Remove ZeroAccess rootkit (Removal Instructions)

The ZeroAccess rootkit also known as Sirefef, is a malicious program that has as a primary motivation of to make money through pay per click advertising. It does this by downloading an application that conducts Web searches and clicks on the results. This is known as click fraud, which is a very lucrative business for malware creators.

The threat is also capable of downloading other threats on to the compromised computer, some of which may be Misleading Applications that display bogus information about threats found on the computer and scare the user into purchasing fake antivirus software to remove the bogus threats. It is also capable of downloading updates of itself to improve and/or fix functionality of the threat.

The ZeroAccess rootkit is distributed through several means. Some websites have been compromised, redirecting traffic to malicious websites that host Trojan.Zeroaccess and distribute it using the Blackhole Exploit Toolkit and the Bleeding Life Toolkit. This is the classic “drive-by download” scenario. It also updates itself through peer-to-peer networks, which makes it possible for the authors to improve it as well as potentially add new functionality.

If your antivirus is detecting any of the below files as malicious and it can’t remove them , then you’ll  know that you have a ZeroAccess infection:

C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\WINDOWS\services.exe << INFECTED
C:\windows\Installer\{random number sequence}\U\80000032.@
C:\windows\Installer\{random number sequence}\U\80000064.@
C:\windows\Installer\{random number sequence}\L\00000004.@
C:\windows\Installer\{random number sequence}\U\80000000.@
C:\windows\Installer\{random number sequence}\U\000000cb.@

ZeroAccess rootkit


Removal Instructions for ZeroAccess rootkit

STEP 1:  Remove the ZeroAccess rootkit with Kaspersky TDSSKiller

ZeroAccess has installed a  rootkit to protect itself from being removed.To remove the ZeroAccess  rootkit, we need to run a system scan with Kaspersky TDSSKiller.

  1. Please download the latest official version of Kaspersky TDSSKiller.
    KASPERSKY TDSSKILLER DOWNLOAD LINK(This link will automatically download Kaspersky TDSSKiller on your computer.)
  2. Before you can run Kaspersky TDSSKiller, you first need to rename it so that
    you can get it to run. To do this, right-click on the TDSSKiller.exe icon and select Rename.
    Edit the name of the file from TDSSKiller.exe to iexplore.exe, and then double-click on it to launch.
    Kaspersky Tdsskiller renamed
  3. Kaspersky TDSSKiller will now start and display the welcome screen as shown below.In order to start a system scan , press the ‘Start Scan’ button.
    Start a Kaspersky scan
  4. Kaspersky TDSSKiller will now scan your computer for the ZeroAccess rootkit.
    Kaspersky TDSSKiller scanning
  5. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.
    Kaspersky TDSSKiller results
  6. To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.A reboot will be require to completely remove this rootkit from your system.

STEP 2 : Remove the malicious files and replace the infected services.exe file

The ZeroAccess rootkit will infect services.exe Windows file,so we need to run Combofix to replace this file.

  1. Download Combofix from any of the below links.
    COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
    COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)
  2. Before running this utiltiy,please follow the below instructions:
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      Temporarily disable your anti-virusscript blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  3. Start the Combofix scan:
    1. Double click on ComboFix.exe and then follow the prompts.
    2. Accept the disclaimer and allow to update if it asks.
    3. When finished, it shall produce a log for you.
    4. Restart your computer

    Additional Notes:

    • DO NOT mouse-click Combofix’s window while it is running. That may cause it to stall.
    • DO NOT “re-run” Combofix. If you have a problem, reply back for further instructions.
    • IF after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

STEP 3 : Remove the malicious registry keys added by the ZeroAccess rootkit

ZeroAccess has added some malicious registry keys to your Windows installation,to remove them we will need to perform a scan with RogueKiller.

