[360Tencent]

http://www.symantec.com/connect/blogs/t ... en-ntfs-ea

Throughout Zeroaccess’ life span we have seen several novel techniques that posed various challenges; however, the antivirus industry has quickly adapted and responded with new technologies.

and

http://blog.trendmicro.com/zaccesssiref ... technique/

...

[rkhunter]

http://www.symantec.com/connect/blogs/t ... en-ntfs-ea

ha-ha-ha x10

[EP_X0FF]

http://www.symantec.com/connect/blogs/t ... en-ntfs-ea

Throughout Zeroaccess’ life span we have seen several novel techniques that posed various challenges; however, the antivirus industry has quickly adapted and responded with new technologies.

and

http://blog.trendmicro.com/zaccesssiref ... technique/

...

Exact two months after complete investigation they finally poped up some articles with noob screenshots and noob findings. GJ.

[dumb110]

Hmm...It looks like the malware boys involved in tdl3 tdl4 development migrated to zaccess making

[thisisu]

When experimenting with this malware, has anyone else noticed that desktop icons get repositioned on their own after a reboot?

I will give you some examples:

http://forums.majorgeeks.com/showpost.p ... ostcount=6
http://forums.majorgeeks.com/showpost.p ... stcount=11
http://forums.majorgeeks.com/showpost.p ... stcount=19
http://forums.majorgeeks.com/showpost.p ... ostcount=1 (Read title of thread)

It happens on both live and VMs for me, but I do not know what needs to be reverted in order to fix it. I'm guessing it is a certain registry value :?

Thanks for any help on this.

[Win32:Virut]

I'm not sure, but please try (I don't know much about malware removing):

Code: Select all

reg delete HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /f

When experimenting with this malware, has anyone else noticed that desktop icons get repositioned on their own after a reboot?

I will give you some examples:

http://forums.majorgeeks.com/showpost.p ... ostcount=6
http://forums.majorgeeks.com/showpost.p ... stcount=11
http://forums.majorgeeks.com/showpost.p ... stcount=19
http://forums.majorgeeks.com/showpost.p ... ostcount=1 (Read title of thread)

It happens on both live and VMs for me, but I do not know what needs to be reverted in order to fix it. I'm guessing it is a certain registry value :?

Thanks for any help on this.

[thisisu]

I'm not sure, but please try (I don't know much about malware removing):

Code: Select all

reg delete HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /f

Thanks for helping. I think you are onto something because that CLSID key was still present on a live machine I have here (previously infected with Sirefef). I did what you suggested and deleted it. Then I rebooted, customized the arrangement of icons, rebooted once more, but unfortunately the problem still persists. All the icons shift to the TOP LEFT portion of screen upon reboot.

[tachion]

Antivirus Reviews
what the end key / f :lol:

Thisisu


The problem is using HitmanPro.
When disinfection program Malwarebytes problem occurs

It also helps to create a new administrator account :)

[malwarian]

thisisu

This symptom can be found on most of zero access infected machines.You're lucky because you have only few users who complained of this stuff :lol: We are facing this for long time :( .New user account will work but problem returns when we migrate user profile from old to new one.We have opted for system restore in some cases. :lol:

[thisisu]

Antivirus Reviews
what the end key / f

Forces, no prompt before deletion.

The problem is with HitmanPro or Malwarebytes?

Thanks for the suggestions / information. :)