Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

*URGENT!* I need to know if I have ZeroAccess Infecting my PC?!?!

Created: 01 Feb 2014 • Updated: 12 May 2014 | 5 comments
This issue has been solved. See solution.

So Today I went to signup for a fourm and it said: 

Your IP 74.85.***.* has been blocked because it is blacklisted. For details please see http://www.spamhaus.org/query/bl?ip=**.**.***.*

Now when I looked at it I was listed in CBL and It Said: 

It appears to be infected with a spam sending trojan, proxy or some other form of botnet.

It was last detected at 2014-01-25 02:00 GMT (+/- 30 minutes), approximately 7 days, 18 hours, 29 minutes ago.

This IP address is infected with, or is NATting for a machine infected with the ZeroAccess botnet, also known as Sirefef.

=============================

SEP Didn't Pick It Up and I have all the nessecary software from symantec to remove but first I need to know if I am infected?!?!

Operating Systems:

Comments 5 CommentsJump to latest comment

.Brian's picture

Download and run the removal tool to see if anything comes up

http://www.symantec.com/security_response/writeup....

You can also try this removal tool

http://www.bleepingcomputer.com/download/tdsskiller/

What components of SEP do you have installed? Also, what version do you have running?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
Bgines's picture

SEP 7.5.1670

And I have Mangement Agent

and 6 Other Componets

Tell Me Is

i8042prt.sys That The Trojan Virus?

.Brian's picture

Did you run a scan with the removal tool?

You can submit that file to https://www.virustotal.com to see what comes up.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Bgines's picture

I used both removel tools no possible virus found!

VirusTotal No Possible Virus Found!

Why Does It Say I have the ZeroAcsess Trojan?

.Brian's picture

I checked your IP against 90 known blacklists and you only appeared on 1...not sure why, perhaps false positive

Download a second opinion scanner such as malwarebytes and run a full scan

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.