  1. Please download the latest official version of RogueKiller.
    ROGUEKILLER DOWNLOAD LINK (This link will automatically download RogueKiller on your computer)
  2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Start button to perform a system scan.
    RogueKiller scanning after ZeroAccess virus virus
  3. After the scan has completed, press the Delete button to remove any malicious registry keys.
    Remove ZeroAccess virus  infection with RogueKiller

STEP 4: Remove ZeroAccess malicious files with Malwarebytes Anti-Malware FREE

  1. Download the latest official version of Malwarebytes Anti-Malware FREE.
    MALWAREBYTES ANTI-MALWARE DOWNLOAD LINK (This link will open a download page in a new window from where you can download Malwarebytes Anti-Malware Free)
  2. You can start the Malwarebytes’ Anti-Malware installation process by double clicking on mbam-setup file.
    [Image: Malwarebytes Installer]
  3. When the installation begins, keep following the prompts in order to continue with the setup process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware checked. Then click on the Finish button. If Malwarebytes’ prompts you to reboot, please do not do so.
    [Image: Finishing Malwarebytes installation]
  4. Malwarebytes Anti-Malware will now start and you’ll be prompted to start a trial period , please select ‘Decline‘ as we just want to use the on-demand scanner.
    [Image: Decline Malwarebytes trial]
  5. On the Scanner tab,select Perform full scan and then click on the Scanbutton to start scanning your computer.
    [Image: Starting a full system sca]
  6. Malwarebytes’ Anti-Malware will now start scanning your computer for ZeroAccess malicious files as shown below.
    [Image: Malwarebytes scanning for malicious files]
  7. When the scan is finished a message box will appear, click OK to continue.[Image: Malwarebytes scan results]
  8. You will now be presented with a screen showing you the malware infections that Malwarebytes’ Anti-Malware has detected.Please note that the infections found may be different than what is shown in the image.Make sure that everything is Checked (ticked) and click on the Remove Selected button.
    [Image: Infections found by Malwarebytes]
  9. Malwarebytes’ Anti-Malware will now start removing the malicious files.After completing this task it will display a message stating that it needs to reboot,please allow this request and then let your PC boot in Normal mode.

STEP 5: Run a scan with HitmanPro

  1. Download the latest official version of HitmanPro from the below link.
    HITMANPRO DOWNLOAD LINK(This link will open a download page in a new window from where you can download HitmanPro)
  2. Double click on the previously downloaded fileto start the HitmanPro installation.
    [Image: HitmanPro Icon]
    IF you are experiencing problems while trying to starting HitmanPro, you can use the “Force Breach” mode.To start this program in Force Breach mode, hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including the malware process. (How to start HitmanPro in Force Breach mode – Video)
  3. Click on Next to install HitmanPro on your system.
    [Image: Starting HitmanPro]
  4. The setup screen is displayed, from which you can decide whether you wish to install HitmanPro on your machine or just perform a one-time scan, select a option then click on Next to start a system scan.
    [Image: HitmanPro installation screen]
  5. HitmanPro will start scanning your system for malicious files as seen in the image below.
    [Image: HitmanPron scanning for ZeroAccess virus]
  6. Once the scan is complete,you’ll see a screen which will display all the malicious files that the program has found.Click on Next to remove this malicious files.
    [Image: HitmanPro scan results]
  7. Click Activate free license to start the free 30 days trial and remove the malicious files.
    [Image: Activate HitmanPro license]
  8. HitmanPro will now start removing the infected objects.If this program will ask you to restart your computer,please allow this request.

STEP 6: Double check for any left over infections on your computer

If want to make another check for any left over malicious files,you can run a scan with the following tools:

STEP A: Run a scan with Eset Online Scanner.

  1. Download ESET Online Scanner utility.
    ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
  2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
  3. Check Yes, I accept the Terms of Use
  4. Click the Start button.
  5. Check Scan archives
  6. Push the Start button.
  7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  8. When the scan completes, push Finish

STEP B: Run a scan with Emsisoft Emergency Kit.

  1. Please download the latest official version of Emsisoft Emergency Kit.
    EMSISOFT EMERGENCY KIT DOWNLOAD LINK (This link will open a download page in a new window from where you can download Emsisoft Emergency Kit)
  2. After the download process will finish , you’ll need to unpack EmsisoftEmergencyKit.zip and then double click on EmergencyKitScanner.bat
  3. A pop-up will prompt you to update Emsisoft Emergency Kit , please click the “Yes” button.After the Update process has completed , put the mouse cursor over the “Menu” tab on the left and click-on “Scan PC“.
  4. Select “Smart scan” and click-on the below “SCAN” button.When the scan will be completed , you will be presented with a screen showing you the malware infections that Emsisoft Emergency Kit has detected.Make sure that everything is Checked (ticked) and click on the ‘Quarantine selected objects‘ button.

