ZeroAccess removal guide

By | april 4, 2013

ZeroAccess is a advanced kernel-mode rootkit also known as Sirefef, that is one of the most widespread threats in the current malware scene. ZeroAccess is ability to run on both 32-bit and 64-bit versions of Windows, resilient peer-to-peer command and control infrastructure and constant updates to its functionality over time show that ZeroAccess is a modern threat capable of thriving on modern networks and modern Operating Systems.

ZeroAcces is also capable of downloading other threats on to the compromised computer, some of which may be Misleading Applications that display fake information about detected threats on the compromissed computer and scare the user into purchasing fake antivirus software to remove the fake threats. It is also capable of downloading updates of itself to improve and/or fix functionality of the rootkit.

ZeroAccess used mechanisms that are themselves hard to remove such as a kernel-mode rootkit and patched driver files, patched system files such as services.exe and data hidden in NTFS Extended Attributes, removal of NTFS permissions on files used; and because ZeroAccess used several autostart points on an infected machine and usually other files that can re-install the malware.

For ZeroAccess there are many removal guides and tools for cleaning up a users system, in the first place I want to advice that you may better not using tools like ComboFix and TDSSKiller on your own if you don’t know how to use this tools. Wrong usage may result in a non-bootable system of problems with your internet connection because it wrecks the TCP/IP stack or removing important system files.

ZeroAccess removal

ZeroAccess removal – HitmanPro

ZeroAccess removal guide

Please download HitmanPro to your desktop.

  • Launch the program by double clicking on HitmanPro.exe. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).
  • If you are experiencing problems while trying to starting HitmanPro, you can use the “Force Breach” mode.To start this program in Force Breach mode, hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including the malware process
  • Click on the next button. You must agree with the terms of EULA.
  • Check the box beside “No, I only want to perform a one-time scan to check this computer“.
  • Click on the next button.
  • The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.
  • Click on the next button and choose the option activate free license to start the free 30 days trial and remove the malicious files.

  • Click on the next button and the infections where will be deleted.
  • Click on the next button and restart the computer.

ZeroAccess removal video