Over the past four days I, on and off, had to look at my kids computer. The basic symptoms were “every time I search for something in Google I get redirected to another site” and then it moved on to “the internet is not working…at all“. When I first looked at it I noticed a strange looking executable named “2398764521:2143489.exe” or something like that in the process explorer. The colon is a clear sign this is not a normal process. I then searched the Windows registry and under services found the EXE under a folder named “2728″ – once again…strange. I attempted a few things first, removing the entries, rebooting, and seeing if the EXE would disappear. I searched all start up areas in the system and registry and cleaned them out…nothing seemed to work. I then did the same process in Safe mode – to no avail the virus was still there after a standard launch.
I then searched and searched and finally found this article. The symptoms were identical, was this the ZeroAccess virus? I downloaded the tool, TDSS killer, to see if it could remove the virus. I had to download it on another computer as the kids computer could not access the internet with any of the three installed browsers. I then copied the tool over to a USB stick and renamed it to a “.com” file as directed in the article.
The tool found three variations of ZeroAccess on the computer and cleaned them up. I was shocked how easy the tool was to use and it looks like everything is fine now. I just had to blog about this and share the experience.
I too have found four rootkit problems on this pc. I used to have a slave hard drive in the pc which suddenly stopped working and every time on boot up I had to press the F1 key to boot into windows. It told me in the boot up that the pc had a slave hard drive failure. I think that the rootkit virus has damaged the hard drive,is this correct?.
Do let me know asap.
It is possible, try doing the instructions from that article and see if the FAT table on the drive has been corrupted.