Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

Skip to comments.

Virus help- PTCH_ZACCESS.A downloaded and can't remove
August 24, 2012 | self

Posted on 08/24/2012 10:24:48 AM PDT by ncfool

Sometime on Tuesday I clicked on a link on this site to a Anti-Obama link or picture. I evidently get a virus and have not been able to clean it. Its called PTCH_ZACCESS.A My Office IT guy has tried to clean a couple of times and its buried in the registry. Anybody have any experience with this bad virus. A screen keeps popping up wanting you to down load their virus removal software SECURITY SHIELD.

My warning is to be very careful as its says it will get into your info and look for banking and credit passwords.

I have that computer offline unitil I get it cleaned out.


TOPICS: Computers/Internet; Weird Stuff
KEYWORDS: malware; virus
My anti-virus will not clean it either. I use Trend Micro Office scan.

They have this write up on it. http://about-threats.trendmicro.com/malware.aspx?language=au&name=PTCH_ZACCESS.A

any help is appreciated.

1 posted on 08/24/2012 10:24:56 AM PDT by ncfool
[ Post Reply | Private Reply | View Replies]

To: ncfool

Back up your data and then reimage the computer. That’s about the surest way to remove the virus right there.


2 posted on 08/24/2012 10:28:21 AM PDT by MeganC (The Cinemark theatre in Aurora, CO is a 'Gun Free Zone'. Spread the word.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ncfool

Found this at
http://www.zimbio.com/Spyware/articles/o6LebM1fdST/How+Remove+PTCH_ZACCESS+Manual+Removal+Guides

==

Step-by-Step Guides on How to Manually Eradicate PTCH_ZACCESS.A?

Step 1 : Go to Task Manager with Alt+Ctrl+Delete and stop its process.

random.exe

Step 2: Search for and delete its related files in Local Disk C:

C:\Documents and Settings\[UserName]\Local Settings\Application Data\[SET OF RANDOM CHARACTERS].exe
C:\Documents and Settings\[UserName]\Start Menu\Programs\[SET OF RANDOM CHARACTERS].exe

Step 3: Navigate to remove the registry entries associated as below in Registry Editor:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “


3 posted on 08/24/2012 10:28:24 AM PDT by TomGuy
[ Post Reply | Private Reply | To 1 | View Replies]

To: ncfool

On a clean PC, download MalwareBytes (malwarebytes.org) and copy to a thumb drive.

Install on your computer from the thumb drive and run the full scan. It should find it and remove it for you.


4 posted on 08/24/2012 10:31:39 AM PDT by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ncfool

Try Anti-Malwarebytes anti-malware
http://www.malwarebytes.org/

or SuperAntispyware’s stuff.
http://www.superantispyware.com/

They are free and are the most effective I have tried.


5 posted on 08/24/2012 10:32:28 AM PDT by Jack Hydrazine (It's the end of the world as we know it and I feel fine!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Jack Hydrazine

Thanks I will do it when my IT guy gets back to the office. He thought he had it a couple of times. Went thru his cisco firewall too. He can see when it actually hit.

It also shows as : Live security platinum

Microsoft has the following on it too:

http://answers.microsoft.com/en-us/protect/forum/mse-protect_scanning/live-security-platinum/9d1e13ab-91f1-4972-83da-f2c5c69c97cb


6 posted on 08/24/2012 10:36:02 AM PDT by ncfool (OMG 2012)
[ Post Reply | Private Reply | To 5 | View Replies]

To: ncfool

be sure and read instructions.

http://trinityhome.org/Home/index.php?content=TRINITY_RESCUE_KIT____CPR_FOR_YOUR_COMPUTER&front_id=12&lang=en&locale=en/


7 posted on 08/24/2012 10:37:21 AM PDT by Lees Swrd ("Arms discourage and keep the invader and plunderer in awe and preserve order in the world as well")
[ Post Reply | Private Reply | To 1 | View Replies]

To: rarestia

if MalwareBytes.exe will not run you can rename it to MalwareBytes.com


8 posted on 08/24/2012 10:37:33 AM PDT by Mr. K ("The spread of evil is the symptom of a vacuum [of good]")
[ Post Reply | Private Reply | To 4 | View Replies]

To: ncfool
Those "buy this anti-virus" bugs are tough. The only thing I have found that works on those is combofix.

