Remove ZeroAccess rootkit (Uninstall Guide)

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

The ZeroAccess rootkit is a hazardous tool that rotates on the Web bundled with other malicious apps. Of course it is really sad to discover that your PC is infected with some virus, but when you are dealing with a bunch of them at once, it is a real disaster. Although it might be a challenge, it certainly it is possible to remove ZeroAccess rootkit virus using the removal algorithm outlined for you in the section below.

What is ZeroAccess rootkit virus exactly? Of course computer infection is a very wide-spread phenomenon. The symptoms are also well-known: sluggish system, trouble booting your PC, absurd amounts of adware, strange messages and so on. Such viruses and their symptoms are usually being removed without any problems by standard anti-viruses. But if you google a little bit re ZeroAccess rootkit, you will find out that it is one of the more intricate types of viruses prowling the internet today. It is designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer. Its detection is difficult because a rootkit may be able to subvert the software that is intended to find it. The removal is also very difficult. Some sources inform that it is even impossible. The reinstallation of the operating system is recommended It is scary, isn`t it? Nevertheless when there is a problem there is a solution also. It is possible to remove this nasty thing but prepare a lot of patience and some savvy technical skills.So lets start!

The ZeroAccess rootkit effective removal guide

  1. “Start > Run” and Write “Regedit.exe” and hit Enter (This will run the Registry-Editor)

  3. Go to “HKEY_CLASSES_ROOT\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32”
  4. Right-Click on “(Default)” Key and Click “Modify” and Change it to “%SystemRoot%\system32\shell32.dll” and click OK
  5. Go to “HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32”
  6. Right-Click on “(Default)” Key and Click “Modify” and Change it to “%systemroot%\system32\wbem\fastprox.dll” and click OK
  7. WARNING: Please look “Other Keys” and Reset them too!

  8. Restart your Computer!
  9. You are back on your Desktop? Good! Goto “Start >> Control Panel >> Folder Options” switch to the Tab “View” and Uncheck the Checkbox “Hide protected operating system files (Recommended)”

  11. Go to the ZeroAccess location with Windows Explorer: “C:\RECYCLER” (You can find this location in the Registry-Keys that you need to Reset! Like “C:\RECYCLER\S-1-5-18\$185db5aec15e26bc266ad9b652037153\n.”)
  12. Right-Click on the folder “S-1-5-18” and Click “CUT” (Not “DELETE”! Because you can’t delete it “Directory is not empty!”
  13. If you have WINDOWS XP:

  14. Right-Click on your Desktop and click “PASTE” NOW you have Access to this Folder and Delete the folder “S-1-5-18”!
  15. Done!

If you have WINDOWS VISTA (or higher):

  1. Right-Click on your Desktop and click “PASTE”
  2. Right-Click on the folder”S-1-5-18″ (on your Desktop where you Paste it) and click “Properties”
  3. Switch to the Tab “Security” and click “Edit…”
  4. Select “Everyone” and Check the Checkbox “Full control” on the “Allow” side and click OK
  5. Click OK again to Close the Properties-Window
  6. Go inside “S-1-5-18” and go back to step 11) and do that again for ALL Subdirectorys inside “S-1-5-18
  7. Finished? Good! NOW you have Access to this Folder and Delete the folder “S-1-5-18”!
  8. Done!
(Visited 705 times, 1 visits today)

Related posts:

Leave a Comment