Comments on: ZeroAccess Gets Another Update

By: ZeroAccess APC: My First blog post | AaLl86 Security

ZeroAccess APC: My First blog post | AaLl86 Security — Thu, 11 Apr 2013 20:13:30 +0000

[...] Per una analisi globale dettagliata rimando agli articolo scritti da colui che ritengo essere il master della sicurezza Informatica, il collega Marco Giuliani: http://www.prevx.com/blog/171/ZeroAccess-an-advanced-kernel-mode-rootkit.html e http://blog.webroot.com/2011/07/19/zeroaccess-gets-another-update/. [...]

Targeting ZeroAccess Rootkit’s Achilles’ Heel — Wed, 23 May 2012 22:12:18 +0000

[...] is one of the most talked and blogged,[1][2] about rootkits in recent times. It is also one of the most complex and highly [...]

Tue, 01 May 2012 16:02:34 +0000

[...] is one ofÂ the many talked and blogged [1], [2]Â about rootkits in new times. It is alsoÂ one ofÂ the many formidable and rarely [...]

Tue, 01 May 2012 06:58:20 +0000

[...] is one of the most talked and blogged [1], [2] about rootkits in recent times. It is also one of the most complex and highly [...]

Targeting ZeroAccess Rootkit’s Achilles’ Heel — Tue, 01 May 2012 04:05:46 +0000

[...] is one of the most talked and blogged [1], [2] about rootkits in recent times. It is also one of the most complex and highly [...]

Ceptera Security Newswire » Targeting ZeroAccess Rootkit’s Achilles’ Heel: — Tue, 01 May 2012 00:16:24 +0000

[...] is one of the most talked and blogged [1], [2] about rootkits in recent times. It is also one of the most complex and highly [...]

Targeting ZeroAccess Rootkit’s Achilles’ Heel | Security Antivirus Virus — Tue, 01 May 2012 00:04:44 +0000

[...] is one of the most talked and blogged [1], [2] about rootkits in recent times. It is also one of the most complex and highly [...]

ZeroAccess APC: My First blog post « AaLl86 Security — Mon, 07 Nov 2011 21:22:54 +0000

Marco Giuliani — Mon, 24 Oct 2011 19:16:44 +0000

Please try using our latest release of ZeroAccess removal tool we released on our blog earlier this month? Thanks!

Till — Thu, 29 Sep 2011 13:31:55 +0000

Hi,

I’ve discovered traces of a ZeroAccess Rootkit on my PC, but have not been able to identify it.

I do have on object called $NtUninstallKB43536$ in C:\WINNT which is a symbolic link. Junction (Sysinternals tool) tells me:

c:\winnt\$NtUninstallKB43536$: SYMBOLIC LINK
Print Name : c:\windows\system32\setup
Substitute Name: \Device\svchost.exe\setup

I already ran your tool antizeroaccess.exe – nothing found.

Any other ways to proceed?