[nullptr]

In my testing of recent samples, it seems that TDSSKiller v2.7.22.0 does a pretty good job of curing the infected driver + cleaning out the $NtUninstallKBxxxxx$ directory. The empty $NtUninstallKBxxxxx$ remains after it's finished, but just needs permissions changed to delete. Other than that, there's just the usual dregs to clean up.

[rkhunter]

MD5: 121F61B3910DB3946AA88D07DBAE8661
1/42

[rkhunter]

MD5: D2293F6F9B33919CAF748A750038F189
1/42

[R136a1]

Whitepaper by Symantec (22.3.2012):

ZeroAccess Infection Analysis
http://www.symantec.com/content/en/us/e ... alysis.pdf

[thisisu]

MD5: e43d529ff4954c3c1179c777a1b1a041
https://www.virustotal.com/file/b628067 ... 333266317/

[rkhunter]

ZeroAccess droppers collection (since Jan '12) http://narod.ru/disk/44867459001.29f0ff ... s.zip.html

[thisisu]

MD5: d54380f953e1ec9581130143c4922eb5
https://www.virustotal.com/file/9920099 ... 333418322/

[thisisu]

MD5: d5c0204c353df61ec441c834c56c4b03
https://www.virustotal.com/file/dffde10 ... /analysis/

[thisisu]

MD5: 87aeb688904ad5b7c3b31a2f8131b33b
https://www.virustotal.com/file/45d526b ... 333609823/

[rkhunter]

MD5: 0D3864AD40A03D360C6D8CD3D576683E
https://www.virustotal.com/file/777e566 ... /analysis/