Oh boy, rootkit.zeroaccess, need help badly.

To summarize, somehow one of our PCs got the stupid "Delayed Write Failed" malware bit on it with the 20 or so dialog boxes that hides your files, so I figured, "No prob. Combofix will fix it." Nope.

Started running, told me I had the ZeroAccess rootkit, I hit OK, then it just sat there. For an hour. No HDD activity.

Since I could not reboot, I shut down by holding the power button and turned back on. Back to square 1.

Used Hitman Pro, found a .sys file infection and a couple TMP file pieces of malware. but alas I hit next. and the activate now box is hidden...

So I booted into safe mode, removed the bogus .sys file and the TMP files and reboot. Same result, square 1.

SO, I tried running TDSSKiller, it won't start. Tried renaming, same thing. Hourglass shows for .1 seconds then nothing. GRR

Tried Combofix in safe mode this time. No rootkit message, but it just sits on the Scanning for infected files part, right before it should start going through it's stages. Sat there for another hour, no HDD activity. Combofix has been defeated.

Since I was running out of options I figured I would try fixboot and fixmbr, Bad decision. Now I receive "NTLDR is missing."

Tried copying from XP Pro disk, upon reboot, same result.

Hooked up HDD to another PC, copied my profile, checked to see if NTLDR and NTDETECT, along with boot.ini are there, THEY ARE. Boot.ini looks fine.

Tried a Windows Repair, upon first reboot, same message.

This has been the worst virus/rootkit/malware bit I've seen in a couple years. Pretty much forcing me to wipe/reload. I hate reinstalling programs!

Help?

 

Well, here's a little update.

I ended up reloading Windows on another HDD, but figured I'd give the other HDD another go just for kicks.

Was able to fix NTLDR issue with new Hiren's 15 boot disc. It continues into my Windows repair but gets stuck on 37 minutes - Installing devices, which leads me to believe the rootkit(one of the .sys files) is still playing a role. I have both PS/2 keyboard and mouse so it can't be that, plus since I just reloaded on another HDD without a prob, something is up.

Anyhow, if anybody has some input, throw it out there. Like I said, this is the worst rootkit I've seen in quite some time. Hopefully the Combofix developers are going to counter with something sooner than later.