BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Zero Access Rootkit and Trojan.Sirefef
   
BullGuard Antivirus Forum > Virus information > Alerts & New Threats > Zero Access Rootkit and Trojan.Sirefef  
Forum Quick Jump
 
You cannot post new topics in this forum. Locked Topic Printable version of : Zero Access Rootkit and Trojan.Sirefef
[ ]

Robert Mateescu
Forum Moderator




Date Joined Sep 2011
Total Posts : 279
 
   Posted 4/8/2012 6:30 AM (GMT +3)    Quote: Zero Access Rootkit and Trojan.SirefefAlert an admin about: Zero Access Rootkit and Trojan.Sirefef
Hi there,


As the Easter is coming, so does new versions of different malware. One of the most annoying is Zero Access Rootkit (you can read all about it here).

How does it manifest:
- You can locate a PING.exe CPU-draining process in your Task Manager; closing it will cause your Firewall to report port scans from multiple random IPs and the internet connection is lost; the "port scans" can be a "standalone" symptom too.
- Browser redirects.
- Windows Firewall Service and Base Filtering Engine are not shown in the services list.
- When trying to start Windows Firewall or Windows Defender you get a 0x80070424 error.
- Your AV detect parts of the Zero Access Rootkit but is unable to remove/completely remove it.


Removal guide:

- NO restarts between steps, NO reg cleaners!
- boot in Safe Mode with Networking.
- Download all tools and run them in this exact order.
- ATF Cleaner (to delete any malware from temp files, also decrease the time needed for other scans).
- MBAM and run a full C:\ drive scan.
- TDSSKiller (as 0 Access and TDL Alureon are similar)
- Combofix (reboot now).
Note: Other 0 Access removal tool as are attached to this email, but they are all x86 only and not very effective (at least for the cases I have encountered).


After removal, it is possible that you'll lose your internet connectivity whilst in Normal mode.

- for the "The RPC Server is unavailable" error, check this post.

- for the ""Limited or No Connectivity" status run netsh winsock reset and netsh int ip reset c:\resetlog.txt commands and the above, if the error persists.

Note: you can use the "winsockfix" tool from the "Zero Access.zip" goodies bag.


In order to have a working Firewall, you need to enable the Base Filtering Engine as shown in this guide.

If the services refuse to start after reboot, check for dependency causes. If a Step 5 error message is shown, try this Microsoft Fixit tool.

Finally, uninstall and reinstall your Antivirus application.

Best wishes and a heartily Happy Easter!

Post Edited (Andreea-Luciana Ostache) : 9/14/2012 12:36:29 PM GMT

Back to Top
 

nsm0220
New Member


Date Joined Apr 2012
Total Posts : 9
 
   Posted 4/14/2012 2:24 AM (GMT +3)    Quote: Zero Access Rootkit and Trojan.SirefefAlert an admin about: Zero Access Rootkit and Trojan.Sirefef
btw hitman pro and dr web cure it can kill the Zero Access Rootkit

Post Edited (nsm0220) : 13-04-2012 23:24:24 GMT

Back to Top
 
You cannot post new topics in this forum. Locked Topic Printable version of : Zero Access Rootkit and Trojan.Sirefef
 
Forum Information
Currently it is Saturday, August 30, 2014 7:15 AM (GMT +3)
There are a total of 60,579 posts in 13,312 threads.
In the last 3 days there were 0 new threads and 4 reply posts. View Active Threads
Who's Online
This forum has 36291 registered members. Please welcome our newest member, SidneyBlum.
3 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Blocking of sites (4)8/29/2014 8:49:52 PM (Leto)