Author Topic: Win32:ZAccess-GI [Trj] and Java:CVE-2012-0507-KP  (Read 2333 times)

0 Members and 1 Guest are viewing this topic.

the_airwarrior

  • Guest
Win32:ZAccess-GI [Trj] and Java:CVE-2012-0507-KP
« on: July 07, 2012, 02:24:38 PM »
found 2 more on boot scan yesterday evening......  Win32:ZAccess-GI [Trj] and Java:CVE-2012-0507-KP, it said they both wee moved to chest, but I expanded the window and both had errors. The ZAcess said error0xC0000022.(-1073741790) and the Java said error The system could not find the specified file (2). What should I do next?

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 89228
  • No support PMs thanks
Re: Win32:ZAccess-GI [Trj] and Java:CVE-2012-0507-KP
« Reply #1 on: July 07, 2012, 03:02:59 PM »
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?

Your error = "The application failed to initialize properly (0xc0000022)" so I don't know if this also meant the boot-time scan crashed or just the process of trying to send the file/s to the chest.

Since this win32:ZAccess detection is I believe related to the zero access rootkit, so needs further investigation/analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

the_airwarrior

  • Guest
Re: Win32:ZAccess-GI [Trj] and Java:CVE-2012-0507-KP
« Reply #2 on: July 08, 2012, 05:02:09 AM »
well, you need not bother, I decided that since something was up, three virus's in three days, with the first one supposedly blocked by Avast but still made through, I wiped my SSD, reloaded Win7 and she is running smooth as silk. I wasn't sure if the first one was still lurking around, changing it's name to avoid detection etc.... thanks tho!

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 89228
  • No support PMs thanks
Re: Win32:ZAccess-GI [Trj] and Java:CVE-2012-0507-KP
« Reply #3 on: July 08, 2012, 12:30:24 PM »
You're welcome.

That is certainly one way of attacking the problem, for many though wiping their drive and starting again from scratch is worse than a root canal filling.

I'm not a malware removal specialist, but some rootkits can be a bit complex with changes to the MBR (and possibly having a hidden partition also). I'm not sure what you mean by wiped your SDD, if that is just formatting the primary partition and reinstalling windows.

It might be worth running some of the tools for confirmation, OTL and aswMBR.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security