trojan horse removal problem

Hello creasey84,

as the analysis for Troj/ZAccInf-B says, Files detected as Troj/ZAccInf-B may not always be disinfectable and may have to be restored from backup.

If you don't have a backup the original version might be nevertheless on your computer (depending on the OS version and its history). You could search your C: drive (make sure sure search for hidden and system files) - IIRC there weren't any changes since 2009.

Christian

hi received computer off someone they didnt have a clue about it (good job i didnt pay for it) there is no restore point on the computer !!!!!

Not unlikely that there is no (usable) restore point after a (partial) infection anyway.

For XP services.exe could be in one or more of the subdirectories of C:\WINDOWS\$hf_mig$\KB956572 for example.

Christian

@ creasey84:  looks like you have a rootkit....the Trojan being detected is part of the ZeroAccess family of malware

http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~ZAccInf-B/detailed-analysis.aspx

Check this site for details about ZeroAccess.

known behavior includes

• Disable security applications
• Downloads malicious files
• Infects files
• Steals information

This information is quoted from the Wikipedia Rootkit page:

Rootkit detection is difficult because a rootkit may be able to subvert the software that is intended to find it. Detection methods include using an alternative, trusted operating system; behavioral-based methods; signature scanning; difference scanning; and memory dump analysis. Removal can be complicated or practically impossible, especially in cases where the rootkit resides in the kernel; reinstallation of the operating system may be the only available solution to the problem.

Bottom line:  time to back up all your data and rebuild your computer.