Sign In
Create Account
1
I followed instructions in http://forums.malwar...howtopic=107641 to remove Security Shield malware, but Trend Micro Core Protection Module keeps detecting various trojans. Also, after completing the scan, an icon for yorkyt.exe appeared on my desktop. Given the tenacity of the Security Shield malware, I assume this new file is part of the scam?
-
This topic is locked
Back to top
#2
Posted 05 July 2012 - 04:12 PM
-
- Experts
-
- 17,553 posts
Forum Deity
- Gender:Male
- Location:So. Plainfield, New Jersey, USA
That file belongs to Panda Security and is used to disinfect Trj/Sirefef and Rootkit/ZAccess (if it's the same one)
http://www.pandasecu...1672&idIdioma=2
Check the properties of the file, it should say.
MrC
http://www.pandasecu...1672&idIdioma=2
Check the properties of the file, it should say.
MrC
Malware Removal Expert
I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.
Thanks MrC & crew
#3
Posted 05 July 2012 - 05:02 PM
-
- Members
-
- 4 posts
New Member
I appreciate the response, but how did the file get there in the first place?
#4
Posted 05 July 2012 - 05:03 PM
-
- Experts
-
- 17,553 posts
Forum Deity
- Gender:Male
- Location:So. Plainfield, New Jersey, USA
I don't know, is it from Panda Security ? MrC
Malware Removal Expert
I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.
Thanks MrC & crew
#5
Posted 05 July 2012 - 05:29 PM
-
- Members
-
- 4 posts
New Member
It sure looked legit. Very strange. Also it appears the bad guys have engineered around the Chameleon solution, as the update/install sequence (in the cammand line box) fails.
I tried the real Panda tool to see if it would purge zaccess, and it said it was successful, but my Trend Micro scan keeps picking them up.
I'm going to have my IT guys simply wipe the drive clean and rebuild it. I've wasted an afternoon trying to clean it on my own.
BTW - I have labs too. Used to do field trials.
I tried the real Panda tool to see if it would purge zaccess, and it said it was successful, but my Trend Micro scan keeps picking them up.
I'm going to have my IT guys simply wipe the drive clean and rebuild it. I've wasted an afternoon trying to clean it on my own.
BTW - I have labs too. Used to do field trials.
#6
Posted 05 July 2012 - 05:51 PM
-
- Experts
-
- 17,553 posts
Forum Deity
- Gender:Male
- Location:So. Plainfield, New Jersey, USA
If you have ZeroAccess, then the best course of action is to format and reinstall.
This is the general warning we give to anyone infected:
Take a look at My Preventive Maintenance to avoid being infected again.
Good Luck and Thanks for using the forum, MrC
This is the general warning we give to anyone infected:
Quote
Your computer is infected with a nasty rootkit. Please read the following information first.
You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.
BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.
This allows hackers to remotely control your computer, steal critical system information and download and execute files.
I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451
When Should I Format, How Should I Reinstall
http://www.dslreports.com/faq/10063
I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards and......
Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.
You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.
BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.
This allows hackers to remotely control your computer, steal critical system information and download and execute files.
I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451
When Should I Format, How Should I Reinstall
http://www.dslreports.com/faq/10063
I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards and......
- There's a possibility that you'll lose your internet connections which I may not be able to correct and will require a repair install.
- There's also a possibility that during the cleaning procedure the computer will become unusable (won't boot) which will result in a repair install or complete format and install.
- I strongly suggest you back up all of the important items on the system before we continue.
Please let me know you have read this and agree to it.
Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.
Take a look at My Preventive Maintenance to avoid being infected again.
Good Luck and Thanks for using the forum, MrC
Malware Removal Expert
I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.
Thanks MrC & crew
#8
Posted 06 July 2012 - 06:43 AM
-
- Moderators
-
- 13,249 posts
Eradicator de logiciels malveillants
- Gender:Male
- Location:USA
- Interests:Security, Windows, Windows Update, malware prevention
Glad we could help. 
If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.
Other members who need assistance please start your own topic in a new thread. Thanks!
If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.
Other members who need assistance please start your own topic in a new thread. Thanks!
~Maurice Naggar
I close my threads if there is 5 days without a response.
I close my threads if there is 5 days without a response.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
