I recently found a topic about a zeroaccess virus, but I couldn't post, because the thread has been marked as inactive.
The user has made a scan with farbars recovery scan tool (frst). This was on a windows system. The scan showed a x: partition flaged as (boot) and (fixed) with a size of 0,3 gb. 300mb.
On this partition is the virus to be located. I have the same problem and because this partition boots first, it has full control over the operating system. In my case, it was windows7.
Most partition programs even don't see this x: partition, and it is not hidden. Maybe this is because it's in use, I don't know. The trojan was suddenly activated on my system and I couldn't get any more updates for my antivirus program (avast free antivirus). This could be avoided by deactivating the windows scripting host with xp-antispy.
Then it became worse. I got a BSOD with the message "System code has been changed" and at this point, I was sure to have an active trojan on the system.
The reason why I post all this is, that I also am a victim of this kind of trojan and it is almost impossible to get rid of partition x:. Every time I deleted my hd entirely and created my partitions from scratch with parted magic, the trojan partition was also reinstalled when I installed windows 7 again. (64 bit)
I don't know where the installation routine is hidden, maybe the bios, maybe the firmware of my devices, hell, it could also be installed over my cracked and hacked router.
I don't know what to do.
I installed linux mint 13 a few days ago, but because this trojan partition is so tricky, I don't know if I am still infected neither I do know how to locate partition x: with the tools I have for use. That are parted magic and gparted. Both don't "see" a partition x:.
Also if the trojan on partition x: can't change code on a windows installation, because there is none, it could still be used as a keylogger or some kind of that.
I don't feel safe and I hope you guys don't ever meet this kind of hack.
Greetings,
subvision
At last, if someone knows a program like frst that doesn't needs a windows installed, please feel free to post it here. This is needed.
The user has made a scan with farbars recovery scan tool (frst). This was on a windows system. The scan showed a x: partition flaged as (boot) and (fixed) with a size of 0,3 gb. 300mb.
On this partition is the virus to be located. I have the same problem and because this partition boots first, it has full control over the operating system. In my case, it was windows7.
Most partition programs even don't see this x: partition, and it is not hidden. Maybe this is because it's in use, I don't know. The trojan was suddenly activated on my system and I couldn't get any more updates for my antivirus program (avast free antivirus). This could be avoided by deactivating the windows scripting host with xp-antispy.
Then it became worse. I got a BSOD with the message "System code has been changed" and at this point, I was sure to have an active trojan on the system.
The reason why I post all this is, that I also am a victim of this kind of trojan and it is almost impossible to get rid of partition x:. Every time I deleted my hd entirely and created my partitions from scratch with parted magic, the trojan partition was also reinstalled when I installed windows 7 again. (64 bit)
I don't know where the installation routine is hidden, maybe the bios, maybe the firmware of my devices, hell, it could also be installed over my cracked and hacked router.
I don't know what to do.
I installed linux mint 13 a few days ago, but because this trojan partition is so tricky, I don't know if I am still infected neither I do know how to locate partition x: with the tools I have for use. That are parted magic and gparted. Both don't "see" a partition x:.
Also if the trojan on partition x: can't change code on a windows installation, because there is none, it could still be used as a keylogger or some kind of that.
I don't feel safe and I hope you guys don't ever meet this kind of hack.
Greetings,
subvision
At last, if someone knows a program like frst that doesn't needs a windows installed, please feel free to post it here. This is needed.