Skip to comments.Virus help- PTCH_ZACCESS.A downloaded and can't remove
Posted on 08/24/2012 10:24:48 AM PDT by ncfool
Sometime on Tuesday I clicked on a link on this site to a Anti-Obama link or picture. I evidently get a virus and have not been able to clean it. Its called PTCH_ZACCESS.A My Office IT guy has tried to clean a couple of times and its buried in the registry. Anybody have any experience with this bad virus. A screen keeps popping up wanting you to down load their virus removal software SECURITY SHIELD.
My warning is to be very careful as its says it will get into your info and look for banking and credit passwords.
I have that computer offline unitil I get it cleaned out.
They have this write up on it. http://about-threats.trendmicro.com/malware.aspx?language=au&name=PTCH_ZACCESS.A
any help is appreciated.
Back up your data and then reimage the computer. That’s about the surest way to remove the virus right there.
Step-by-Step Guides on How to Manually Eradicate PTCH_ZACCESS.A?
Step 1 : Go to Task Manager with Alt+Ctrl+Delete and stop its process.
Step 2: Search for and delete its related files in Local Disk C:
C:\Documents and Settings\[UserName]\Local Settings\Application Data\[SET OF RANDOM CHARACTERS].exe
C:\Documents and Settings\[UserName]\Start Menu\Programs\[SET OF RANDOM CHARACTERS].exe
Step 3: Navigate to remove the registry entries associated as below in Registry Editor:
On a clean PC, download MalwareBytes (malwarebytes.org) and copy to a thumb drive.
Install on your computer from the thumb drive and run the full scan. It should find it and remove it for you.
Try Anti-Malwarebytes anti-malware
or SuperAntispyware’s stuff.
They are free and are the most effective I have tried.
Thanks I will do it when my IT guy gets back to the office. He thought he had it a couple of times. Went thru his cisco firewall too. He can see when it actually hit.
It also shows as : Live security platinum
Microsoft has the following on it too:
be sure and read instructions.
if MalwareBytes.exe will not run you can rename it to MalwareBytes.com
It sounds like one that I have gotten before. I went to Bleepingcomputer.com and went to their anti virus page. I downloaded Rkill for free from them to a thumbdrive on a different computer and plugged it into the infected one and ran the program. It has killed the bug on several computers for me. YMMV
any help is appreciated
Get Root !
Or anything other than mbam.exe. Most virus/malware programmers try to stop that process from running altogether.
by Weird Al Yankovic
Windows Defender Offline
by Weird Al Yankovic
can you install windows defender from a thumb drive?
do not use Combofix
It destroyed a computer I was using (borrowed) last year, it was a horrible experience
Boot into Safe Mode with Networking. Download Malwarebytes and run.
You install it onto a thumdrive on an uninfected comnputer then start up your infected computer from the thumdrive.
I see you are aware of bleepingcomputer.com. Good.
This page gives very clear, specific instructions on removing a similar nasty root kit virus, the first and only one I got since getting a PC in the early 1990’s.
Bump for a minute when I have a real keyboard.
Yes, use it. I am a computer systems engineer/technician. Have been for 15 years professionally. I wouldn’t steer a Freeper wrong. It is probably the ONLY thing that will work, unless there are instructions somewhere on how to manually remove every little piece of the nasty bugger. I would be willing to bet that even the manual removal involves ComboFix at some point!
How do you know that another computer is clean?
Why do you recommend that you download Malware Bytes to one computer and then transfer it to the infected computer via a thumb drive? What is the difference between a straight download and a transfer?
I personally keep a “clean” PC by using Linux. I am a systems engineer, though, so my level of attention to my systems is a bit higher than most home users.
MalwareBytes is the bane of many virus/malware writers. It is exceptionally effective at cleaning PCs due to the heuristics algorithm they use and the open-source nature of the application. Downloading MBAM on an infected PC often leads to an infected MBAM installer at worst, or the inability to download and/or install the program at best. They will actually program viruses and malware today to immediately shutdown or prevent the startup of the MBAM.exe program file.
By downloading the installer and running the install from a thumb drive, you decrease the risk of compromising the installer and can oftentimes get the program installed, at a minimum, and rename the executable to something other than MBAM.exe to get it to run on an infected machine.
In worst-case scenarios, I recommend people boot into safe mode and run the MBAM.exe program to clean from a system that’s often “cleaner” than if booting normally.
ComboFix is the nuclear warhead of virus cleanup utilities. It is generally my next-to-last resort (reformatting being the last) when it comes to stubborn viruses and malware. I’ve personally only used it twice, and I had no issues afterwards.
I have heard anecdotal evidence that ComboFix has permanently nuked machines, so its use should be sparing.
Scroll down and follow the instructions in the section “Automated Removal Instructions for XP Anti-Virus 2011 & Win 7 Home Security using Malwarebytes Anti-Malware:”
There are three steps - run from safemode of course.
1, FixNCR.reg fixes the registry
2. Rkill - stop the rogue program from running
3. Malwarebyte - does the final clean up.
I have used this method several times to fix different version of this virus on work and friends computers. Works every time.
Malwarebytes did the trick along with the Microsoft product defender.
This worked. Thank you.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.