How remove Trojan.Zeroaccess! rootkit (solution for 32-bit systems)

1 Star2 Stars3 Stars4 Stars5 Stars (45 votes, average: 5.00 out of 5)

Today we posted the information about very serious malware that is very dangerous for your system and its security. It is called Trojan.Zeroaccess! rootkit (virus). Time has come for us to explain to you the basis milestones for its successful removal (elimination). However, please keep in mind that this solution only works for 32-bit systems. In our future articles we will enlighten the issues for removal of this nasty Trojan from other systems too.

1. So, first we need to find this entry in the registry:

HKCU\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32\ C:\Documents and Settings\Admin\Local Settings\Application Data\{17e5b34e-29a6-68fd-5bca-9bcc0285f74c}\n.

Keep in mind that this string {42aedc87-2188-41fd-b9a3-0c966feabec1} is a random parameter and it may be different on your computer.

Important!!! This is the registry entry that must be removed.

2. The next step is to find this registry entry:

<<< HKLM\SOFTWARE\Classes\CLSID\ {F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\ “\\.\globalroot\systemroot\Installer\{17e5b34e-29a6-68fd-5bca-9bcc0285f74c}\n.

{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} is also a random parameter and its value may be totally different on your PC.

3. Now you must replace the value \\.\globalroot\systemroot\Installer\{17e5b34e-29a6-68fd-5bca-9bcc0285f74c}\n with C:\WINDOWS\system32\wbem\wbemess.dll

4. Then you must reboot your PC and scan it with GridinSoft Trojan Killer.

Leave a Comment