Next,we will remove Combofix from your machine and in addition,you can uninstall any of the tools that we’ve used:

Lets remove ComboFix from your computer:

  1. Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  2. In the Run box, type in ComboFix /Uninstall (Notice the space between the “x” and “/”) then click OK Combofix uninstall command
  3. Follow the prompts on the screen
  4. A message should appear confirming that ComboFix was uninstalled

Delete the following files: (If they exist)
C:\ComboFix.txt

Delete the following folders: (If they exist)
C:\ComboFix
C:\Qoobox
Kaspersky TDSSKiller and RogueKiller can be removed by deleting the utilities.
We strongly recommend that you keep Malwarebytes Anti-Malware and HitmanPro installed on your machine and run regular scans with this tools.If you however,wish to remove them,you can go into the Add or Remove programs and uninstall this two on-demand scanners.

If you are still experiencing problems while trying to remove ZeroAccess rootkit from your machine, please start a new thread in our Malware Removal Assistance forum.

IT’S YOUR TURN TO HELP!

If we have managed to help you with your computer issues, then it's your duty to let other people know that this article will help them!
You can share this article on Facebook,Twitter or Google Plus by using the below buttons.

SUPPORT MALWARETIPS! (OPTIONAL)

All our malware removal guides and utilities are completely free!
We do not request any kind of payment for our services, however if you like to support us with our website costs, you can make a small donation. Any amount is appreciated, and will support our fight against malware.

ABOUT STELIAN PILICI

I am the creator and owner of MalwareTips.com.
My area of expertise includes malware removal and computer forensics. I'm active in the various online anti-malware communities where I do researches for new malware threats as they are released.
I live in Bucharest (Romania), where I run my own local computer repair shop.
I repair both hardware and other operating systems related issues, however most of my business is malware related problems.

You can follow me on Google+ and I will keep you up-to-date with the latest computer infections and malware threats.

  • Matt H

    You are awesome dude, I use your guides at my work all the time. I use the Zeus removal guide as well just as a good way to remove general viruses. Used that guide to remove a rouge antivirus! Hope to see more from you soon.

  • Pedro

    Thank you!! Worked Perfectly!

  • Juve Fan

    thank you Stelian, i tried suggestions from other sites but they weren’t comprehensive. i just tried your steps yesterday and it did the job. many thanks.

  • joe

    Can’t download tdsskiller: “:This program contained a virus and was deleted”

    • http://malwaretips.com/ Stelian Pilici

      Hello,
      Do you have any other browser installed on this computer, other than Internet Explorer? If yes, then you can use it to download these tools.
      Alternatively, you can download these tools onto a USB stick and transfer them to the infected computer.
      Also by any chance do you have AVG installed on this machine? If yes, most like it was compromised by this rootkit, and now it’s blocking your downloads, so you will need to uninstall it.
      Please see this guide: http://malwaretips.com/blogs/file-contained-a-virus-and-was-deleted-removal/

  • A Floating Anchor

    great tools great advice, cleaned zeroaccess easy, had to run the first tool from safe mode to get back into my account but all is good now.

  • Cobus

    This has been a tremendous help, than you!

  • Susanne

    Avira always detecs Sirefef but Kaspersky TDSSKiller does not find anything.. ?
    Help please.

    • http://malwaretips.com/ Stelian Pilici

      Hello Susane,
      Please go ahead with STEP 2. Complete all the guide, then get back to us!:D

    • http://malwaretips.com/ Stelian Pilici

      Hello,
      Did you perform the other steps from this guide?

  • Chloe

    Thanks! Completely did the job for me!
    But….I still have a question!
    Im trying to uninstall Kaspersky and RogueKiller…..Weird, I cant find them with control panel – programs and features. They dont appear. How can I delete them then?

    • http://malwaretips.com/ Stelian Pilici

      Hello!
      They are portable application, to remove them, just right click on their icons and select “Delete”
      Stay safe!

