I ran a full scan and most of the items were taken care of but some say ‘failed’. Is there anything else I can do? I’ve attached the image of what items failed to be cleaned.
All of the items are located at c:\windows$NTUninstallKB5332$\276063608
Any assistance greatly appreciated.
(I can see the path to the $NTUninstallKB… at a DOS prompt but can’t see the 276063608 subdirectory at all.)
That looks like ZeroAccess Rootkit infection
i tried Norton’s Zero access cleaning tool but it reported no infections found. I’ll see what others suggest and try things. Thanks!
try kaspersky’s TDSS killer
Nope. I think I have to figure out what type of infection it is. Anyone know for sure?
To clarify, I tried the TDSSKiller and it did not work. That’s what I meant by “NOPE”. I do appreciate the idea.
try this, download kaspersky rescue disk boot from it and do a full scan. http://support.kaspersky.com/faq/?qid=208282173
download and install “Free commander” from ths site
Browse to the specific folder you mentioned and try to copy or zip those files. If you could do that please send the samples to me at firstname.lastname@example.org.
If you could actually browse that path, after making a backup, try to delete them, see if they can be deleted or not.
I tried free commander and although I can see the path I can’t do much with it (access denied). I am in the process of trying Kapersky Rescue Disk. I’m wondering if booting from a Comodo usb or disk might be able to eradicate the problem (I’ve been only doing it from a Win 7 install.
I’ll let you know how Kapersky Rescue Disk goes…
Thanks again to all for the suggestions.
It means that the user does not have enough rights to operate on the folder. You can change this in the Security Tab, in Properties section of the folder. Give “everyone” or “users” full permissions, including subfolders of this folder. That may solve your problem.
This particularly happens in case of KIDO infection, where the folder permissions are changed by the malware.
Best of luck with this, I have seen it work better in most cases.