Combo Fix Instructions and Download Link

9 posted on 08/24/2012 10:38:42 AM PDT by America_Right (Remember, Republicans have a lot more in common with Democrats than they do with Tea Partiers.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ncfool

10 posted on 08/24/2012 10:41:54 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ncfool

It sounds like one that I have gotten before. I went to Bleepingcomputer.com and went to their anti virus page. I downloaded Rkill for free from them to a thumbdrive on a different computer and plugged it into the infected one and ran the program. It has killed the bug on several computers for me. YMMV


11 posted on 08/24/2012 10:43:38 AM PDT by rightly_dividing (We are Dan Cathy, Ted Cruz, and Scott Walker, and November is drawing close!.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: rdb3; Calvinist_Dark_Lord; Salo; JosephW; Only1choice____Freedom; amigatec; stylin_geek; ...

12 posted on 08/24/2012 10:45:52 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: rdb3; Calvinist_Dark_Lord; Salo; JosephW; Only1choice____Freedom; amigatec; stylin_geek; ...

13 posted on 08/24/2012 10:46:36 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ncfool
My anti-virus will not clean it either. I use Trend Micro Office scan. They have this write up on it. http://about-threats.trendmicro.com/malware.aspx?language=au&name=PTCH_ZACCESS.A

any help is appreciated

Get Root !

14 posted on 08/24/2012 10:46:42 AM PDT by Uri’el-2012 (Psalm 119:174 I long for Your salvation, YHvH, Your teaching is my delight.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Mr. K

Or anything other than mbam.exe. Most virus/malware programmers try to stop that process from running altogether.


15 posted on 08/24/2012 10:47:45 AM PDT by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: ncfool

“Virus Alert”
by Weird Al Yankovic

http://www.youtube.com/watch?v=zvfD5rnkTws


16 posted on 08/24/2012 10:52:33 AM PDT by Jack Hydrazine (It's the end of the world as we know it and I feel fine!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ncfool

Windows Defender Offline

http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline


17 posted on 08/24/2012 11:05:11 AM PDT by UB355 (Slower traffic keep right)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ncfool

bfl


18 posted on 08/24/2012 11:06:07 AM PDT by ZOOKER ( Exploring the fine line between cynicism and outright depression)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ncfool

“Virus Alert”
by Weird Al Yankovic

http://www.youtube.com/watch?v=zvfD5rnkTws


19 posted on 08/24/2012 11:09:09 AM PDT by Jack Hydrazine (It's the end of the world as we know it and I feel fine!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: UB355

can you install windows defender from a thumb drive?


20 posted on 08/24/2012 11:20:09 AM PDT by ncfool (OMG 2012)
[ Post Reply | Private Reply | To 17 | View Replies]

To: America_Right; ncfool

do not use Combofix

It destroyed a computer I was using (borrowed) last year, it was a horrible experience


21 posted on 08/24/2012 11:26:34 AM PDT by GeronL (The Right to Life came before the Right to Pursue Happiness)
[ Post Reply | Private Reply | To 9 | View Replies]

To: ncfool

Boot into Safe Mode with Networking. Download Malwarebytes and run.


22 posted on 08/24/2012 11:29:38 AM PDT by AppyPappy (If you really want to annoy someone, point out something obvious that they are trying hard to ignore)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ncfool

You install it onto a thumdrive on an uninfected comnputer then start up your infected computer from the thumdrive.


23 posted on 08/24/2012 11:52:57 AM PDT by UB355 (Slower traffic keep right)
[ Post Reply | Private Reply | To 20 | View Replies]

To: ncfool

I see you are aware of bleepingcomputer.com. Good.

This page gives very clear, specific instructions on removing a similar nasty root kit virus, the first and only one I got since getting a PC in the early 1990’s.

http://www.bleepingcomputer.com/virus-removal/remove-antivir-solution-pro


24 posted on 08/24/2012 11:57:05 AM PDT by khelus
[ Post Reply | Private Reply | To 1 | View Replies]

To: GeronL; ncfool
do not use Combofix It destroyed a computer I was using (borrowed) last year, it was a horrible experience

Combofix, to me, is far and away the best virus cleaning, rootkit removing software. It's done the job for me at least a dozen times. $$$

I agree that it is not for the faint of heart. I usually use it when malwarebytes and microsoft security essentials are unable to repair.