  • kharisma adipura

    special thahk brotha

  • deborah

    The first time I ran the eset online scanner it found 9 issues, 2 of which were trojans. I wasn’t sure if eset removed them or if it just detected them. I am running it again…it took 2 hours and 44 mins. first time around, but so far so good at more than 50% done. Malwarebytes coming up clean, my regular anti virus not finding anything, I think this did the trick!!!!!! YAY!!!!! You Rock :)

  • Victor

    Eset has found the Win32/Toolbar.Zugo application, I’m running Eset in paralell to Malwarebytes and Mb is not finding anything so far(216580 files scanned), Eset has found 6 files so far(167368 files scanned)… I just need to cure My registry of the toolbar and so all I have been able to do is to apply the 3 Reg files in safe mode, mad props to the guy who left those. Do You or can someone tell Me why RogueKiller says DRV and is in RED and not GREEN? I’m staying in safemode until I’ve killed this bugger, in any case HELP!!!! Please.

    • Stelian Pilici

      Hello Victor,
      What security product are you using? Can you temporarily disable your antivirus while running this tool.

  • Victor

    I can’t get RogueKiller to work even in Safe Mode with Networking under Windows 7 Pro x64, dang rootkit, keeps on coming back, 1st 2 small beeps then later bigger louder beeps, I tried downloading with Firefox 20.0a1 and now with IE9 in Safe Mode, I’ve cleaned the MBR and the bootsector in the recovery console, I’ve used almost all the other programs here, but RogueKiller keeps quiting saying it has a problem and can not continue…. This is My 2nd attempt at posting, I see My 1st attempt is not visible at all, I’ve seen the StartNow Toolbar is involved here on My PC, I’ve seen that toolbar in the registry, I’d rather not have to install an OS on a 250GB hdd, backup My files and wipe this 500GB hdd of everything.

  • Amanda

    You saved my life dude, thank you!

  • Tally

    The infection has clobbered my browser and shut down communications over the internet. I hope to use Spotmau’s toolkit booted from CD to provide access to the internet which will allow me to download your list of rootkit and virus killers. Do you see any problem with an alternate boot via CD with these tools? Thanks in advance.

    • Stelian Pilici

      Hello Tally,
      Yes,you can use a bootable CD to fix your computer!Is good to know that your not able to connect to internet because this ZA rootkit has compromised your firewall settings!
      You can temporarily disable you firewall and see if you can connect to the Internet!
      Good luck!

  • Wim

    Finally, a solution that works! After months of working with a black desktop screen at home and several tries to get rid of the hijackwares, this one did the trick.
    I had tried Malwarebytes and Combofix before but that never completely worked. Hitman Pro also couldn’t get rid of everything, my desktop.ini files staid infected. But with Kaspersky TDSSKiller and that Roguekiller on top, everything seems to be clean now.
    Thanks man!!!

  • Nicole J

    I’ve been trying to remove this virus for MONTHS. Used combofix and OMG it worked!!! THANK YOU SO MUCH I CAN FINALLY REST IN PEACE and FINALLY not have to see the virus warnings!!!! THANK YOUUUUUUUUUUUUU

  • http://bradjanellebigam@gmail.com Brad Bigam

    I used Rogue Killer and Win Patrol, as well as manually removing files, on one computer where zero access had not been too invasive yet, and the 2 of them seemed to get it all. However, another computer where zero access was really far advanced, I could do nothing at all. I put in another hard drive. When I put in the original drive and wiped it, then checked it with speed fan, the actual hard drive was damaged. Not sure if zero access did the damage, or the drive was already going bad.

  • Anthony Wheeler

    The information sounds great, I hope it works. However when I was downloading it told me not to download Rogue Killier.exe because it had no certificates but I am going to research it and still may try it. A million thanks again, it was good info whether it works or not. My system is infected with zeroaccess rootkits and its driving me crazy trying to remove them I’m using my sons computer because mine won’t let me download anything much less let me open anything to fight it. Thanks again, I going to try it in the morning.

  • Moon

    Thank you! I spend 5 hours trying to find something to get zeroaccess off of my computer. I think I love you, it worked and wasy easy to use and follow. I am eternally grateful, may the stars never falter on you.

  • tyntoune

    Oh my god, it just worked. I had some .dll problem and windows update disfunction. ALL REPAIRED thanks alot really. (sry my english is bad im french canadian) ! I appreciate alot

  • Schermann

    —————————

    Manual Fix of damaged firewall and Base Filtering services!

