Remove New ZeroAccess / Sirefef / MAX++ Rootkit 2013

Beware: You use this guide at your own risk!

ZeroAccess / Sirefef / MAX++ is a family of Rootkits, which is a sophisticated kernel-mode rootkit that gets installed when a ZeroAccess dropper gets executed on any computer system. Once infected, it will replace certain Operating System Files and install Kernel Hooks so it can remain hidden. Your operating system will then be under control of the ZeroAccess rootkit. The rootkit can infect both 32 and 64 bit Windows operating systems and is a very nasty and hard to remove Rootkit. If you are infected disconnect your computer from the internet and seek a professional computer tech’s advice or help.

Sophos detects the various components of this malware as follows:

• Mal/EncPk-ALC
• Mal/ZAccConf-A
• HPmal/ZAccess-A (proactively via HIPS)
• Troj/ZAUMem-C (in memory, e.g. during cleanup)

RogueKiller
http://tigzyrk.blogspot.co.uk/

ESET Services Repair
http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Farbar Service Scanner Download
http://www.bleepingcomputer.com/download/farbar-service-scanner/

Malwarebytes
http://www.malwarebytes.org/

Leave a Reply