Closed

FYI when cleaning rootkit.zeroaccess

found this while trying to clean a computer:

ComboFix 11-06-10.08 - owner 06/10/2011 16:08:28.2.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.955.349 [GMT -5:00]
Running from: c:\users\owner\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\c_21993.nls
c:\windows\system32\config\ogejidap
.
Infected copy of c:\windows\system32\drivers\rassstp.sys was found and disinfected
Restored copy from - The cat found it :)

(combo fix has a cougar as an icon)

I hate virus writers...
2 answers Last reply
More about cleaning rootkit zeroaccess
  1. Thanks for the info!
  2. This topic has been closed by Area51reopened
Ask a new question

Read More

Security Windows Defender Rootkit System32 Windows XP