Jump to content

ZeroAccess Trojan removed but many unwanted/unknown services still exist

mathis
 Share

Recommended Posts

mathis

mathis

Posted
Posted

Good afternoon.

I have recently worked on a laptop that was infected with the ZeroAccess Rootkit. I have used OTL, ComboFix, Malwarebytes, Symantec Anti-Virus, RemoveZeroAccess, and any other tool I could find and I believe that the virus has been removed; however, there are now over 100 services that are listed with the Startup Type Disabled with the description, "New service would allow parents to control their children's online activity."

I don't know where these services are coming from and I don't know how to remove them.

This is a Dell laptop running Windows XP in a business envrionment. I am working remotely on the laptop via Remote Desktop because this device is at a different location.

Any help is appreciated.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Good afternoon Mathis.

This system has been very seriously compromised and must be disconnected from the office network and the internet. Please advise the business owner and their tech support (as appropriate). A rootkit infection is extremely serious and ought not to be worked on remotely. Plus, as I say, system must be disconnected from their network otherwise they run the risk of getting other systems infected and the company data "lifted" !!!

They need to plan to wipe clean the HDD and re-image the system from a recent backup.

If there are any recent documents that were not backed up, they should be backed-up to offline media and later on scrubbed & scanned with antivirus and anti-malware before use.

I do not know of any XP service that would show

"New service would allow parents to control their children's online activity."

That's gotta be from a rogue malware.

Sorry for the bad news. And there's no other way to describe the situation, other than to be frank.

Here is some additional information:

When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063

Rootkits: The Obscure Hacker Attack http://www.microsoft...tip/st1005.mspx

What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojan

Danger: Remote Access Trojans http://www.microsoft...o/virusrat.mspx

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

Help: I Got Hacked. Now What Do I Do? http://www.microsoft...gmt/sm0504.mspx

Help: I Got Hacked. Now What Do I Do? Part II http://www.microsoft...gmt/sm0704.mspx

Microsoft Says Recovery from Malware Becoming Impossible http://www.eweek.com...,1945808,00.asp

Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.