think the legit file name is WINDOWS\systems32\drivers\avg7rsxp.sys  for an old version of AVG

 

I wonder if you have something similar to the Oak Technology variant, I am thinking

 

Quads

Do you have 2 OS's installed, one on C Drive, and one on G Drive??

 

Quads

  1. I got the file and location off of NIS Security History. Yes I have two hard drives with OS installed. upgraded to higher capacity drive "C" and kept the old one "g" as back up and to access old stuff.

Is it in the History only once and it was deleted. and did not reappear. (detected again)

 

Quads

I scanned the drive again and the Trojan is still there. am being prompted to manually delete it using the tool (that I have already used a couple of times!).

Manual delete means Norton is not allowed to delete the file(s) but if you go to the file in question yourself and delete Norton may still have the entries in the Unresolved Threats list and will keep notifying the user until the entries are cleared in Norton.

 

It sounds like the subsystems variant, which means deleting files in G drive for the variant could meant if you go to boot G Drive Windows won't load

 

Quads

Hi,

Problem still persists, scanned and found the trojan on g drive, ran the Zeroaccess tool per instructions and upon restart I get the message that nothing was detected. Does this mean I have to manually delete the file and then restore it using Windows installation CD?

" Norton may still have the entries in the Unresolved Threats list and will keep notifying the user until the entries are cleared in Norton"

 

WINDOWS\systems32\avg7rsxp.dll is not a Windows file

 

Quads

So, if it is not a Windows file can I manually delete it?

I manually found the file "avg7rsxp" and scanned it with Malwarebytes. It found the threath and deleted it.

Then ran Norton scan on drive "g" and this time all came Green. Malwarebytes was able to delete it.