Tuesday, March 6, 2012

Get rid of Rootkit.0access.H gently cleaning white-listed area of your PC

Rootkit.0access.H is a variant of notorious Zero Access virus, one of the most sneaky computer infections ever.
The infection is often associated with Google errors. True, it may stand behind the issues. It is also true that the virus is aggressive towards software products that can remove Rootkit.0access.H and other infections. That is, an antivirus to get rid of the rogue should be able, first of all, to protect its own components from the attacks by the malware. That is a prerequisite of a successful removal of Rootkit.0access.H.
The infection effectively hides its components used common but still successful in terms of escaping antivirus tools technique of creating a hidden volume in system files section of computer memory. Basically, that is a white-listed area, which a good many security solutions merely dare not clean as a slightest error may cause greats damage up to system collapse.
Safe extermination method for the rootkit is available though – click the free scanner link to clean the infection completely keeping your system files intact. 

Rootkit.0access.H manual removal guide:
Delete infected files:
%System%\drivers\[RANDOM CHARACTERS].sys
%Temp%\[random]
C:\WINDOWS\system32\[random name].dll
C:\Windows\System32\lxbu_device.dll
C:\WINDOWS\system32\NCUSBw32.dll
C:\WINDOWS\system32\amdk8.dll
C:\WINDOWS\system32\avidstartup.dll
C:\WINDOWS\system32\mail2ec.dll
C:\WINDOWS\system32\o2flash.dll
C:\WINDOWS\system32\p1131vid.dll
C:\WINDOWS\system32\tb2launch.dll
C:\WINDOWS\system32\wdica.dll
Delete registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'Yes'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDesktop" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = '0'

No comments: