Tetrium wrote:This sounds like a veeery nasty infection.
What I often do is slave the infected drive to another rig and scan from there (though usually I just do the reformat thingy)
I did just that. And passed a full scan of Kaspersky (fully updated), Microsoft Security Essentials (fully updated) and McAfee Command line scanner (fully updated).
I thought that doing 3 full passes with 3 different antivirus would be enough, but... sadly, no.
It seemed to had cleaned most of the malware, but ZeroAccess was still there, and still managed to reinstall itself a few minutes later 🙁
Had to remove it manually. It was laborious and cumbersome. And hiding itself in a reparse point is really clever. You cannot remove its folder using normal windows commands or the Windows Explorer.
The only way to remove it is to first unlink the reparse point, using the fsutil tool.
Afterwards, you have to change the folder NTFS permissions, and then finally you can remove it.
A pain in the ass, believe me!