Win32:ZAccess-GI [Trj] and Java:CVE-2012-0507-KP

[the_airwarrior]

found 2 more on boot scan yesterday evening......  Win32:ZAccess-GI [Trj] and Java:CVE-2012-0507-KP, it said they both wee moved to chest, but I expanded the window and both had errors. The ZAcess said error0xC0000022.(-1073741790) and the Java said error The system could not find the specified file (2). What should I do next?

[DavidR]

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?

Your error = "The application failed to initialize properly (0xc0000022)" so I don't know if this also meant the boot-time scan crashed or just the process of trying to send the file/s to the chest.

Since this win32:ZAccess detection is I believe related to the zero access rootkit, so needs further investigation/analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.

[the_airwarrior]

well, you need not bother, I decided that since something was up, three virus's in three days, with the first one supposedly blocked by Avast but still made through, I wiped my SSD, reloaded Win7 and she is running smooth as silk. I wasn't sure if the first one was still lurking around, changing it's name to avoid detection etc.... thanks tho!

[DavidR]

You're welcome.

That is certainly one way of attacking the problem, for many though wiping their drive and starting again from scratch is worse than a root canal filling.

I'm not a malware removal specialist, but some rootkits can be a bit complex with changes to the MBR (and possibly having a hidden partition also). I'm not sure what you mean by wiped your SDD, if that is just formatting the primary partition and reinstalling windows.

It might be worth running some of the tools for confirmation, OTL and aswMBR.