|
|
|
|||||||
 |
|
|
Thread Tools | Display Modes |
|
#11
2nd January 2012, 18:40
|
|||
|
|||
Quote:
Yes, if you remove the scareware, you will still get random redirects on Google search results, because the Rootkit remains on the system. Last edited by Pelvis Popcan; 2nd January 2012 at 18:57. 
|
|
#12
2nd January 2012, 20:05
|
|||
|
|||
|
I've found that as soon as I find a customers system with the zeroaccess rootkit, I just back up the data, grab the windows and office keys and nuke the whole PC. It's faster to wipe out the PC and get it back up and running than it is to try and remove it the damn thing especially as various other windows systems get screwed up. Also, the PC is much faster after having a clean install.
Most people I deal with are getting infected through browser exploits and email attachments.
|
|
#13
2nd January 2012, 20:24
|
|||
|
|||
|
:(
Looks like thats what my better halfs lappy has
 I rebuilt this pc on the 22-23 of December thinking, ill just use the lappy for drivers etc... instead i spent 5 hr cleaning the laptop of "VISTA ANTIVIRUS 2012".be warned the pop ups look exactly and work like the NORMAL windows alerts, for firewall etc.. while on the laptop, block, 5 min later BLOCK, dam this is strange..dumb av  after that it proceeded with a couple fake virus findings from "VISTA ANTIVIRUS 2012", which was not our normal av suit, and suspiciously like the fake AV programs of a couple years back.  I went investigating.Thats when it started screwing with ie/firefox and not allowing searches etc. It was just comming up with a page that looks like the AVG page for blocked sites, no matter what i tried. Even Googles Crome was effected. with my desktop down i was stuck, and walked away. About 45 min later i was using my iphone and it hit me "safari" as a web browser, June installs all the extras for everything, and uses i-tunes for her i-pod.. back to the lappy and there was SAFARI hidden in the start menu. Safari worked no blocks nothing I was able to search out "vista anti virus 2012" with relative ease, apart from the fake system icon alerts every 2-3 min. 3 hrs later i my account on the lappy was basicly clean, or so i thought, no fake system icons or pop ups. I proceeded to downlaod the drivers etc onto a usb stick for the desk top. on the 27th june tried her laptop, her account is still infected. Interestingly enough though the browsers still work.. no blocked pages. i havent tried to fix it yet but she has that vista AV 2012 icon in the system tray that pops up occasionially. Her facebook etc works fine, ive told her NOT to upload/download ANYTHING and only reply in text to face book for now.. untill i can get it sorted. From my experance so far, the root kit gets aggressive when you start doing searches in browsers. I has not spread to this pc through the network, we havent been swapping files lately, but are still viewable. does anyone know a sure fire solution to get rid of this besides a new install??? june uses her laptop for photo back ups, and there are literially hundreads of thousands there. can the virus attach itself to a photo?
|
|
#14
2nd January 2012, 20:52
|
|||
|
|||
|
Quote:
__________________
If you fail to plan...you plan to fail would you not agree..Think about it 
|
|
#15
2nd January 2012, 21:14
|
|||
|
|||
|
AVG was on there but now gone as ive been hearing alot of bad things about it recently( mainly after all this)
now the lappy has MalwareBytes and Microsft security essentials. I know its not clean, first and formost is to get the photo's off safely with out antagonizing it again. this pc just mse i dont normially go anywhere or do much net wise, most of the sites i visit like here, had booked marked for years and trusted(mostly lol). also i dont trust spybot/spy doctor or whatever its called these days, but thats another story. Last edited by NastyEvil; 2nd January 2012 at 21:25.
|
|
#16
2nd January 2012, 21:58
|
|||
|
|||
|
Quote:
I have Kaspersky 2009 but I usually don't run its realtime protection. This 12/2011 outbreak is not prevented by even the latest Kaspersky, MalwareBytes, or Microsoft Security Essentials. After my restore I updated Flash, Shockwave Player, Java, and Windows Update. I have Kaspersky 2009 turned on now, an I'm using Simple Adblock for IE (which uses the Easylist blocklist).
|
|
#17
2nd January 2012, 22:01
|
|||
|
|||
|
Quote:
MalwareBytes Spybot Search & Destroy SUPERAntiSpyware HijackThis There are others that are OK I'm sure but those are the main ones I currently trust.
|
|
#18
4th January 2012, 14:53
|
|||
|
|||
|
Personally I use :
Comodo Internet Security 5.9(free) Spyware Blaster 4.5 Malwarebytes Firefox w/Adblock and No Script I haven't run into any issues for years. The most important thing to remember is to keep Windows and all the tertiary programs (Flash, Java, Adobe Reader etc) fully updated.
|
|
#19
4th January 2012, 23:55
|
|||
|
|||
|
This thing isn't knew from december, it has been hitting me computers the last 3 years. I'm an IT at a school and I see this thing everywhere. I also got it from browsing the internet searching for source code I could use for various program, from a google hit. No AV could clear it. Nonetheless, the easiest way to remove it is to create a new profile and delete the older, carrying your documents and all (but not entire profile because it does reside there and at various other places). For now, it's the only way it have always worked without any issue.
|
|
#20
11th January 2012, 08:03
|
|||
|
|||
|
Quite possibly, the latest Tuesday release (Jan 10) from Microsoft may have fixed the problem.
Also, the latest release/update from malwarebytes, and the latest update from Advast which was an overnight download for us dial-up users may have solved the problem.
__________________
Fast Eddie
|
|
| Tags |
| 2011, anti-virus, malware, rootkit, zeroaccess |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
