Thursday, September 22, 2011

ZeroAccess/Sirefef/MAX++ Rootkit Removal Tool

ZeroAccess/Sirefef/MAX++ is probably one of the most sophisticated rootkits out there that uses advanced technology to hide its presence in a system. It works on both, x86 and x64 platforms. ZeroAccess, also known as Sirefef and MAX++ acts very similar to the TDSS rootkit, although, it has more self-protection mechanisms that can be used to disable anti-virus software, etc. Cyber crooks use Acrobat Reader, Java exploits in order to distribute the rootkit. Once installed, ZeroAccess (ZAccess) may download additional modules onto the infected computer. If you are experiencing web browser redirects and you can't run your antivirus software, your computer might be infected with this notorious rootkit. Thankfully, Webroot has released a great utility called ZeroAccess/Max++ rootkit remover that will help you to remove the ZeroAccess/Sirefef/MAX++. The utility doesn't have graphical user interface (GUI), however, it's very straightforward. Unfortunately, it works only on 32-bit systems. Please follow the step-by-step guide below on how to use the ZeroAccess/Max++ rootkit removal tool. If you have any questions, please leave a comment below. Good luck and be safe online!

Using the ZeroAccess/Max++ rootkit remover to remove ZeroAccess (Sirefef/MAX++) rootkit.

1. Download the ZeroAccess/Max++ rootkit remover: http://anywhere.webrootcloudav.com/antizeroaccess.exe

2. Double-click on antizeroaccess icon to run it. It will ask you to verify that you want to perform a System scan. Type Y and press Enter.



Once finished, press Enter or any key to continue.

3. If your computer is infected with Zero Access rootkit, you'll see the following warning: Your system is infected!!



Infected file: mrxsmb.sys. In your case it might be different. Type Y and press Enter to perform system cleanup.

You should know see the notification that ZeroAccess rootkit has been successfully removed from the system. Press any key to exit the utility and restart your computer.



4. Run ZeroAccess/Max++ rootkit remover once again to confirm that ZeroAccess/Sirefef/MAX++ rootkit was successfully removed from your computer.



5. Finally, scan your computer with recommend anti-malware software (STOPzilla) to remove the leftovers of this virus from your computer.

It's possible that an infection is blocking STOPzilla from properly installing. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe. Don't forget to update the installed program before scanning.

Share this information with your friends:
Posted by at 12:34 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)