Virus help- PTCH_ZACCESS.A downloaded and can't remove

August 24, 2012 | self

[ncfool]

Sometime on Tuesday I clicked on a link on this site to a Anti-Obama link or picture. I evidently get a virus and have not been able to clean it. Its called PTCH_ZACCESS.A My Office IT guy has tried to clean a couple of times and its buried in the registry. Anybody have any experience with this bad virus. A screen keeps popping up wanting you to down load their virus removal software SECURITY SHIELD.

My warning is to be very careful as its says it will get into your info and look for banking and credit passwords.

I have that computer offline unitil I get it cleaned out.

[ncfool]

My anti-virus will not clean it either. I use Trend Micro Office scan.

They have this write up on it. http://about-threats.trendmicro.com/malware.aspx?language=au&name=PTCH_ZACCESS.A

any help is appreciated.

[MeganC]

Back up your data and then reimage the computer. That’s about the surest way to remove the virus right there.

[TomGuy]

Found this at
http://www.zimbio.com/Spyware/articles/o6LebM1fdST/How+Remove+PTCH_ZACCESS+Manual+Removal+Guides

==

Step-by-Step Guides on How to Manually Eradicate PTCH_ZACCESS.A?

Step 1 : Go to Task Manager with Alt+Ctrl+Delete and stop its process.

random.exe

Step 2: Search for and delete its related files in Local Disk C:

C:\Documents and Settings\[UserName]\Local Settings\Application Data\[SET OF RANDOM CHARACTERS].exe
C:\Documents and Settings\[UserName]\Start Menu\Programs\[SET OF RANDOM CHARACTERS].exe

Step 3: Navigate to remove the registry entries associated as below in Registry Editor:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “

[rarestia]

On a clean PC, download MalwareBytes (malwarebytes.org) and copy to a thumb drive.

Install on your computer from the thumb drive and run the full scan. It should find it and remove it for you.

[Jack Hydrazine]

Try Anti-Malwarebytes anti-malware
http://www.malwarebytes.org/

or SuperAntispyware’s stuff.
http://www.superantispyware.com/

They are free and are the most effective I have tried.

[ncfool]

Thanks I will do it when my IT guy gets back to the office. He thought he had it a couple of times. Went thru his cisco firewall too. He can see when it actually hit.

It also shows as : Live security platinum

Microsoft has the following on it too:

http://answers.microsoft.com/en-us/protect/forum/mse-protect_scanning/live-security-platinum/9d1e13ab-91f1-4972-83da-f2c5c69c97cb

[Lees Swrd]

be sure and read instructions.

http://trinityhome.org/Home/index.php?content=TRINITY_RESCUE_KIT____CPR_FOR_YOUR_COMPUTER&front_id=12&lang=en&locale=en/

[Mr. K]

if MalwareBytes.exe will not run you can rename it to MalwareBytes.com

[America_Right]

Those "buy this anti-virus" bugs are tough. The only thing I have found that works on those is combofix.

Combo Fix Instructions and Download Link

[ShadowAce]

[rightly_dividing]

It sounds like one that I have gotten before. I went to Bleepingcomputer.com and went to their anti virus page. I downloaded Rkill for free from them to a thumbdrive on a different computer and plugged it into the infected one and ran the program. It has killed the bug on several computers for me. YMMV

[ShadowAce]

[ShadowAce]

[Uri’el-2012]

My anti-virus will not clean it either. I use Trend Micro Office scan. They have this write up on it. http://about-threats.trendmicro.com/malware.aspx?language=au&name=PTCH_ZACCESS.A

any help is appreciated

Get Root !

[rarestia]

Or anything other than mbam.exe. Most virus/malware programmers try to stop that process from running altogether.

[Jack Hydrazine]

“Virus Alert”
by Weird Al Yankovic

http://www.youtube.com/watch?v=zvfD5rnkTws

[UB355]

Windows Defender Offline

http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline

[ZOOKER]

bfl

[Jack Hydrazine]

“Virus Alert”
by Weird Al Yankovic

http://www.youtube.com/watch?v=zvfD5rnkTws

[ncfool]

can you install windows defender from a thumb drive?