I might also recommend that before scanning you attempt to do a system restore back to Monday. You won't lose any data, but your registry and startup settings will return to what they were before the virus occurred. If that succeeds, your antivirus scanner software of choice should then have an easier time of removing the residual files.
25 posted on 08/24/2012 11:59:26 AM PDT by mmichaels1970
[ Post Reply | Private Reply | To 21 | View Replies]

To: ncfool

Bump for a minute when I have a real keyboard.


26 posted on 08/24/2012 12:07:56 PM PDT by Roses0508
[ Post Reply | Private Reply | To 1 | View Replies]

To: GeronL; ncfool

Yes, use it. I am a computer systems engineer/technician. Have been for 15 years professionally. I wouldn’t steer a Freeper wrong. It is probably the ONLY thing that will work, unless there are instructions somewhere on how to manually remove every little piece of the nasty bugger. I would be willing to bet that even the manual removal involves ComboFix at some point!


27 posted on 08/24/2012 2:22:15 PM PDT by America_Right (Remember, Republicans have a lot more in common with Democrats than they do with Tea Partiers.)
[ Post Reply | Private Reply | To 21 | View Replies]

To: rarestia

How do you know that another computer is clean?

Why do you recommend that you download Malware Bytes to one computer and then transfer it to the infected computer via a thumb drive? What is the difference between a straight download and a transfer?

Thanks


28 posted on 08/24/2012 3:53:18 PM PDT by wildbill (You're just jealous because the Voices talk oMnly to me.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: wildbill

I personally keep a “clean” PC by using Linux. I am a systems engineer, though, so my level of attention to my systems is a bit higher than most home users.

MalwareBytes is the bane of many virus/malware writers. It is exceptionally effective at cleaning PCs due to the heuristics algorithm they use and the open-source nature of the application. Downloading MBAM on an infected PC often leads to an infected MBAM installer at worst, or the inability to download and/or install the program at best. They will actually program viruses and malware today to immediately shutdown or prevent the startup of the MBAM.exe program file.

By downloading the installer and running the install from a thumb drive, you decrease the risk of compromising the installer and can oftentimes get the program installed, at a minimum, and rename the executable to something other than MBAM.exe to get it to run on an infected machine.

In worst-case scenarios, I recommend people boot into safe mode and run the MBAM.exe program to clean from a system that’s often “cleaner” than if booting normally.


29 posted on 08/25/2012 5:16:25 AM PDT by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 28 | View Replies]

To: America_Right; GeronL; ncfool

ComboFix is the nuclear warhead of virus cleanup utilities. It is generally my next-to-last resort (reformatting being the last) when it comes to stubborn viruses and malware. I’ve personally only used it twice, and I had no issues afterwards.

I have heard anecdotal evidence that ComboFix has permanently nuked machines, so its use should be sparing.


30 posted on 08/25/2012 5:41:02 AM PDT by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 27 | View Replies]

To: GeronL

Go Here http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011

Scroll down and follow the instructions in the section “Automated Removal Instructions for XP Anti-Virus 2011 & Win 7 Home Security using Malwarebytes Anti-Malware:”

There are three steps - run from safemode of course.
1, FixNCR.reg fixes the registry
2. Rkill - stop the rogue program from running
3. Malwarebyte - does the final clean up.

I have used this method several times to fix different version of this virus on work and friends computers. Works every time.


31 posted on 08/25/2012 7:14:26 PM PDT by w1andsodidwe (Barrak has now won the contest. He is even worse than Jimmah.)
[ Post Reply | Private Reply | To 21 | View Replies]

To: ncfool

Malwarebytes did the trick along with the Microsoft product defender.


32 posted on 08/26/2012 11:00:43 AM PDT by ncfool (OMG 2012)
[ Post Reply | Private Reply | To 1 | View Replies]

To: UB355

This worked. Thank you.


33 posted on 08/26/2012 11:09:28 AM PDT by ncfool (OMG 2012)
[ Post Reply | Private Reply | To 17 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson