rootkit.AccessZero! on Win XP, need help!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by rezz99, Feb 4, 2012.

  1. rezz99

    rezz99 Private E-2

    Hi,

    I have gone through a number of threads with rootkit.AccessZero! infection both on this site and the BleepingComputer. So far, I have run the following in
    this order:
    MBAM
    Avenger (see log)
    TDSSKILLER
    Avira (quaranteed a few files, not sure how to remove those)
    ComboFix (see last run's log)

    My computer, at the moment appears to operate normally. All the above, with the exception of CombFix and Avira, report no malware.
    ComboFix when runs, everytime, poppd up a rootkit.ZeroAccess infection dialog, saying this infection has gotten to the TCP/IP stack and is one particularly difficult one to get rid of. Then reboots and generates a log (see attached).
    Would you please tell me:
    a) Is it possible combofix finding a false positive?
    b) If no, how can I locate/remove this virus? or do I need to reformat/install OS?
    PS: Have no network connection issues.

    Thanks,
    rezz99
     

    Attached Files:

    rezz99, Feb 4, 2012
    #1
  2. thisisu

    thisisu Malware Consultant

    Hi and welcome to Major Geeks, rezz99!

    Most likely, there are still some traces of the rootkit present.

    In order for us to check your system of malware it is recommended that you follow this thread: READ & RUN ME FIRST Malware Removal Guide
     
    thisisu, Feb 4, 2012
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds