When I log into my computer the last two days I am receiving a message saying I have risks that should be addressed and to check my "Risk Log". When I check the log it identifies the "80000000.@" Trojan.ZeroAccess.B. It says the action taken was "Log Only". All the other associated files that the scan found were deleted. Do I need to be concerned with the remaining "80000000.@" file that remains? I only get the alert once when I log in and my computer appears to be acting normal. I just don't want to have any security risks on my computer when doing business.
Thanks for the help!
Comments 4 Comments • Jump to latest comment
That could be due to the configuration of your SEP/SEPM. You could run PowerEraser if you want to remove them
http://www.symantec.com/theme.jsp?themeid=spe-user-guide
This doesnt use your configuration and you get the option to delete. This can be more aggressive than the normal SEP scanning engine so taking a backup of your critical files is recommended.
http://www.cstl.com
Hello,
Trojan.Zeroaccess is a Trojan horse that uses an advanced rootkit to hide itself. It can also create a hidden file system, downloads more malware, and opens a back door on the compromised computer.
Check the Removal Tool on the link below:
http://www.symantec.com/security_response/writeup.jsp?docid=2011-071314-0410-99&tabid=3
I would suggest you to check this Article:
Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.
and submit the Suspicious Files to the Symantec Security Response Team.
and Check these Threads:
https://www-secure.symantec.com/connect/forums/how-stop-trojangen2-coming-my-computer
https://www-secure.symantec.com/connect/forums/how-stop-antivirus-repeatedly-detecting-same-threat
Secondly, Did you try running the SERT utility to remove this threat?
http://www.symantec.com/docs/TECH131732
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
Hi AGarst,
There are a few threats that SEP's built-in engines cannot remediate. SEP will still raise a warning flag when it encounters them, prompting the admin to take action. If a full system scan in safe mode does not succeed, run the Removal Tool that Mithun has linked: that should successfully remove the threat.
Please do keep this thread up-to-date with your progress! &: )
With thanks and best regards,
Mick
I believe I have fixed the issue as I am no longer getting the alert after a full system scan and it is no longer appearing on the log.
I ran Malwarebyte's Anti-Malware while in safe mode and it was able to pick up the file and remove it from the computer. I then ran a full system scan and the Anti-Malware software after a full system restart and it did not find the file again.
Looks like that might have solved the problem! Thanks everyone for their feedback!
Would you like to reply?
Login or Register to post your comment.