More Nefarious Strain of Zacinlo Malware Infecting Windows 10 Machines

Revamped Zacinlo Malware Poses More Serious Threat to Windows 10 PCs, antivirus, anti-malware, Malwarebytes, Symantec

Re-designed to specifically target W10 machines
Installs low-level Rootkit
Disables AV
Uploads info to C&C server
Serves ads
Runs a UI-free browser secretly in the background
Sets up MIM attacks

Kujawa said that Zacinlo needs to be taken seriously. “Despite it’s seemingly benign threat to users, Zacinlo and other similar threats, contain the ability to install additional malware on the system.”
Currently the best known means of transmitting the Zacinlo malware is as part of the payload for a fake VPN package. The package looks like a VPN client, but doesn’t actually do anything except install the malware. However, there are likely other means of spreading this malware beyond the fake VPN.
Once it’s installed in your system, Zacinlo is nearly impossible to detect, but fortunately, it takes a little while for that to happen. “Malwarebytes can detect and remove the adware (adware.5hex) threat once identified, however, this particular malware updates itself so frequently and keeps such a close eye on how security solutions are stopping it, that being able to ensure identification and removal of the rootkit at any time is difficult to promise, especially once the rootkit has been had time to ‘dig in’ to the system.”

BigFatBoy said:

I need, but have not yet found, an Offline virus or anti malware program that I can boot and Run

Windows Defender Offline [separate downloadable tool] - Windows Help

Denis

BigFatBoy said:

up until now, i have not had any experiences with malware that was not addressed. however, recently i was stung severely and as yet I have not been able to cleanup and move on.... the following describes my dilemma, perhaps you can help. Some of the symptoms I had and have are similar to your post narrative.

Issue:
Windows 10x64 b:1803After the latest MS Updates (june 2018) to W10 (MS not to blame) I noticed strange W10x64 behavior in the 'Windows Defender Security Center (WDSC): namely the Virus and Protection Section; Threat History, Threat Protection Settings, and Virus and Threat Protection Updates.The WDSC categories indicated: 1)my latest WDMW scan signature was not current; 2) the OFFLINE SCAN function failed to work, and 3) the latest Windows Protection updates were not being updated. - I also noticed after booting thru the Update/Security Settings that "Advanced Options" was missing from the "Recovery Options".- Each boot drive option (SSD,DVD,USB) in UEFI failed to load Windows Safe Mode. - The end result is a system that will not boot into Windows or Window safe mode.- At the present time, I am only able to boot in to the UEFI and the blue pages of Recovery Option. But none of the offerings have even dented the issue.- I have seen no clue as to the source of the destruction.- I need, but have not yet found, an Offline virus or anti malware program that I can boot and Run from a DVD or USB in UEFI and might remove the malware.I am lost and stuck after much work and lots of time.... What can I do now....? Any suggestions or information?thank you -

Hi.
You could boot your system to Kyhi's custom recovery media, connect to the internet, open Malwarebytes Antimalware, update the virus definitions, and run a scan of your OS drive, being sure to select "rootkit" in the MBAM options. Then, open Macrium Reflect and select the option to "fixboot".
Windows 10 Recovery Tools - Bootable Rescue Disk - Windows 10 Forums
.

BigFatBoy said:

simrick...

my first post to your thread was not my attempt to kidnap your input.. I thought I said something about that in my first post but apparently i did not. My apologies, since i could find "EDIT" on my post, I am commenting here....

No problem at all.

BigFatBoy said:

Simrick.....
your reply to me- where can I find Kyhi's custom recovery media ???

thanks
bfb

I linked it in my reply. Clintlgm also linked it for you. Good luck. Let us know if you need any more help.