Devirusare ZeroAccess Sirefef Rootkit – Ghid complet de eliminare

12 responses to “Devirusare ZeroAccess Sirefef Rootkit – Ghid complet de eliminare”

1. 
   Morphinne

   September 27, 2011 at 3:38 PM | Permalink | Reply

   De asemenea stick-ul il putem face bootabil cu UNetbootin( http://unetbootin.sourceforge.net/ ) !
   Sa nu fie cu suparare ca am venit in completare cu asta dar m-am gandit ca ar prinde bine.

   1. 
      Gigi

      September 27, 2011 at 4:01 PM | Permalink | Reply

      Si eu foloseam UNetbootin inainte dar daca tot exista utilitar special pentru Kaspersky l-am recomandat pe asta.

2. 
   nicolae

   September 28, 2011 at 6:00 PM | Permalink | Reply

   Pe devirusare.com am vazut ca Hitman Pro rezolva problema aceasta simplu si eficient

   1. 
      Gigi

      September 28, 2011 at 6:14 PM | Permalink | Reply

      Tu il crezi? Acel video este din 15 iulie. Hitman Pro nu reuseste sa elimine ultimele variante ale ZeroAccess. Noi testam fiecare metoda, nu ca altii.

3. 
   Bibisor

   September 29, 2011 at 10:19 PM | Permalink | Reply

   Baietii de la Bitdefender au scos si removal standalone,scoateti rescue CD ca e prea complicat.

   http://www.malwarecity.com/blog/how-to-remove-zeroaccess-rootkitsirefef-from-your-pc-as-easy-as-1-2-3-1160.html

   1. 
      Gigi

      September 30, 2011 at 10:43 AM | Permalink | Reply

      Si HitmanPro au scos un nou build (130) care scoate rootkitul. Versiunea 129 data din 10 august. Voi actualiza articolul.

4. 
   Bibisor

   September 30, 2011 at 12:02 PM | Permalink | Reply

   Credeam ca actualizezi articolu cu alte removal-uri…………(x300)

5. 
   Bibisor

   September 30, 2011 at 12:08 PM | Permalink | Reply

   Acu il vad.
   Delete post.

6. 
   petra

   November 2, 2011 at 6:43 PM | Permalink | Reply

   A functionat.Prima metoda.
   Mai greu ,pt un neinitiat.Dar incet-incet, am facut iso. pe usb.
   Computerul nu mai mergea pornit nici macar in safe mode !!!
   Am boot-at de pe stick, a scanat , nenorocire – vreo 18 bucati! A facut curatenie, si-a repornit computerul …
   Spre surprinderea mea , chiar a incarcat Windows-ul.A facut Check Disk-ul, si voila: N-a fost nevoie de reinstalare !

   Multumesc!

   1. 
      Gigi

      November 3, 2011 at 7:15 PM | Permalink | Reply

      Cu placere.

7. 
   VadVoci

   March 11, 2012 at 10:58 AM | Permalink | Reply

   O noua varianta de Trojan Zeroacces . Cred ca l-am luat de pe http://mondoplast.net sau http://supraveghere.ro pentru ca numai cele doua adrese le aveam deschise in firefox

   Process name: 96.tmp.exe ,Local Port:1845, Remote Port:80 , Remote Address:
   host-88-132-39-250.prtelecom.hu
   ProcessPath: C:\Documents and Settings\User\Local Settings\temp\96.tmp

   The following changes have been created in Registry:

   [HKEY_CURRENT_USER\Software\568d6bf5]
   “u”=dword:000000c1
   “id”=hex(b):5f,7e,58,cf,a0,81,a7,30

   [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
   “Shell”=”C:\\Documents and Settings\\User\\Local Settings\\Application Data\\568d6bf5\\X”

   The following folders and file have been created:

   C\WINDOWS\$NtUninstallKB49799$\_2239823485_.zip
   C\WINDOWS\$NtUninstallKB49799$\1452108789\loader.tlb
   C\WINDOWS\$NtUninstallKB49799$\1452108789\@
   C\WINDOWS\$NtUninstallKB49799$\1452108789\L\hwuibelv
   C\WINDOWS\$NtUninstallKB49799$\1452108789\U\@800000c0
   C\WINDOWS\$NtUninstallKB49799$\1452108789\U\@800000cb
   C\WINDOWS\$NtUninstallKB49799$\1452108789\U\@80000000
   C\WINDOWS\$NtUninstallKB49799$\1452108789\U\@800000cf
   C\WINDOWS\$NtUninstallKB49799$\1452108789\U\@000000cb
   C\WINDOWS\$NtUninstallKB49799$\1452108789\U\@00000001
   C\WINDOWS\$NtUninstallKB49799$\1452108789\U\@000000cf

   C:\Documents and Settings\User\Local Settings\Application Data\568d6bf5

   C:\Documents and Settings\User\Local Settings\Application Data\568d6bf5\X

   C:\Documents and Settings\User\Local Settings\Application Data\568d6bf5\loader.tlb

   C:\Documents and Settings\User\Local Settings\Application Data\568d6bf5\@

   C:\Documents and Settings\User\Local Settings\Application Data\568d6bf5\U\80000000.@
   C:\Documents and Settings\User\Local Settings\Application Data\568d6bf5\U\800000cf.@
   C:\Documents and Settings\User\Local Settings\Application Data\568d6bf5\U\800000cb.@
   C:\Documents and Settings\User\Local Settings\Application Data\568d6bf5\U0000001.@
   C:\Documents and Settings\User\Local Settings\Application Data\568d6bf5\U00000cf.@
   C:\Documents and Settings\User\Local Settings\Application Data\568d6bf5\U00000cb.@
   C:\Documents and Settings\User\Local Settings\Application Data\568d6bf5\U00000c0.@

   C:\WINDOWS\Temp\_ex-08.exe
   C:\WINDOWS\Temp\_ex-68.exe

   etc….

8. 
   VadVoci

   March 16, 2012 at 5:25 PM | Permalink | Reply

   Uite de unde am luat virusul : hxxp://www.supraveghere.ro/js/standard.js

Leave a Reply Click here to cancel reply.