How to easily remove ZeroAccess rootkit (Virus Removal Instructions)

The ZeroAccess rootkit also known as Sirefef, is a malicious program that has as a primary motivation of to make money through pay per click advertising. It does this by downloading an application that conducts Web searches and clicks on the results. This is known as click fraud, which is a very lucrative business for malware creators.

The threat is also capable of downloading other threats on to the compromised computer, some of which may be Misleading Applications that display bogus information about threats found on the computer and scare the user into purchasing fake antivirus software to remove the bogus threats. It is also capable of downloading updates of itself to improve and/or fix functionality of the threat.

The ZeroAccess rootkit is distributed through several means. Some websites have been compromised, redirecting traffic to malicious websites that host Trojan.Zeroaccess and distribute it using the Blackhole Exploit Toolkit and the Bleeding Life Toolkit. This is the classic “drive-by download” scenario. It also updates itself through peer-to-peer networks, which makes it possible for the authors to improve it as well as potentially add new functionality.

If your antivirus is detecting any of the below files as malicious and it can’t remove them , then you’ll  know that you have a ZeroAccess infection:

C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\WINDOWS\services.exe << INFECTED
C:\windows\Installer\{random number sequence}\U\80000032.@
C:\windows\Installer\{random number sequence}\U\80000064.@
C:\windows\Installer\{random number sequence}\L\00000004.@
C:\windows\Installer\{random number sequence}\U\80000000.@
C:\windows\Installer\{random number sequence}\U\000000cb.@

How to remove ZeroAccess rootkit virus (Virus Removal Guide)

This malware removal guide may appear overwhelming due to the amount of the steps and numerous programs that are being used. We have only written it this way to provide clear, detailed, and easy to understand instructions that anyone can use to remove malware for free.
Please perform all the steps in the correct order. If you have any questions or doubt at any point, STOP and ask for our assistance.

STEP 1:  Use ESETSirfefCleaner tool to remove ZeroAccess rootkit

In this first step, we will use the ESETSirefefCleaner tool to remove the ZeroAccess rootkit from your computer.

  1. You can download ESETSirefefCleaner from the below link.
    ESETSIREFEFCLEANER DOWNLOAD LINK(This link will automatically download ESETSirfefCleaner on your computer.)

    Unable to download “ESETSirefefCleaner.exe contained a virus and was deleted”.
    More recent variants of Sirefef might prevent you from downloading this removal tool. If you cannot download the tool, follow the steps below:

    1. Click Start → Computer → Local Disk (C:) → Program Files.
    2. Right-click the Windows Defender folder and select Rename from the context menu.
    3. Add a unique variation to the filename, such as .old (for example, Windows Defender.old).
    4. Click the link above to download the ESETSirefefCleaner tool.When the download is complete, make sure to rename the Windows Defender folder back to its original filename before running the ESET SirefefCleaner tool.
  2. Double-click on ESETSirefefCleaner.exe to start this utility. You may be presented with an User Account Control pop-up asking if you want to allow this to make changes to your device. If this happens, you should click “Yes” to continue.
  3. The message “Win32/Sirefef.EV found in your system” will be displayed if an infection is found. To remove ZeroAccess rootkit from your computer, press the Y key on your keyboard
    ESETSirefefCleaner virus detected
  4. Once the tool has run, you will be prompted to restore system services after you restart your computer. Press Y on your keyboard to restore system services and restart your computer.
    ESETSirefefCleaner Press Y to remove malware
  5. Once your computer has restarted, if you are presented with a security notification click Yes or Allow. and then continue wit the next step.

STEP 2: Use RKill to stop the ZeroAccess rootkit malicious processes

RKill is a program that will attempt to terminate all malicious processes associated with ZeroAccess rootkit, so that we will be able to perform the next step without being interrupted by this malicious software.

Because this utility will only stop ZeroAccess rootkit running process and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again.
  1. You can download Rkill from the below link.
    RKILL DOWNLOAD LINK (his link will open a new web page from where you can download “RKill”)
  2. Double click on Rkill program to stop the malicious programs from running.
    Start the Rkill program
  3. RKill will now start working in the background, please be patient while this utiltiy looks for malicious process and tries to end them.
    Rkill Running
  4. When the Rkill tool has completed its task, it will generate a log. Do not reboot your computer after running RKill as the malware programs will start again.
    Rkill Program


STEP 3: Scan your computer with Malwarebytes Anti-Malware to remove ZeroAccess rootkit

Malwarebytes Anti-Malware is a powerful on-demand scanner which should remove the ZeroAccess rootkit virus from your machine. It is important to note that Malwarebytes Anti-Malware will run alongside antivirus software without conflicts.

