1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Rootkit.Win32.zaccess.c removal success!!!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by John24, Sep 3, 2011.

  1. John24

    John24 Private E-2

    I was able to successfully remove this very stubborn Rootkit virus. :-D

    Lots of spyware antivirus tools needed...perhaps too many at times and then eventually ComboFix was able to get rid of it in Safe Mode. I probably ran ComboFix 5-6 times in safe mode before it even found it.

    I had a file named {E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb in C:\Windows\Temp and also a process which looked like two phone numbers. Mine started with 2194239936:2. Sorry I don't remember the whole name but it was 2 numbers which happen to be Harshad Numbers...http://en.wikipedia.org/wiki/Harshad_number

    I could kill the process and remove the .tlb file with File Assasin but they would just come back on each reboot.

    Products used
    Dr Web CureIt Read More here-->http://www.drwebhk.com/en/virus_removal/729202/Rootkit.Win32.ZAccess.c.html
    Webroot Spysweeper
    Hijack This
    Spybot Search and Destroy

    Also ESET Online Scanner and Kapersky Online Scanner.

    30+ hours to get rid of this virus. I wish I knew where I got it so I could get it again and streamline the removal process. I would say only the first 5 or so programs were helpful...the rest did find some stuff but I believe they found the easy stuff.

    Also, once the Rootkit was removed I uninstalled all of the programs above and reinstalled Malwarebytes, SuperAntiSpyware, DrWeb Cureit, ComboFix, and Webroot Spysweeper and all found additional Cookies, Spyware, and old virus files in my restore points. I removed all of the old restore points and create new ones every time I remove more spyware.

    I have an old computer I might try getting infected just so I can streamline the removal process. :cry
    Last edited: Sep 3, 2011
  2. thisisu

    thisisu Malware Consultant

    Congratulations! :)

    You could also try using a Virtual Machine too. I use Virtual Box

Share This Page

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds