System infected by RootKit.0Access.H

[pUSHPITA]

Sponsored Links

I dont know how and when my Windows XP system got infected with RootKit.0Access.H. Since last 2 days while browsing my browser was getting redirected to some other sites automatically, my programs were talking too much time to launch, any many such weird behaviors. hence I scanned my system with AVG antivirus, and it located the said rootkit but was unable to delete it. Now I don’t what to do and how to solve this issue because my AVG antivirus is grayed out and I am not even able to scan anymore. So am here. Please help me out removing RootKit.0Access.H.

[Captain Samuel Salt]

Yes,RootKit.0Access.H is indeed a dangerous trojan and should be removed as soon as possible to prevent your system. Anyways, just follow these steps to do the same. First of all go to the below location and delete the all files and folder which given below:

Code:

 %WINDOWS%system32[random_name].dll
    %WINDOWS%System32lxbu_device.dll
    %WINDOWS%system32NCUSBw32.dll
    %WINDOWS%system32amdk8.dll
    %WINDOWS%system32avidstartup.dll
    %WINDOWS%system32mail2ec.dll
    %WINDOWS%system32o2flash.dll
    %WINDOWS%system32p1131vid.dll
    %WINDOWS%system32tb2launch.dll
    %WINDOWS%system32wdica.dll
    %WINDOWS%ystem32drivers[random_characters].sys
    %Temp%[random]

Now open windows registry editor by typing "regedit" in Win+R command prompt. Under registry go to the below location and remove all keys and values which given below:

Code:

  HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Use FormSuggest” = ‘Yes’
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings “CertificateRevocation” = ’0′
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings “WarnonBadCertRecving” = ’0′
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesActiveDesktop “NoChangingWallPaper” = ’1′
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations “LowRiskFileTypes” = ‘.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;’
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAttachments “SaveZoneInformation” = ’1′
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer “NoDesktop” = ’1′
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem “DisableTaskMgr” = ’1′
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “[random].exe”
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem “DisableTaskMgr” = ’1′
    HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload “CheckExeSignatures” = ‘no’
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced “Hidden” = ’0′

Once you finish removing everything, just reboot the system for best result….

[Zared]

Even i had faced this issue in past on my Windows 7 system. I removed the same using a third party tool called TDSSkiller. I just installed and scanned my system. It detected RootKit.0Access.H and terminated it itself. So I would like to recommend you to install TDSSkiller and remove the rootkit.