ZeroAccess Rootkit Removal

The ZeroAccess Rootkit is a very sophisticated virus that was very widespread during its peak. It is part of a family of malware known as rootkits. Rootkits are viruses that attempt to hide themselves deep inside your operating system so that anti-virus programs cannot remove them. You can read more about rootkits here. Because of how deeply this rootkit can infect your files, we will be using a number of tools to remove it. TDSS Killer, ComboFix, RogurKiller and Malwarebytes.

TDSS Killer:

Step 1: Download TDSS Killer from http://www.bleepingcomputer.com/download/tdsskiller/dl/4/
Step 2: You may need to rename the file you just downloaded before it will run. To do this, right click on tdsskiller.exe and click “Rename”. Change it to a random name such as “123.com” and run it. If that did not work, try renaming it to “iexplore.com” and run it.
Step 3: You will need to accept Kaspersky’s terms before running. Next click the “Start scan” button.
Step 4: TDSS Killer will now scan your computer and then display a window with what it found. Click “Continue”.
Step 5: After it has finished cleaning, click the “Reboot now” button and restart your computer.

Combofix:

ComboFix is a very powerful tool and should not be used more than needed. Follow the instructions carefully.

Step 1: Download ComboFix from http://www.bleepingcomputer.com/download/combofix/dl/12/
Step 2: Close all internet browsers and disable any anti-virus and anti-malware programs running on your machine.
*ComboFix will disconnect your computer from the internet while running, do not try to reconnect it while it is in use.
Step 3: Run “ComboFix.exe” and accept the prompts, update if it is required.
Step 4: Allow ComboFix to scan, do not re-run it or click on the scan window, leave the computer to scan.
Step 5: After the scan is finished a log file will be made, restart your computer.

RogueKiller:

Step 1: Download RogueKiller from http://www.bleepingcomputer.com/download/roguekiller/dl/121/
Step 2: Run “RogueKiller.exe” and wait for the pre-scan to finish.
Step 3: Click “Scan” and wait for it to scan your system.
Step 4: Once it is finished, click “Delete”, and close the program.

Malwarebytes:

Step 1: Download Malwarebytes Anti-Malware from https://www.malwarebytes.org/mwb-download/
Step 2: Run the setup file and install Malwarebytes.
*When installing Malwarebytes you will have the option to enable a free 30 day trial of their premium service, this is not required.
Step 3: Click the “Scan Now” button in green, if an update is available then click the “Update Now” button in the bottom right. The scan will begin once the update is finished.
Step 4: The scan may take some time, depending on your computer and the number of infections, but once it is finished click the “Apply Actions” button in green.
Step 5: Malwarebytes may or may not request that you reboot your computer after it has removed the infections, if it does you may proceed to reboot.