Help me Remove Zero Access Rootkit

Help me Remove Zero Access Rootkit
I’m pretty sure that my computer is infected with Zero Access Rootkit. Based on the findings when I posted HJT logs on a forum, members analyzed it as another hard to remove rootkit.

This started after I visited website referred on FaceBook. Since then, my browser is often redirected to various web sites; actually most of them are already unavailable. For some reasons, those site might have been removed by their individual administrators for being infected. I noticed that my Norton Internet Security was not working anymore, where in fact it has to block those malicious redirects. When opening the console, my antivirus is not responding. Luckily, I was able to run MalwareBytes, got it updated but few seconds after starting the scan, it closes on itself. Maybe Zero Access Rootkit causes it to shut down.
Tried other programs to my knowledge will be able to identify Zero Access Rootkit files including SuperAntiSpyware, Combofix and finally TDSS Killer but to no avail. The first program was also shut down right away. While Combofix hangs in the middle of the scan progress. TDSS Killer appears to find nothing but a dozens of Trojans and removed them directly. Still the rootkit remains. Browser redirected, PC is very slow and antivirus not working to protect my system.

I have managed to fix viruses and other types of malware previously using the same tools, but Zero Access Rootkit is one of the most horrible computer virus I encountered. It looks that it can resist most if not all of security programs available. Hope to find resolution for this virus sooner.

Bob Ong

2 Responses

  1. Damian says:

    Hi Bob,

    have the same problem since weeks –
    except “advices” no help

    see
    http://forums.malwarebytes.org/index.php?showtopic=93810
    or
    http://www.howtogeek.com/57837/how-to-remove-win-7-anti-spyware-2011-fake-anti-malware-infections/#comment-144195

    I think this is an industrial made bug from an
    antimalware or antivirus company. how else could
    that dangerous thing be on the loose without any tool
    to tame it ?

  2. Damian says:

    – get the so called Avira AntiVir Rescue System
    (latest 26-08-11, iso 234,46 MB).

    put it on a CD, boot from it.
    made my day, could use malwarebytes again.
    don’t know whether its entirely gone
    so I’ll do a second scan with a
    Rescue CD – F-Secure disk .

    anyway –
    that virus is a in my opinion a genius one
    made from one of the companies who provides
    us with so called malware scanner.
    too much knowledge of a kernel of an OS
    where bigger companies are struggling with
    to comply.

    what really concerns me:
    the former free malwarebyte was shut
    down too and they do not provide
    a rescue scanner from a write
    protected CD.
    I was desperate as you and
    used a portable MB I found on the web
    and guess what, MB messages
    a “Don’t steal our software”-infection!

    regards
    Damian