  1. You can download download Malwarebytes Anti-Malware from the below link.
    MALWAREBYTES ANTI-MALWARE DOWNLOAD LINK (This link open a new page from where you can download “Malwarebytes Anti-Malware”)
  2. When Malwarebytes has finished downloading, double-click on the “mb3-setup-consumer” file to install Malwarebytes Anti-Malware on your computer.
    Malwarebytes installer
    You may be presented with an User Account Control pop-up asking if you want to allow Malwarebytes to make changes to your device. If this happens, you should click “Yes” to continue with the installation.
    Malwarebytes User Account Control Prompt
  3. When the Malwarebytes installation begins, you will see the Malwarebytes Setup Wizard which will guide you through the installation process.
    Setup Malwarebytes installer
    To install Malwarebytes Anti-Malware on your machine, keep following the prompts by clicking the “Next” button.
    Completing the Malwarebytes Setup Wizard
  4. Once installed, Malwarebytes will automatically start and update the antivirus database. To start a system scan you can click on the “Scan Now” button.
    Perform a system scan with Malwarebytes
  5. Malwarebytes Anti-Malware will now start scanning your computer for malicious programs.
    This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
    Malwarebytes scanning for malware
  6. When the scan has completed, you will be presented with a screen showing the malware infections that Malwarebytes Anti-Malware has detected.
    To remove the malicious programs that Malwarebytes has found, click on the “Quarantine Selected” button.
    Malwarebytes Quarantine Selected
  7. Malwarebytes Anti-Malware will now quarantine all the malicious files and registry keys that it has found.
    To complete the malware removal process, Malwarebytes may ask you to restart your computer.
    Malwarebytes removing malware from computer
    When the malware removal process is complete, you can close Malwarebytes Anti-Malware and continue with the rest of the instructions.

STEP 4: Double-check for malicious programs with HitmanPro

HitmanPro can find and remove malware, adware, bots, and other threats that even the best antivirus suite can oftentimes miss. HitmanPro is designed to run alongside your antivirus suite, firewall, and other security tools.

  1. You can download HitmanPro from the below link:
    HITMANPRO DOWNLOAD LINK (This link will open a new web page from where you can download “HitmanPro”)
  2. When HitmanPro has finished downloading, double-click on the “hitmanpro” file to install this program on your computer.
    HitmanPro icon
    You may be presented with an User Account Control pop-up asking if you want to allow HitmanPro to make changes to your device. If this happens, you should click “Yes” to continue with the installation.
    HitmanPro User Account Control Pop-up
  3. When the program starts you will be presented with the start screen as shown below. Now click on the Next button to continue with the scan process.
    HitmanPro setup process
  4. HitmanPro will now begin to scan your computer for malware.
    HitmanPro scanning for ZeroAccess rootkit virus
  5. When it has finished it will display a list of all the malware that the program found as shown in the image below. Click on the “Next” button, to remove malware.
    HitmanPro detected malware
  6. Click on the “Activate free license” button to begin the free 30 days trial, and remove all the malicious files from your computer.
    Activate HitmanPro to remove malware
    When the process is complete, you can close HitmanPro and continue with the rest of the instructions.

(OPTIONAL) STEP 5: Use Zemana AntiMalware Portable to remove ZeroAccess rootkit

Zemana AntiMalware Portable is a free utility that will scan your computer for the ZeroAccess rootkit and other malicious programs.
This step should be performed only if your issues have not been solved by the previous steps.
  1. You can download Zemana AntiMalware Portable from the below link:
    ZEMANA ANTIMALWARE PORTABLE DOWNLOAD LINK (This link will open a new web page from where you can download “Zemana AntiMalware Portable”)
  2. Double-click on the file named “Zemana.AntiMalware.Portable” to perform a system scan with Zemana AntiMalware Free.
    Zemana AntiMalware portable
    You may be presented with a User Account Control dialog asking you if you want to run this program. If this happens, you should click “Yes” to allow Zemana AntiMalware to run.
    Zemana AntiMalware User Account Control
  3. When Zemana AntiMalware will start, click on the “Scan” button to perform a system scan.
    Zemana AntiMalware Free Scan
  4. Zemana AntiMalware will now scan your computer for malicious programs. This process can take up to 10 minutes.
    Zemana AntiMalware scanning for virus
  5. When Zemana has finished finished scanning it will show a screen that displays any malware that has been detected. To remove all the malicious files, click on the “Next” button.
    Zemana AntiMalware Removing ZeroAccess rootkit Virus
    Zemana AntiMalware will now start to remove all the malicious programs from your computer.
Your computer should now be free of the ZeroAccess rootkit. If you are still experiencing problems while trying to remove ZeroAccess rootkit from your machine, you can ask for help in our Malware Removal Assistance forum.
How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

  1. Use a good antivirus and keep it up-to-date.

    Shield Guide

    It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.

  2. Keep software and operating systems up-to-date.

    updates-guide

    Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.

  3. Be careful when installing programs and apps.

    install guide

    Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."

  4. Install an ad blocker.

    Ad Blocker

    Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.

  5. Be careful what you download.

    Trojan Horse

    A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.

  6. Be alert for people trying to trick you.

    warning sign

    Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.

  7. Back up your data.

    backup sign

    Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.

  8. Choose strong passwords.

    lock sign

    Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.

