• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

zeroaccess rootkit - trouble sharing over network

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
mrsteve0924

mrsteve0924

Cubed Beef Stew Member
Joined
Jul 4, 2013
Location
new york
this is baffling me. recently infected with zeroaccess rootkit virus which wreaked havoc on my vista laptop. cleaned up most of the damage but i think something is affecting the network services.

home network set up with win 7 desktop and vista laptop. win7 connected to router via ethernet, laptop is wireless. they each show up on each other's network folder, but only the vista laptop can see the shared files on the win 7 pc. the win 7 pc cannot access any of the shared folders on vista.

i can ping any device from the vista laptop successfully but cannot ping the vista laptop from the win 7 pc or from the router.

i have tried everything to fix this...for 5 days now..i will try listing all the troubleshooting i did

disabled firewalls, only MS essentials AV running (no other security software), same workgroup names, uninstalled/reinstalled network cards, tried resetting tcp/ip stack and winsock, ensured advance firewall setting are set to allow traffic, tried connecting in safe mode, switched from wireless to ethernet connection to router, flushed dns cache, reset ip settings, some other things i am sure i forgot at this point.

anyone willing to offer some suggestions?
 
Based on the fact that a single device was infected on the network, you should assume that all devices are therefore infected and take the appropriate actions on them as well.

For cleanup, I don't see (maybe you just didn't document) that you did a few things I would suggest.

In Safe Mode with Networking

1. Reset Internet Explorer
Internet Options > Advanced > Restore Advanced Settings... then "...Reset" and check "Delete personal settings."

2. Check your Host file
I know you may have done this, but open it again and scroll down. A trick often used is to carriage return beyond what Notepad typically displays and put the erroneous entries there so everything 'looks' fine when you open it. Clean up if needed

3. Delete your Address Resolution Tables
Command prompt as Admin > type (in order)

ipconfig /release
arp -d
ipconfig /flushdns
ipconfig /renew
 
I hate to recommend this, but the only way I know to remove ZeroAccess is to wipe the machine. I have seen many enterprise networks get infected by this malware and it is nearly impossible to remove.
 
You must log in or register to reply here.

Similar threads

AngelfireUk83
Win 11 Issue With Mapped Drive
Replies
9
Views
726
AngelfireUk83
AngelfireUk83
U
Good PC network card
Replies
4
Views
818
EarthDog
EarthDog
don256us
Network upgrades.
2
Replies
31
Views
2K
don256us
don256us
T
Need help setting up my new mesh network
Replies
2
Views
758
David
David
M
Home network setup
Replies
4
Views
543
Janus67
Janus67
Back