Today I came across the worst spyware infection I’ve seen! It really wasn’t terribly difficult to remove once I found out how it infected the computer, but I certainly did start second guessing whether or not it was spyware or a bad hard drive. ComboFix came up telling me that the computer was infected with RootKit.ZeroAccess – I’de never heard of it. Typically I’ll use Hitman Pro to remove most spyware now, combofix if that doesn’t get it all, but this one wouldn’t let TDSSKiller run, it ComboFix would lock up the computer and it was just really strange. I found that another utility called awsMBR from Avast, it kept saying that a partition was suspect of being infected with a bootkit. Well, the laptop is a dell with a default installation – these usually have 3 partitions, not 4. It was the 4th partition that was infected. So, after hours of research and promising the client I would only bill them 1.5h to remove the infection, I happened across a page telling someone to remove a partition from their drive – bingo! It clicked … The 4th partition was from the spyware and was blocking combofix from running. After removing the partition with a GParted Live ISO and marking the main partition as active, I was back in windows, I could run ComboFix, Hitman Pro, TDSSKiller and was able to fix the system. DONE. This could have been prented had the user installed a GOOD Antivirus/Antispyware program like Norton.