Using the ZeroAccess/Max++ rootkit remover to remove ZeroAccess (Sirefef/MAX++) rootkit.
1. Download the ZeroAccess/Max++ rootkit remover: http://anywhere.webrootcloudav.com/antizeroaccess.exe
2. Double-click on antizeroaccess icon to run it. It will ask you to verify that you want to perform a System scan. Type Y and press Enter.
Once finished, press Enter or any key to continue.
3. If your computer is infected with Zero Access rootkit, you'll see the following warning: Your system is infected!!
Infected file: mrxsmb.sys. In your case it might be different. Type Y and press Enter to perform system cleanup.
You should know see the notification that ZeroAccess rootkit has been successfully removed from the system. Press any key to exit the utility and restart your computer.
4. Run ZeroAccess/Max++ rootkit remover once again to confirm that ZeroAccess/Sirefef/MAX++ rootkit was successfully removed from your computer.
5. Finally, download recommended anti-malware software (direct download) and run a full system scan to remove the remnants of this rootkit from your computer.
It's possible that an infection is blocking anti-malware software from properly installing. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe. Don't forget to update the installed program before scanning.
Share this information with your friends:
20 comments:
THANK YOU!!'
After 2 days of trying to remove it with 5-8 different tools including combofix etc etc this helped me!!
thanks a lot
Won't eun. Says it on;y runs on 32 sys. Will have to find another way.
This tool actually does work. I tried several popular malware/spyware tools and this is the tool that got rid of the zero access trojan.
how do i get rid of this rootkit on a 64 bit system? TDSSkiller utility not working.
Please restart your computer in safe mode and run TDSSKiller again.
this program works for me. thanks a lot. i get rid all my headaches causes by this trojan.
received a message after the virus was detected "unfortunately WebRoot Driver is not loaded I'm unable to perform any system cleaning"
Anyone have any ideas?
Thank you very very much. Zero access tool worked well then STOPzilla failed. But Windows Defender did the final job successfully. Thanks again.
Thanks a lot... finally i am able to remove this virus from my computer.
Had the ping.exe virus. This tool worked perfectly. No more 100% cpu usage when it should be all of 3-5% Was ready to tear my hair to see that damn ping.exe keep poping up in my task manager no matter what I tried. Thank you and thank you john from yahoo answers for bringing me here. Kill all hackers!
it tells me wont run on 64 bit
Got a waring "Waring! Disk Class driver is infected"
But there were no other infected files. In the end, its said "Your system is not infected by ZeroAccess/Max++ Rootkit!"
However, if I run the program again. The warning about Disk Class Driver popped out again.
Is my PC (WINXP SP2) infected or not? How to deal with the infected Disk Class Driver?
Thanks
I got the same thing yet ping.exe is still showing up ??
Amazing Tool. Forget about all the others like ComboFix, OTL, HJT, etc.
This works.
@annonomous - With windows 7 right click on the icon and got to properties in the context menu. Now click on the comparability tab at the top and look for the box that you can chek for run as, and keep the drop down menu on windows 95 or xp. Now at the bottom check the box that says run as administrator. Click on apply close the menu and run the program! This should help with the problem.
Attempting to remove Trojan:Win32/Sirefef.P from Windows 7 32-bit . Rootkit Removal Tool shows "tdx.sys" Infected! and cannot remove because webroot driver not loaded. Ran several times, same result.
What do I do next?
how do i remove it from windows7 64 bit...pls help trojan win32 sirefef.p is getting on my nerves now
I got the message "webroot driver not loaded" because I started Windows in safe mode. After restarting Windows in normal mode the tool worked OK.
Thanks
Pleease please please make a 64-bit version for it :l