ZeroAccess Rootkit

Posted by:

ZeroAccess Rootkit was discovered in November 2011 and has been causing havoc ever since.

It works by using and infected file from a package with a trusted certificate and then imbeds itself into system files such as svchost and loads the mimicked dll file instead of the original.

It is a Trojan Horse that opens a backdoor to download its own files.

This is one of the nastiest viruses around to date and can be extremely difficult to remove.

I have tried Norton’s removal tool, McAfee’s removal tool, Combofix, TDSKiller, aswMBR 0.9.9 and Malwarebytes to try and rid a system of this little critter.

My recommendation is to use Combofix, this is likely to break your TCP/IP stack, I then ran a scan with TDSKILLER which found afd.sys to be infected in system32\drivers. It did a cure, rebooted and all working perfectly now.

Hope this helps.