Trojan ZeroAccess (also known as “Sireref”) is a dangerous malicious Trojan Horse, that exists for several years and has infected about 2 million computers until today. ZeroAccess is a Rootkit Trojan that hides its existence from detection (and removal) and once it infects a computer, it redirects browsing results to dangerous websites and then it downloads and installs malware applications on the infected computer. After that, it takes over the computer control and it steals personal information and charges advertisers for online advertisement clicks.
The ZeroAccess virus is difficult to be eliminated because it uses techniques to hide itself from detection, it disables any security program that can eliminate it (e.g. your Antivirus) or it disables the Windows Firewall that can prevent its malicious traffic.
ZeroAccess can infect your computer in many ways e.g. by visiting a malicious website, by opening an infected email attachment, or by downloading infected files or programs (like pirate software, KeyGen’s and Cracks) from P2P (Peer to Peer) networks or other malicious websites.
To clean ZeroAccess (Sireref) virus from your computer, follow the steps bellow:
How to remove Trojan ZeroAccess (Sireref) from your computer:
Step 1: Start your computer in “Safe Mode with Networking”
To do this:
1. Shut down your computer.
2. Start up your computer (Power On) and as your computer is booting up, press the "F8" key before the Windows logo appears.
3. Using your keyboard arrows select the "Safe Mode with Networking" option and press "Enter".
Step 2: Remove malicious running Rootkits.
1. Download TDSSKiller Anti-rootkit utility from Kaspersky's website on your desktop.
2. When the download process is complete, go to your desktop and double click on “tdsskiller.exe” to run it.
3. At Kaspersky’s Anti-rootkit utility program, click on “Change parameters” option.
4. At TDSSKiller settings, check to enable the“Detect TDLFS file system” option and press “OK”.
5. Press "Start scan" to start scanning for malicious programs.
When the scan process is complete, a new window opens with the scanning results.
6. Choose "Cure" and let the program finish the cure operation of the infected files.
7. When the "curing" operation is complete, reboot your computer.
8. Start your computer in “Safe Mode with Networking” again.
9. After rebooting, run TDSSKiller again to scan one more time for Rootkits. If the previous curing job was completed successfully, the program now will inform you that "No Threats found".
Step 3: Clean you computer with RogueKiller
1. Download and save "RogueKiller" utility on your computer'* (e.g. your Desktop)
Notice*: Download version x86 or X64 according to your operating system's version. To find your operating system's version, "Right Click" on your computer icon, choose "Properties" and look at "System Type" section
2. Double Click to run RogueKiller.
3. Let the prescan to complete and then press on "Scan" button to perform a full scan.
3. When the full scan is completed, press the "Delete" button to remove all malicious items found.
4. Close RogueKiller utility and reboot your computer.
5. Start your computer in “Safe Mode with Networking” again.
6. Run RogueKiller again to ensure that ZeroAccess infection is completely removed.
7. Continue to the next step.
Step 4: Clean Adware and Malicious Registry entries using “AdwCleaner”
1. Download and save “AdwCleaner” utility to your desktop.
2. Close all open programs and Double Click to open ”AdwCleaner” from your desktop.
3. Press “Scan”.
4. When scan is completed, press “Clean” to remove all the unwanted malicious entries.
4. Press “OK” at “AdwCleaner – Information” and press “OK” again to restart your computer.
5. When your computer restarts, close "AdwCleaner" information (readme) window and continue to the next step.
Step 5. Clean your computer from remaining malicious threats.
Download and install one of the most reliable FREE anti malware programs today to clean your computer from remaining malicious threats. If you want to stay constantly protected from malware threats, existing and future ones, we recommend that you install Malwarebytes Anti-Malware PRO:
1. Run "Malwarebytes Anti-Malware" and allow the program to update to it's latest version and malicious database if needed.
2. When the "Malwarebytes Anti-Malware" main window appears on your screen, choose the "Perform quick scan" option and then press "Scan" button and let the program scan your system for threats.
3. When the scanning is completed, press “OK” to close the information message and then press the "Show results" button to view and remove the malicious threats found.
4. At the "Show Results" window, check – using your mouse's left button- all the infected objects and then choose the "Remove Selected" option and let the program remove the selected threats.
5. When the removal of infected objects process is complete, "Restart your system to remove all active threats properly"
6. Continue to the next step.
Advice: To ensure your computer is clean and safe, perform a Malwarebytes’ Anti-Malware full scan in windows “Safe mode“.*
*To get into Windows Safe mode, press the “F8” key as your computer is booting up, before the appearance of the Windows logo. When the “Windows Advanced Options Menu” appears on your screen, use your keyboard arrows keys to move to the Safe Mode option and then press “ENTER“.
Step 6. Clean unwanted files and entries.
Use “CCleaner” program and proceed to clean your system from temporary internet files and invalid registry entries.*
*If you don’t know how to install and use “CCleaner”, read these instructions.