1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Rootkit.Win32.zaccess.c removal success!!!

Discussion in 'Malware Removal' started by John24, Sep 3, 2011.

  1. John24

    John24 Private E-2

    I was able to successfully remove this very stubborn Rootkit virus. :-D

    Lots of spyware antivirus tools needed...perhaps too many at times and then eventually ComboFix was able to get rid of it in Safe Mode. I probably ran ComboFix 5-6 times in safe mode before it even found it.

    I had a file named {E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb in C:\Windows\Temp and also a process which looked like two phone numbers. Mine started with 2194239936:2. Sorry I don't remember the whole name but it was 2 numbers which happen to be Harshad Numbers...http://en.wikipedia.org/wiki/Harshad_number

    I could kill the process and remove the .tlb file with File Assasin but they would just come back on each reboot.

    Products used
    Dr Web CureIt Read More here-->http://www.drwebhk.com/en/virus_removal/729202/Rootkit.Win32.ZAccess.c.html
    Webroot Spysweeper
    Hijack This
    Spybot Search and Destroy

    Also ESET Online Scanner and Kapersky Online Scanner.

    30+ hours to get rid of this virus. I wish I knew where I got it so I could get it again and streamline the removal process. I would say only the first 5 or so programs were helpful...the rest did find some stuff but I believe they found the easy stuff.

    Also, once the Rootkit was removed I uninstalled all of the programs above and reinstalled Malwarebytes, SuperAntiSpyware, DrWeb Cureit, ComboFix, and Webroot Spysweeper and all found additional Cookies, Spyware, and old virus files in my restore points. I removed all of the old restore points and create new ones every time I remove more spyware.

    I have an old computer I might try getting infected just so I can streamline the removal process. :cry
    Last edited: Sep 3, 2011
  2. thisisu

    thisisu Malware Consultant

    Congratulations! :)

    You could also try using a Virtual Machine too. I use Virtual Box

Share This Page

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds