Rootkit.Win32.zaccess.c removal success!!!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by John24, Sep 3, 2011.

  1. John24

    John24 Private E-2

    I was able to successfully remove this very stubborn Rootkit virus. :-D

    Lots of spyware antivirus tools needed...perhaps too many at times and then eventually ComboFix was able to get rid of it in Safe Mode. I probably ran ComboFix 5-6 times in safe mode before it even found it.

    I had a file named {E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb in C:\Windows\Temp and also a process which looked like two phone numbers. Mine started with 2194239936:2. Sorry I don't remember the whole name but it was 2 numbers which happen to be Harshad Numbers...http://en.wikipedia.org/wiki/Harshad_number

    I could kill the process and remove the .tlb file with File Assasin but they would just come back on each reboot.

    Products used
    ComboFix
    Dr Web CureIt Read More here-->http://www.drwebhk.com/en/virus_removal/729202/Rootkit.Win32.ZAccess.c.html
    Malwarebytes
    SuperAntispyware
    TDSSkiller
    RootRepeal
    OTL
    OTM
    Unlocker
    Webroot Spysweeper
    Hijack This
    Spybot Search and Destroy
    AVG
    RootAlyzer
    GMER
    Procexp
    Defogger
    RootkitRevealer
    RootRepeal
    Unhackme

    Also ESET Online Scanner and Kapersky Online Scanner.

    30+ hours to get rid of this virus. I wish I knew where I got it so I could get it again and streamline the removal process. I would say only the first 5 or so programs were helpful...the rest did find some stuff but I believe they found the easy stuff.

    Also, once the Rootkit was removed I uninstalled all of the programs above and reinstalled Malwarebytes, SuperAntiSpyware, DrWeb Cureit, ComboFix, and Webroot Spysweeper and all found additional Cookies, Spyware, and old virus files in my restore points. I removed all of the old restore points and create new ones every time I remove more spyware.

    I have an old computer I might try getting infected just so I can streamline the removal process. :cry
     
    Last edited: Sep 3, 2011
  2. thisisu

    thisisu Malware Consultant

    Congratulations! :)

    You could also try using a Virtual Machine too. I use Virtual Box
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds