Posted on 08/24/2012 10:24:48 AM PDT by ncfool
Sometime on Tuesday I clicked on a link on this site to a Anti-Obama link or picture. I evidently get a virus and have not been able to clean it. Its called PTCH_ZACCESS.A My Office IT guy has tried to clean a couple of times and its buried in the registry. Anybody have any experience with this bad virus. A screen keeps popping up wanting you to down load their virus removal software SECURITY SHIELD.
My warning is to be very careful as its says it will get into your info and look for banking and credit passwords.
I have that computer offline unitil I get it cleaned out.
do not use Combofix
It destroyed a computer I was using (borrowed) last year, it was a horrible experience
Boot into Safe Mode with Networking. Download Malwarebytes and run.
You install it onto a thumdrive on an uninfected comnputer then start up your infected computer from the thumdrive.
I see you are aware of bleepingcomputer.com. Good.
This page gives very clear, specific instructions on removing a similar nasty root kit virus, the first and only one I got since getting a PC in the early 1990’s.
http://www.bleepingcomputer.com/virus-removal/remove-antivir-solution-pro
Bump for a minute when I have a real keyboard.
Yes, use it. I am a computer systems engineer/technician. Have been for 15 years professionally. I wouldn’t steer a Freeper wrong. It is probably the ONLY thing that will work, unless there are instructions somewhere on how to manually remove every little piece of the nasty bugger. I would be willing to bet that even the manual removal involves ComboFix at some point!
How do you know that another computer is clean?
Why do you recommend that you download Malware Bytes to one computer and then transfer it to the infected computer via a thumb drive? What is the difference between a straight download and a transfer?
Thanks
I personally keep a “clean” PC by using Linux. I am a systems engineer, though, so my level of attention to my systems is a bit higher than most home users.
MalwareBytes is the bane of many virus/malware writers. It is exceptionally effective at cleaning PCs due to the heuristics algorithm they use and the open-source nature of the application. Downloading MBAM on an infected PC often leads to an infected MBAM installer at worst, or the inability to download and/or install the program at best. They will actually program viruses and malware today to immediately shutdown or prevent the startup of the MBAM.exe program file.
By downloading the installer and running the install from a thumb drive, you decrease the risk of compromising the installer and can oftentimes get the program installed, at a minimum, and rename the executable to something other than MBAM.exe to get it to run on an infected machine.
In worst-case scenarios, I recommend people boot into safe mode and run the MBAM.exe program to clean from a system that’s often “cleaner” than if booting normally.
ComboFix is the nuclear warhead of virus cleanup utilities. It is generally my next-to-last resort (reformatting being the last) when it comes to stubborn viruses and malware. I’ve personally only used it twice, and I had no issues afterwards.
I have heard anecdotal evidence that ComboFix has permanently nuked machines, so its use should be sparing.
Go Here http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011
Scroll down and follow the instructions in the section “Automated Removal Instructions for XP Anti-Virus 2011 & Win 7 Home Security using Malwarebytes Anti-Malware:”
There are three steps - run from safemode of course.
1, FixNCR.reg fixes the registry
2. Rkill - stop the rogue program from running
3. Malwarebyte - does the final clean up.
I have used this method several times to fix different version of this virus on work and friends computers. Works every time.
Malwarebytes did the trick along with the Microsoft product defender.
This worked. Thank you.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.