Win XP Pro hit with Backdoor.MultiZAccess.gen Rootkit

I ran an Offline scanner over night and it didn;t do anything. I ended up doing a reinstall.

Thanks for your suggestions.

Are you sure about this? I have had a lot of experience with with zeroaccess and its not normally that easy to kill with just a reinstall.

@Russell, as long as it is not a firmware based rootkit, which in this case it isn't, then formatting and reinstalling will solve the problem.

The Pc appears to be clened up but this morning I noticed a Smart_HDD icon on the desktop and in the start menu, control panel and printers are not displayed.

I don't see any other symptoms of spyware. Can anyone provide a suggestion on how to dsafelt remove the Smart_hdd and resolve missing menu items? This is XP Pro.

@bigeven2002, if that's your view you need to do some more research on what a rootkit is and how they work.

TG-TIS,
There is a few options you can follow. Remove Smart HDD or follow Youngv's article 2012 varients.

Unhide should restore hidden items thy notice are missing. If Smart HDD is present rkill will remove the process from the process list and also check your file associations and restore them if needed. I would follow directly in order: rkill, unhide, then the rest of the tools mentioned. If tdsskiller works for you it will remove the rootkit component and repair the mbr. After the rootkit is safetly removed then you can format if you so choose and it will not come back.

Ok, I will try it and let you know what happens. Thanks for the help!

Np, Hope to get you sorted and safe.

Well the control panel option is available in the start menu now, but every time it boots, Windows installed pops up and wants to access an install as if the smart_hd app needs to be reinstalled.

It's a real pain. I have to click cancel about 10 times before it disappears.

Any idea how I stop it?

Ok, We are going to change the strategy here. We are going to use TheKiller and Comboxfix.

TheKiller will kill "Smart-HDD" from the process list, it also combines the functionality of "unhide" as well as fixes file extensions, and allows you to run Combofix. Post the log after it is finished.

I would try malwarebytes... It is easier for a non techie to use...  www.malwarebytes.org. Download the free one.

I ran Malwarebytes the other day and it did remove Start_hd, but then the Windows Installer starts up at every reboot and takes 10 minutes to stop. I also ran Combofix and it didn't remove all the virus activity.

I will try the Killer and then Combofix again. This system really got hit. A reinstall may eventually be required but it's at a remote location that I can't get to easily.

Well, I will get a better picture with this next combofix log that you post.