Rootkit.zeroaccess - delayed write failed and hidden files

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

djetaine

Thread Starter
Joined
Nov 29, 2011
Messages
1
Recently at my company we have received a rash of field laptop with this virus. It has been insanely difficult to remove.
(there is already a thread regarding this that someone posted about but I cant reply to it yet, only post new threads)

TDSSKiller will not detect it, our enterprise software will not remove it but will detect it (McAfee), MBAM doesnt see all of it and Sophos AR doesnt see it either.

Combofix WILL get rid of it but not just with a normal click and go.
To get rid of it I have had to completely disable my AV software (I mean totally, disable it from the virus scan console as well as disable all the services related to it)

Make sure you have AT LEAST combofix version 11.11.29.4. If you arent sure of what version you are running, right click on the file and click properties and then the details tab.

Save combofix to your desktop.
Create a new txt document called CFScript.txt
Open this new document and type in:

ClearJavaCache::

Extra::


This process should remove the rootkit and unhide all your files as well. I have tested this on 3 machines now and all have tested clean with MBAM, McAfee, Panda, AVG and Avira.
If for some reason your files are still hidden download and run an application called unhide.exe

I spent 3 days trying to figure out how to get rid of this once and for all without having to reimage. Hope this can be of use to someone else.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top