ZeroAccess Removal Tool by BD

Discussion in 'other anti-malware software' started by SUPERIOR, Sep 29, 2011.

Thread Status:
Not open for further replies.
  1. SUPERIOR

    SUPERIOR Registered Member

    Joined:
    Dec 10, 2007
    Posts:
    161
    Location:
    Syria
    download
     
  2. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Good to know :thumb:
     
  3. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    So this is a Bitdefender product? I wonder why it's hosted at malwarecity.com instead of bitdefender.com? Bitdefender's free removal tools are here:

    http://www.bitdefender.com/site/Downloads/browseFreeRemovalTool

    and I don't see this zeroaccess removal tool there. That said Norton Internet Security says the file is safe.

    Webroot also has a tool for removing zeroaccess, which by the way was the rootkit which disabled Norton Internet Security in a couple of videos posted on Youtube recently.
     
  4. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Malwarecity.com belongs to BitDefender. If you pay close attention to the link you provided, you'll see links to Malware City blog.
     
  5. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    Thanks for the clarifying. With a name like "malware city" I wanted to make sure the site was legit.

    Edit: Yes, I'm seeing references to Malware City on the site now. Still think it's an odd domain name for security vendor :cool:
     
    Last edited: Sep 30, 2011
  6. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Thanks, time for another update soon.
     
  7. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Interesting...

    BD's tool is nearly 6MB. Webroot's tool is 183 KB.

    BD's removal tools tend to be large... dare I say extra large. What the heck do they put inside those tools?
     
  8. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Interesting that the official website doesn't have it. Why are there 2 different BitDefender sources?
     
  9. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    I haven't tried running the BD tool yet, but I've seen the WR tool and it's a commandline utility. Maybe the BD tool has a GUI.
     
  10. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Maybe... But, as an example, Kaspersky's removal tool TDSSKiller is 1.47 MB. BitDefender's tool is 6.72 MB.

    Kaspersky's tool has a GUI. I don't know about BD's. BD's tools seem to be on steroids. :argh:
     
  11. SUPERIOR

    SUPERIOR Registered Member

    Joined:
    Dec 10, 2007
    Posts:
    161
    Location:
    Syria
    Tested and working with no problem
    but too slow to load and slow during scanning
    size is big because many files guess mostly about 4.5 MB core of scanning engine rest maybe for GUI :D
     
  12. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    It's big, because BitDefender is huge.
     
  13. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Yes, I also gave it a run. You're right, it's too slow. After more than 5 minutes, I simply cancelled the scan.
     
  14. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    Regarding the zeroacess rootkit there is a new removal tool from webroot, digitally signed September 23, here:

    http://blog.webroot.com/2011/07/19/zeroaccess-gets-another-update/

    Look to the right side of the page for the download link to antizeroaccess.

    And if you're interested in learning more about how zeroaccess works the blog article is a very interesting read. This is one very serious piece of malware.
     
  15. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    How effective are bootable Antivirus Rescue Disks against ZeroAccess (Especially the latest version of ZeroAccess)?
     
  16. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    I've not experimented myself,but I'm guessing they'll be successful given that they'll be scanning outside of the infected system rendering the malware inert.
     
  17. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    Using bootable media is the first important step since the malware is not active. Next it depends on how effective the signatures are for detecting, deleting and undoing the effects of the malware. There has been a lot of discussion of the zeroaccess rootkit in the Norton Internet Security forum. The Symantec rep says it is being worked on, but couldn't say with certainty that the signatures are currently available for Norton Power Eraser.
     
Loading...
Thread Status:
Not open for further replies.