000000CB.@ is Rootkit ZeroAccess

March 30, 2012 by NightWatcher
Filed under: Rootkit

Alex NightWatcher: Solved!

Fix it immediately:

Rootkit 000000CB.@ is software that enables continued privileged access to a computer while actively hiding its presence.
Detection and removal of 000000CB.@ may be a very difficult process.
You should use anti-rootkit software to fix the 000000CB.@ problem.

Malware Analysis of 000000CB.@
Full path on a computer: %Local Appdata%3308c706U00000cb.@

Detected by RegRun Warrior:

000000CB.@
Default location: %Local Appdata%3308c706U00000cb.@

Removal Results: Success
Number of reboot: 1

000000CB.@ is known as:

Rootkit.ZeroAccess

000000CB.@ hash:

MD5: 6cad6d352150bf5df70ea2eff25e8bd3

How to quickly detect 000000CB.@ presence?

Registry:

HKLMSystemCurrentControlSetServicesse59nd5ParametersServiceDll: “%systemroot%system32CTSBLFX.DLL.dll”

Folders:

%WinDir%$NtUninstallKB3057$

Files:

%Local Appdata%3308c706@
%Local Appdata%3308c706U0000001.@
%Local Appdata%3308c706U00000c0.@
%Local Appdata%3308c706U00000cb.@
%Local Appdata%3308c706U00000cf.@
%Local Appdata%3308c706U80000000.@
%Local Appdata%3308c706U800000c0.@
%Local Appdata%3308c706U800000cb.@
%Local Appdata%3308c706U800000cf.@
%Local Appdata%3308c706X
%WinDir%assemblyGAC_MSILDesktop.ini
%SysDir%CTSBLFX.DLL.dll
%SysDir%dds_log_ad13.cmd

Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

Written by NightWatcher

Malware Hunter.
Google+

Tags: 000000CB.@, Rootkit, ZeroAccess

Comments

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

You must be logged in to post a comment.

Greatis Software
AverScanner

AverScaner- EveryDay Malware Scan
Testimonials

Bob
The UnHackMe is a real program, no spyware or phish and works great and is easy to use. Enjoy!
Impove boot up time

Run a free scan to diagnose your PC: Start Test!

Blogroll