Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Thursday, September 22, 2011

ZeroAccess/Sirefef/MAX++ Rootkit Removal Tool

Tell your friends:
ZeroAccess/Sirefef/MAX++ is probably one of the most sophisticated rootkits out there that uses advanced technology to hide its presence in a system. It works on both, x86 and x64 platforms. ZeroAccess, also known as Sirefef and MAX++ acts very similar to the TDSS rootkit, although, it has more self-protection mechanisms that can be used to disable anti-virus software, etc. Cyber crooks use Acrobat Reader, Java exploits in order to distribute the rootkit. Once installed, ZeroAccess (ZAccess) may download additional modules onto the infected computer. If you are experiencing web browser redirects and you can't run your antivirus software, your computer might be infected with this notorious rootkit. Thankfully, Webroot has released a great utility called ZeroAccess/Max++ rootkit remover that will help you to remove the ZeroAccess/Sirefef/MAX++. The utility doesn't have graphical user interface (GUI), however, it's very straightforward. Unfortunately, it works only on 32-bit systems. Please follow the step-by-step guide below on how to use the ZeroAccess/Max++ rootkit removal tool. If you have any questions, please leave a comment below. Good luck and be safe online!

Using the ZeroAccess/Max++ rootkit remover to remove ZeroAccess (Sirefef/MAX++) rootkit.

1. Download the ZeroAccess/Max++ rootkit remover:

2. Double-click on antizeroaccess icon to run it. It will ask you to verify that you want to perform a System scan. Type Y and press Enter.

Once finished, press Enter or any key to continue.

3. If your computer is infected with Zero Access rootkit, you'll see the following warning: Your system is infected!!

Infected file: mrxsmb.sys. In your case it might be different. Type Y and press Enter to perform system cleanup.

You should know see the notification that ZeroAccess rootkit has been successfully removed from the system. Press any key to exit the utility and restart your computer.

4. Run ZeroAccess/Max++ rootkit remover once again to confirm that ZeroAccess/Sirefef/MAX++ rootkit was successfully removed from your computer.

5. Finally, download recommended anti-malware software (direct download) and run a full system scan to remove the remnants of this rootkit from your computer.

It's possible that an infection is blocking anti-malware software from properly installing. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe. Don't forget to update the installed program before scanning.

Share this information with your friends:


Anonymous said...


After 2 days of trying to remove it with 5-8 different tools including combofix etc etc this helped me!!

Anonymous said...

thanks a lot

Hyphenate said...

Won't eun. Says it on;y runs on 32 sys. Will have to find another way.

Anonymous said...

This tool actually does work. I tried several popular malware/spyware tools and this is the tool that got rid of the zero access trojan.

Anonymous said...

how do i get rid of this rootkit on a 64 bit system? TDSSkiller utility not working.

Admin said...

Please restart your computer in safe mode and run TDSSKiller again.

Anonymous said...

this program works for me. thanks a lot. i get rid all my headaches causes by this trojan.

Anonymous said...

received a message after the virus was detected "unfortunately WebRoot Driver is not loaded I'm unable to perform any system cleaning"

Anyone have any ideas?

Anonymous said...

Thank you very very much. Zero access tool worked well then STOPzilla failed. But Windows Defender did the final job successfully. Thanks again.

Anonymous said...

Thanks a lot... finally i am able to remove this virus from my computer.

Anonymous said...

Had the ping.exe virus. This tool worked perfectly. No more 100% cpu usage when it should be all of 3-5% Was ready to tear my hair to see that damn ping.exe keep poping up in my task manager no matter what I tried. Thank you and thank you john from yahoo answers for bringing me here. Kill all hackers!

Anonymous said...

it tells me wont run on 64 bit

Anonymous said...

Got a waring "Waring! Disk Class driver is infected"

But there were no other infected files. In the end, its said "Your system is not infected by ZeroAccess/Max++ Rootkit!"

However, if I run the program again. The warning about Disk Class Driver popped out again.

Is my PC (WINXP SP2) infected or not? How to deal with the infected Disk Class Driver?


Anonymous said...

I got the same thing yet ping.exe is still showing up ??

Anonymous said...

Amazing Tool. Forget about all the others like ComboFix, OTL, HJT, etc.

This works.

Anonymous said...

@annonomous - With windows 7 right click on the icon and got to properties in the context menu. Now click on the comparability tab at the top and look for the box that you can chek for run as, and keep the drop down menu on windows 95 or xp. Now at the bottom check the box that says run as administrator. Click on apply close the menu and run the program! This should help with the problem.

rm2500 said...

Attempting to remove Trojan:Win32/Sirefef.P from Windows 7 32-bit . Rootkit Removal Tool shows "tdx.sys" Infected! and cannot remove because webroot driver not loaded. Ran several times, same result.
What do I do next?

jeetu said...

how do i remove it from windows7 64 bit...pls help trojan win32 sirefef.p is getting on my nerves now

Anonymous said...

I got the message "webroot driver not loaded" because I started Windows in safe mode. After restarting Windows in normal mode the tool worked OK.

starfire said...

Pleease please please make a 64-bit version for it :l