Jump to content

OA free and Zeroaccess rootkit

Recommended Posts


Friend text-ed me this link and I'd like to share it here.

Cxxxxx Dxxxxxx Pxxx Byapssed by Zeroaccess rootkit

What setttings may be done in OA so that we are protected from this Zeroaccess rootkit?

I am using OA Premium at the moment and will soon be in the free version if I can't renew.

Any settings that we should adjust for protection?

I refuse to believe that OA can't nail this one. OA Premium has really improved imho. Less pop-ups and seems lighter.



Link to post
Share on other sites

OA detects the sample aigle uses just fine on all of my test boxes with default settings. I am not sure why aigle has different results but I will try to get the necessary information we need in order to reproduce the problem.

Well, did you choose Install Mode in the pop-up that appears immediately after having started the Flash installer?

As far as I know the Online Help and both the Emsisoft Team and the Moderators on this forum strongly recommend to choose "Install Mode" for known and trustworthy installers, just to prevent that too many pop-ups may raise from Online Armor during the installation process - and that Flash installer is actually digitally signed.

Link to post
Share on other sites
Well, did you choose Install Mode when launching the Flash installer?

Install mode requires trusting the application which essentially is a free ticket to let it do whatever it likes to do. So obviously that would kind of defeat the purpose and is the reason why both options must be enabled manually by the user. So obviously Install Mode wasn't used by aigle or me. When you take a look at the Wilders thread again you will see that I already posted an update there. Eventually one of our team was able to reproduce the bypass on his system. Once we had a test case to analyze it took a few minutes to come up with a workaround that we published via online update to all Online Armor users earlier this morning.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...