Resurgence in Zero Access Infections - Anyone Else?

NYJimbo said:
$$$ :D $$$
Click to expand...

Is it weird that I literally heard the "Cha-ching!" sound in my head when I read this?

We saw a slow down of zero access over the spring, but it was all over during the winter for us, and have had a steady flow of them over the last couple months. Also some pretty nasty rootkits suddenly, like Harbinger.
 
Got another in the other day with the ZeroAccess virus in it.

I used WrogKiller to get rid of it.

Evidently, The customer had ZeroAccess and then also picked up the FBI virus. Also a good day for business here.

Im really enjoying Wrogkiller.

coffee :)
 
coffee said:
Got another in the other day with the ZeroAccess virus in it.

I used WrogKiller to get rid of it.

Evidently, The customer had ZeroAccess and then also picked up the FBI virus. Also a good day for business here.

Im really enjoying Wrogkiller.

coffee :)
Click to expand...



Excellent! Great one Coffee!
Of course not to be confused with the new WrugeKiller just released by Maybelline. :D
 
SilverLeaf said:
Excellent! Great one Coffee!
Of course not to be confused with the new WrugeKiller just released by Maybelline. :D
Click to expand...

LOL! Love it. :)

Wrugekiller by maybe line is also pretty good I have to agree.

In talking to the customer with this infection(s), They had taken it to a shop to have it serviced first and they did remove some infections and then just installed the MS security essentials and called it good enough. Time stamp on FBI virus was 7/18/13. Evidently they totally missed that one!

coffee :)
 
I just worked on a computer today that had MSE disabled so I thought something was wrong. TDSSKiller didn't find ZeroAccess & RogueKiller didn't either. I was able to remove it with MBAR.

It seems like it's a random draw anymore finding an anti-malware program that will detect and remove these infections. Kaspersky used to be my go to program that would clean almost everything I threw at it, but even it seems to miss infections on a regular basis now. If TDSSKiller wasn't so fast I would've dropped it a long time ago.
 
Got one on my bench now. Oddly enough the job wasn't to fix this computer but to fix an IE problem on his laptop. As I was fixing the IE issue (a 5 minute job) I noticed his desktop had very high network activity. A quick look at netstat and I could see SMTP requests going off all the time. It was sending emails to the USA, russia, south Africa, France etc. Should be a bit of fun anyway! Better than the usual PUP type malware I have been doing a lot of lately:p

The machine is Windows XP and will try and convince him to upgrade as he uses it for business. Again MSE was disabled by the rootkit.
 
I have a fast test for new zero access and variants download something in your browser it will show up as infected on trusted sites.
I have one i just got in does this roguekiller,tdsskiller,gmer don't find anything after nuking boot sector and any partition that seems out of place fixed the problem seems malware writers are changing the code quite a bit on this rootkit.
 
One in today for a drive upgrade. Cloned old drive to new, fired up d7 for checks and it found ZA.
Avast Free was oblivious to the infection, just sitting there; fat, dumb and happy - spinning it's little tray icon....
 
You must log in or register to reply here.

Similar threads

britechguy
Has anyone else seen this under Win10 Version 21H2?
Replies
3
Views
2K
britechguy
britechguy
sapphirescales
EVERYONE Needs to Close or Do Drop-Off Only - NOW!
Replies
18
Views
6K
britechguy
britechguy
Romaniac
[REQUEST] Synology and potential hacking
Replies
5
Views
2K
Your PCMD
Your PCMD
Galdorf
Infected Businesses spreading infections to customers
Replies
2
Views
953
YeOldeStonecat
YeOldeStonecat
AlexanderCS
Sudden Spam in Outlook 2010
Replies
1
Views
727
glricht
glricht
Back
Top