This is one of the nastiest Trojans viruses on internet. This is a Trojan that normally installs on your computer through different types of loopholes in the security of your systems. In majority of the cases these rogue viruses install through installation of auto updates of adobe and other multimedia platforms. These Trojans are designed for few very specific tasks that become good means to earn money for the developers. These Trojans first of all try to stop all security programs and some time even task manager so that there should not be even single legitimate program that can remove this rogue malware or detect it on the computer.

Once all the legitimate security programs are blocked it will start showing some fake programs to run for the security of your computer. It will detect many different types of problems on your computer and would suggest you some websites for removal; these websites are fake and you just lose your money on license. It will also change the setting of your browser and would redirect you to fake search engine websites and will give your fake results of your search to increase their earning for visiting different affiliate sites. This creates many popup windows intermittently disturbing you to buy some fake solutions. Meanwhile, your system will be completely open through many security loop holes and will allow many other malware to get installed on your system. It is very dangerous and high security risk for your system; therefore, remove it as soon as possible.

Stepwise Removal Procedure

It is very difficult, lengthy, and less reliable to remove this nasty program from your computer once it settles on it. Still we can try to remove through following steps:

  • Hit ALT+CTR+DEL → Select Process → Choose ZeroAccess rootkit process → click End Process
  • Remove ZeroAccess rootkit program from control panel of your computer.
  • Now click Start → Run → Type ‘regedit’ → hit return
  • In new registry editor windows locate following registry keys:
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ’0’
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “.exe”
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ’1’
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “”
    • ‘/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’0’
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” =’0’
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1’
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ’1’
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ’1’
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ’0’
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” =’ 0’
    • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
    • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘yes’
    • Once above mentioned registry keys are located, select them one by one, and delete them by right-clicking on the key.
    • Once all registry keys are removed, now you need to search these nasty files on your computer.
    • Click Start → Search → Type the names of following files one by one and remove them manually.
      • %UserProfile%\Desktop\ZeroAccess rootkit.lnk
      • %AllUsersProfile%\Application Data\.exe
      • %UserProfile%\Start Menu\Programs\ZeroAccess rootkit\
      • %AllUsersProfile%\Application Data\.dll
      • %AllUsersProfile%\Application Data\.exe
      • %UserProfile%\Start Menu\Programs\ZeroAccess rootkit\Uninstall ZeroAccess rootkit.lnk
      • %UserProfile%\Start Menu\Programs\ZeroAccess rootkit\ZeroAccess rootkit.lnk
      • %AllUsersProfile%\Application Data\~%AllUsersProfile%\Application Data\~r
      • %AllUsersProfile%\Application Data\
      • Normally the directory of these files is supposed to be C:\Documents and Settings\ for Windows 2000/XP

This is to note that this is highly technical job to do and any person doing this job should be experienced and expert technician.

ZeroAccess Rootkit Removal Procedure

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>