Resurgence in Zero Access Infections - Anyone Else?

S

SilverLeaf

Well-Known Member
Reaction score
152
Location
US
Haven't seen 0Access in a while, but three out of the last four that have come through the door have been infected with it....usually combined with others, but specifically all three have also had some Genome variant trojan as well. Kaspersky rescue CD failed to catch the 0Access twice, but good ole D7 nailed it. :D Anyone else been experiencing this?
 
I had one on a laptop just the other day. Some symptoms when I checked it out.

1. No exe's / com's ect would run.
2. Nothing in the control panel would run correctly. Device Manager showed an empty window.
3. Ran slow

Mbam, Avast, mbar couldnt find anything wrong. No infections. I fired up my favorite - Rouge Killer and it would not even start. At this point I declared all out war! :)

I slaved the drive from the laptop to my linux box and checked for hidden partitions. None found. I booted into Kaspersky rescue disk and it didnt find anything.

Finally I got the permissions changed for running exe files (dont ask, dont remember) and ran Rouge Killer. IT found it!! I figure, No wonder it didnt want rouge killer to run eh?

Performed my usual - empty the browser cache/temp directory, Reset DNS, Host file ect ..

I really thought I would find a hidden partition on the laptop. But never found one. I can say though - That zeroday is kinda tricky.

coffee
 
None of those in here for quite awhile, but still getting good old FBI Ransomware. ;)
 
If you suspect 0access you use malware bytes antirootkit. Do not use anything else right now. Sometimes malware bytes antirootkit will leave a trace that d7 will pick up and remove but for ease of the job you want to use MBAR as from what i've seen its automatically handling the whole windows defender / MSSE issues that 0access is causing.
 
ComputerRepairTech said:
If you suspect 0access you use malware bytes antirootkit. Do not use anything else right now. Sometimes malware bytes antirootkit will leave a trace that d7 will pick up and remove but for ease of the job you want to use MBAR as from what i've seen its automatically handling the whole windows defender / MSSE issues that 0access is causing.
Click to expand...

Rouge Killer, followed by MBAR, followed by KillZA
 
... just to clarify here, you sure you clicked the update button on mbar (thats malware bytes anti rootkit) before running the scan? ive never seen it miss a 0access infection.
 
Seen quite a few over the last few months, I was going to ditch tdsskiller but it has caught the infection since it only takes a minute I think I will leave it in my D7 routine, as well as other tools.

Paul
 
For those that have commented that they have never heard of Rouge Killer -

It should be part of your arsenal of defense. Its a stand alone rootkit/infection remover that is quite portable. It has saved my butt many times when mbar and others dont find anything.

I always run Rougekiller first and then proceed on with malwarebytes. Its probably the only rootkit program that gets 5 stars from me.

http://www.majorgeeks.com/files/details/roguekiller.html

coffee
 
coffee said:
For those that have commented that they have never heard of Rouge Killer -

It should be part of your arsenal of defense. Its a stand alone rootkit/infection remover that is quite portable. It has saved my butt many times when mbar and others dont find anything.

I always run Rougekiller first and then proceed on with malwarebytes. Its probably the only rootkit program that gets 5 stars from me.

http://www.majorgeeks.com/files/details/roguekiller.html

coffee
Click to expand...

MBAR gets 4.75 stars, RougeKiller definitely gets 5 Stars, amazing utility
 
coffee said:
For those that have commented that they have never heard of Rouge Killer -

It should be part of your arsenal of defense. Its a stand alone rootkit/infection remover that is quite portable. It has saved my butt many times when mbar and others dont find anything.

I always run Rougekiller first and then proceed on with malwarebytes. Its probably the only rootkit program that gets 5 stars from me.

http://www.majorgeeks.com/files/details/roguekiller.html

coffee
Click to expand...

I think they were just making a joke on the spelling of "rouge" killer.

It's rogue :)
 
I have never had MBAR work for me, usually Rouge Killer will find what is on the machine though.
 
ManistiqueComputers said:
I think they were just making a joke on the spelling of "rouge" killer.

It's rogue :)
Click to expand...

Of all things, this reminds me of the Sarah Palin autobiography called Going Rogue: An American Life.. Not too long after it came out, someone published a "spoof" called Going Rouge: A Candid Look Inside The Mind Of Political Conservative Sarah Palin. It was just a book full of blank pages.....no text at all :D

http://www.amazon.com/Going-Rouge-Candid-Political-Conservative/dp/1449587941/ref=sr_1_1?s=books&ie=UTF8&qid=1379434830&sr=1-1
 
Three ZA machines today and one just came in with no obvious viruses but both wifi and wired show "limited connectivity" and the guy said "My kid cleaned it up for some reason", so this one is probably a post-virus dead internet.

$$$ :D $$$
 
Two 0access infected laptops today. I ran MBAR on the first and RogueKiller on the second just for grins. Both worked.

One laptop had no internet access at all and the other would intermittently lose connectivity.

Like NYJimbo said, good money today!
 
You must log in or register to reply here.

Similar threads

britechguy
Has anyone else seen this under Win10 Version 21H2?
Replies
3
Views
2K
britechguy
britechguy
sapphirescales
EVERYONE Needs to Close or Do Drop-Off Only - NOW!
Replies
18
Views
6K
britechguy
britechguy
Romaniac
[REQUEST] Synology and potential hacking
Replies
5
Views
2K
Your PCMD
Your PCMD
Galdorf
Infected Businesses spreading infections to customers
Replies
2
Views
953
YeOldeStonecat
YeOldeStonecat
AlexanderCS
Sudden Spam in Outlook 2010
Replies
1
Views
727
glricht
glricht
Back
Top