    Download both the registry files

    Windows firewall – Firewall
    http://download.bleepingcomputer.com/win-services/7/MpsSvc.reg

    Base filtering engine – BFE
    http://download.bleepingcomputer.com/win-services/7/BFE.reg

    Launch them,You should get a UAC prompt now

    Click YES & Restart your PC

    Now,Press Windows+ R key and type

    regedit and click ok

    go to

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

    Right click on it-permissions

    Click on ADD and type

    Everyone and click ok

    Now Click on Everyone

    Below you have permission for users

    Select full control and click ok

    Now,open RUN and type

    services.msc and click ok

    start base filtering engine service and then windows firewall service

    If you still have this error

    Windows could not start Windows Firewall on local Computer. See event log, if non-windows services contact vendor. Error code 5.

    Download and launch this key,click YES

    Shared access
    http://download.bleepingcomputer.com/win-services/vista/SharedAccess.reg

    give full control permission to this key similar to previous one

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess

    Right click on it -permissions

    Click on Add and type

    Everyone and select Full control

    You should able to start firewall now

    Good luck

  • Mike Hardin

    Stelian,

    I have followed your process. Tdsskiller ran & found 9 threats listed as medium risk. I put them In quarantine anyway. Combo fix ran as well. I attempted to run rogue killer. It started then I got a blue screen. Listed was stop: 0x0000008E …… dxec02.sys

    Please help as this is driving me nuts!!

    Thanks!

    • Stelian Pilici

      Can you please copy/paste the Combofix log?You should be able to find it in C:\Combofix.txt.
      Also for now,skip the RogueKiller scan and do the other scans.

      • Mike Hardin

        I replaced the file with a clean copy I found on the dell drivers disc. That fixed the problem and I was able to complete the procedure as you described. All is well! And I’m calm again.

        Thanks

  • Ashley

    Thank you so much for the guide! I am not very literate when it comes to any technical stuff on the computer, but your guide was so easy to follow. Hope I never have to go through that again!

  • lochness

    flawless guide!works great,+1 for you Stelian!

  • jm

    I tried this, but I keep seeing remnant of Trojan.0Access in the c:\recycler folder when i run Malwarebytes. Should I run through these instructions again, or try something else?

    • Stelian Pilici

      Hello Jm,
      Empty your recycle bin,this should fix this problem.
      Did you run all the other scans?

  • raul

    Hey Stelian,
    thanks so much for the detailed removal instructions.
    I was really hoping that the Windows Repair AIO program would finally repair my Desktop tab under the Display Properties. But it didn’t. I am missing the Web tab which isn’t a big deal. However, of the five tabs, the desktop tab is the only one that doesn’t work. It just shuts down the Properties Dialogue Box whenever I try to change the background picture.
    I’ve hacked the registry before and gotten it to work. However, after doing all of this registry cleanup and repair work. I’d rather not create more work for myself if necessary. Any ideas?
    -rcjr

    • Stelian Pilici

      Hello raul,
      It seems like is a malfunction graphic driver…Can you please uninstall,restart and reinstall your display driver?
      Waiting for your reply.

      • raul

        It’s still happening. The icons all keep moving to the upper left hand corner too. No matter how many times i move them around.

  • http://www.thriftyfix.com joethebot

    Thanks for your detailed set of instructions. I especially like the clean-up part. I tell my customers that there is NO one product that protects them from EVERY type of attack. They are running ESET NODE32 (purchased) and I think that ESET kept this thing from taking over their POS system for almost a year!
    Thanks,
    The Bot

  • John

    After running Combo Fix and restarting it got stuck at the “Preparing Log Report”screen and I was unable to open any programs so I rebooted as someone on a forum suggested and now my programs ope fine but I’m wondering if I should rerun Combo Fix? I think the problem was that I didn’t keep my antivirus (Malwarebytes) from enabling protection upon startup so it messed with ComboFix. I’ve figured out how to fully disable protection now but I don’t know if I should rerun ComboFix or not? Also, Kaspersky TDSS Killer is not finding any objects even though RogueKiller is saying I am infected with ZeroAccess. I tried going to the page that RogueKiller links you to for instructions on removing ZeroAccess but it is in another language and there is no sound in the video. Any help would be appreciated.

