"ZeroAccess" virus removal on IE11, Windows 10?

[Drew Sebastino]

So, pretty recently, I've been getting a notice that pops up when downloading certain files that goes like (whatever) contained a virus and was deleted. I was pretty upset about that and I found it pretty fishy that there isn't any kind of way to override it like there is with anything else, so I Google searched my problem, and sure enough, it's because of some virus. Now, I've tried about every anti virus software under the sun and none of them have worked (despite being recommended for getting rid of this, although one, ComboFix, doesn't work for Windows 10 that I gave in and got), so I was wondering if anyone else had gotten this virus and if they were able to get rid of it.

I don't understand though, if you know you have some sort of virus, why does there need to be a whole slew of programs you need to get rid of it? Couldn't you just delete any of the files this virus uses, and revert the ones it messed with by just re downloading them? I mean, this seems like a pretty well known virus.

[DoNotWant]

Couldn't you just delete any of the files this virus uses, and revert the ones it messed with by just re downloading them? I mean, this seems like a pretty well known virus.

ZeroAccess infects the Master Boot Record and the windows registry I believe, and it can also infect other system files. It also infects the TCP/IP stack. Seems like you need a real purge of your system to get rid of it.

Here is some stuff on how to remove it. https://www.symantec.com/security_respo ... 99&tabid=3
Note this tho: "If you have an infected Windows system file, you may need to replace them using from the Windows installation CD."

Also, from stack exchange: "Given how well-written this malware is, the usual recommendation applies - the only way to be certain is to rebuild the device from known good media.

If this machine is one you use regularly, then you should strongly consider rebuilding it ("rebuild" here means to reinstall or restore your Operating System to factory defaults)."

[Banshaku]

I had the windows 10 virus before and fixed it with xubuntu.

Jokes aside, if you do need to reinstall windows 10 and you been using it for a while I would suggest to download the latest installation media, that will save you a lot of time. It should be downloaded from a clean machine.

I will see if I can find the links tonight.

Edit:

This is the link unless mistaken:

https://www.microsoft.com/en-us/softwar ... ndows10ISO

[tepples]

Master Boot Record/boot sector viruses like this are ostensibly why Microsoft instituted the "Secure Boot" requirement for new PCS with pre-installed Windows.

[Drew Sebastino]

Here is some stuff on how to remove it. https://www.symantec.com/security_respo ... 99&tabid=3

It didn't work.

("rebuild" here means to reinstall or restore your Operating System to factory defaults)."

So basically just redownload Windows 10 again? I'll try that, I mean, I doubt it will screw up my computer.

Well, apparently, you can't just go and redownload Windows 10 from the website because the installer informs you that you already have it, you just have to return to original factory setting, which will wipe out all my files.

I'm going to have to back up everything to a hard drive, but the only hard drive I have is at my mother's house... I guess ZeroAccess and I are going to have to be roomates for a while.

[tepples]

I seem to remember there being a difference between "Refresh", which wipes the OS and applications but keeps your profile, and "Factory reset", which wipes everything. Or does ZeroAccess mess this up?

[mikejmoffitt]

You may create install media from the "Windows Media Creation Utility". I recommend not using your infected computer for this.

[Sik]

Master Boot Record/boot sector viruses like this are ostensibly why Microsoft instituted the "Secure Boot" requirement for new PCS with pre-installed Windows.

Yeah, and that in itself is OK (hell, make it outright mandatory in UEFI if you want). The problem was more about OEMs making it impossible for the user to change the key list =/ (which if happens, means you can't install any OS from a vendor that the OEMs didn't approve previously)

[Drew Sebastino]

Holly hell, I reinstalled Windows 10, which deleted some of my programs, but like I said, it's still there. What exactly does this dumb ZeroAccess virus even do? The only way it has affected me is preventing me from downloading this: https://github.com/dimok789/loadiine_gx2/releases

What's great is that it even gives me a BS Windows Defender notification and even asks me if I want to send the file to Microsoft for inspection.

I'm just going to have to completely eradicate everything on this computer...

[mikejmoffitt]

Holly hell, I reinstalled Windows 10, which deleted some of my programs, but like I said, it's still there. What exactly does this dumb ZeroAccess virus even do? The only way it has affected me is preventing me from downloading this: https://github.com/dimok789/loadiine_gx2/releases

What's great is that it even gives me a BS Windows Defender notification and even asks me if I want to send the file to Microsoft for inspection.

I'm just going to have to completely eradicate everything on this computer...

Do the thing I said, and do a proper reinstall. Format the HDD.

It is no doubt affecting you much more than preventing you from downloading a file.

[Punch]

It is, according to wikipedia, a bitcoin mining botnet, so nuke your HDD from orbit (use a linux live disc and zero fill it). Kinda weird that it didn't got removed the first time.

[Drew Sebastino]

bitcoin mining botnet

What the heck is that?

Kinda weird that it didn't got removed the first time.

I don't get it either. I mean, it supposedly deleted all the Windows files and got rid of them, and even deleted all the contents of Programs and Programs (x86). I mean, dang, where could it have hidden? I'd really like to know what exactly the stupid reset even did.

I'm actually looking at the root of Local Disk C:. There's some weird shit here, like "Windows.old" and weird stuff like that. I actually tried deleting it (why not) because it appears it's all the old stuff that was supposedly deleted, but look at this:

I wouldn't be surprised if this was more ZeroAccess bullshit. What's even the point of viruses like this being created? Some dick thought it would be fun to screw people over? I mean, I don't even have a way of saving my files right now so I can't format my hard drive.

[Kasumi]

bitcoin mining botnet

What the heck is that?

Bitcoin is a currency. Bitcoin mining is verifying bitcoin transactions which has a payout.

What's even the point of viruses like this being created?

So they can use your computer (along with many others) to make money.

[lidnariq]

"Windows.old" is for the backup of the previous install of windows.

Don't delete things from your machine unless you know why they're there ... unless you explicitly want to have to reinstall.


If your computer is still infected by ZeroAccess, you can be certain that it is written in a way such that simply deleting a file won't get rid of it. (It will keep you from being able to).

Regardless of whether your computer is still infected by ZeroAccess, anything you can delete will be something unrelated to it.

[Drew Sebastino]

So they can use your computer (along with many others) to make money.

So it's like a barnacle. It's ugly and slightly (I'd imagine?) inhibits performance, but it's not going to like destroy the computer or anything. I mean, this thing isn't downloading crap onto my computer, is it?

Don't delete things from your machine unless you know why they're there ... unless you explicitly want to have to reinstall.

I mean, I'm going to have to anyway to get rid of this bastard.

Regardless of whether your computer is still infected by ZeroAccess, anything you can delete will be something unrelated to it.

Well, I mean it affects what I can download...

I still don't even understand how this could happen. I mean, I imagine the only way it could have done this much damage is by getting into the Windows folder, which I would have thought wouldn't have been possible for anything to manipulate without my permission unless I didn't pay attention and let it do so.