    Thanks

    • Stelian Pilici

      Hello John,
      You can re-do another scan with Combofix,just make sure to disable all your antivirus products.
      Next,run a scan with Kaspersky Virus Removal Tool
      Click here to download the Kaspersky Virus Removal Tool.

      1. Save it to your desktop.
      2. Double click the setup file to run it.
      3. Follow the onscreen prompts until it is installed
      4. Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:
        • System Memory
        • Hidden startup objects
        • Disk boot sectors
        • Local Disk (C:)
        • Also any other drives (Removable that you may have)
      5. Then click on Actions on the left hand side
      6. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked
      7. Click on Automatic Scan
      8. Now click the Start Scanning button, to run the scan
      9. After the scan is complete, close the program

      2.Run a scan with Eset Online Scanner.

      1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
      2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
      3. Check Yes, I accept the Terms of Use
      4. Click the Start button.
      5. Check Scan archives
      6. Push the Start button.
      7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      8. When the scan completes, push Finish

      Good luck!

    • Marcia

      Thanks SO much for this outstanding walkthrough! It’s thorough, it’s easy to follow, and best of all it works! This is by far the most complete and comprehensive rootkit removal protocol I’ve seen. This is truly a gift, Stelian… good karma to you!

    • paul

      Combofix can take quite awile to prepair the reports after running. You should give it a good 3-4 minutes to finish. Also, I always run Combofix in safemode with any realtime scanners disabled. Also, malwarebytes is NOT an anti-virus program. It is designed to run alongside your anti-virus software to catch many of the malware type infections most anti-virus software programs do not protect against.

  • POLAK82

    WOW, i have literally tried everything, all the way down to the point of nearly re-formatting my system and starting from scratch. However after i ran into your site – low and behold – it is all 100% fixed. . . AND MORE. Thank you very much for your kindness and generosity to the computer world.
    -MK

  • Pringles

    thanks Stelian!it was a nightmare but your guide did the job for me!
    Go FC BARCELONA!!

  • Igor

    Hello, I just discovery that I have that trojan in my computer.
    But I ill erase all partition of my disk, create new partitions and format using ntfs. And then install a clean windows on it.

    my question is, Ill this clean my computer? Or the trojan ill still be there? I ill erase all the partitions of the disk.

    I cant found a tutorial about it, only about cleaning, but i prefer the formal, after all i dont have anythin interessing on the computer, i just play games on it.

    can pls someone help?

    Thx a lot

    • Stelian Pilici

      Yes,if you do a reformat you’ll get rid of this virus…. Good luck! :)

      • Igor

        Thx so much for the quick tip. I ill format today, and after ill run the malware scanner.

        And post here if it solved completly.

        Btw i lost my mcaffe CD is the internet security suite 2012, i have to install the microsoft security essencials, is it anygood? or maybe i have to buy a new securiy suite?

        • Stelian Pilici

          Hello Igor,
          After you format ,their is no need for you to run Combofix as this is a hard-core tool which needs to be used only in extreme cases…. You can scan with all the other software if you really like. :)

          As far as your real time protection goes,I advise to avoid McAfee and Microsoft Security Essetianls because this two products aren’t that great when it comes to zero day malware prevention!
          Below you can find some quick suggestions:
          Free – Avast 7 Free version or COMODO Internet Security
          Paid : Norton Internet Security 2012,Avast Internet Security 7,G-DATA Internet Security 2012 or ESET Smart Security 5.
          Anyway ,you should really start a thread in our Security Configuration forum as you need to build a layered security config: http://malwaretips.com/Forum-Security-Configuration-Wizard

          Also it would very good if you took the time and read this article that I’ve wrote: http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/ .. If you follow it,then we’ll never meet again in this conditions:)

          • Igor

            Thx so much for your help.

            I ill try the Comodo Internet Security the free version, and the malwarebits free too.

            The browser that i use is chrome, can you pls add some addons to use?

            I check the forum you said, the the information is to complicated for me, lol.

            Thx again

  • Edi

    Thanks for the idea to use RogueKiller, I tried them all , computer was clean for a week, find this website which had step by step and I said what the heck , I should try it and it found and removed it. Thanks a bunch!!

  • Pet.c

    Thank you!! WORKED PERFECTLY!!

  • Pam1982

    You are my hero! Had some problems with Combofix but in the end everything was ok!
    Thanks Stelian!