  9. Be careful where you click.

    cursor sign

    Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.

  10. Don't use pirated software.

    Shady Guide

    Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.

52 thoughts on “How to easily remove ZeroAccess rootkit (Virus Removal Instructions)”

  1. You are awesome dude, I use your guides at my work all the time. I use the Zeus removal guide as well just as a good way to remove general viruses. Used that guide to remove a rouge antivirus! Hope to see more from you soon.

  2. thank you Stelian, i tried suggestions from other sites but they weren’t comprehensive. i just tried your steps yesterday and it did the job. many thanks.

  3. Hello,
    Do you have any other browser installed on this computer, other than Internet Explorer? If yes, then you can use it to download these tools.
    Alternatively, you can download these tools onto a USB stick and transfer them to the infected computer.
    Also by any chance do you have AVG installed on this machine? If yes, most like it was compromised by this rootkit, and now it’s blocking your downloads, so you will need to uninstall it.
    Please see this guide: http://malwaretips.com/blogs/file-contained-a-virus-and-was-deleted-removal/

  4. great tools great advice, cleaned zeroaccess easy, had to run the first tool from safe mode to get back into my account but all is good now.

  5. Avira always detecs Sirefef but Kaspersky TDSSKiller does not find anything.. ?
    Help please.

  6. Thanks! Completely did the job for me!
    But….I still have a question!
    Im trying to uninstall Kaspersky and RogueKiller…..Weird, I cant find them with control panel – programs and features. They dont appear. How can I delete them then?

  7. The first time I ran the eset online scanner it found 9 issues, 2 of which were trojans. I wasn’t sure if eset removed them or if it just detected them. I am running it again…it took 2 hours and 44 mins. first time around, but so far so good at more than 50% done. Malwarebytes coming up clean, my regular anti virus not finding anything, I think this did the trick!!!!!! YAY!!!!! You Rock :)

  8. Hello Victor,
    What security product are you using? Can you temporarily disable your antivirus while running this tool.

  9. Eset has found the Win32/Toolbar.Zugo application, I’m running Eset in paralell to Malwarebytes and Mb is not finding anything so far(216580 files scanned), Eset has found 6 files so far(167368 files scanned)… I just need to cure My registry of the toolbar and so all I have been able to do is to apply the 3 Reg files in safe mode, mad props to the guy who left those. Do You or can someone tell Me why RogueKiller says DRV and is in RED and not GREEN? I’m staying in safemode until I’ve killed this bugger, in any case HELP!!!! Please.

  10. I can’t get RogueKiller to work even in Safe Mode with Networking under Windows 7 Pro x64, dang rootkit, keeps on coming back, 1st 2 small beeps then later bigger louder beeps, I tried downloading with Firefox 20.0a1 and now with IE9 in Safe Mode, I’ve cleaned the MBR and the bootsector in the recovery console, I’ve used almost all the other programs here, but RogueKiller keeps quiting saying it has a problem and can not continue…. This is My 2nd attempt at posting, I see My 1st attempt is not visible at all, I’ve seen the StartNow Toolbar is involved here on My PC, I’ve seen that toolbar in the registry, I’d rather not have to install an OS on a 250GB hdd, backup My files and wipe this 500GB hdd of everything.

  11. Hello Tally,
    Yes,you can use a bootable CD to fix your computer!Is good to know that your not able to connect to internet because this ZA rootkit has compromised your firewall settings!
    You can temporarily disable you firewall and see if you can connect to the Internet!
    Good luck!

  12. The infection has clobbered my browser and shut down communications over the internet. I hope to use Spotmau’s toolkit booted from CD to provide access to the internet which will allow me to download your list of rootkit and virus killers. Do you see any problem with an alternate boot via CD with these tools? Thanks in advance.

  13. Finally, a solution that works! After months of working with a black desktop screen at home and several tries to get rid of the hijackwares, this one did the trick.
    I had tried Malwarebytes and Combofix before but that never completely worked. Hitman Pro also couldn’t get rid of everything, my desktop.ini files staid infected. But with Kaspersky TDSSKiller and that Roguekiller on top, everything seems to be clean now.
    Thanks man!!!

  14. I’ve been trying to remove this virus for MONTHS. Used combofix and OMG it worked!!! THANK YOU SO MUCH I CAN FINALLY REST IN PEACE and FINALLY not have to see the virus warnings!!!! THANK YOUUUUUUUUUUUUU

  15. I used Rogue Killer and Win Patrol, as well as manually removing files, on one computer where zero access had not been too invasive yet, and the 2 of them seemed to get it all. However, another computer where zero access was really far advanced, I could do nothing at all. I put in another hard drive. When I put in the original drive and wiped it, then checked it with speed fan, the actual hard drive was damaged. Not sure if zero access did the damage, or the drive was already going bad.

  16. The information sounds great, I hope it works. However when I was downloading it told me not to download Rogue Killier.exe because it had no certificates but I am going to research it and still may try it. A million thanks again, it was good info whether it works or not. My system is infected with zeroaccess rootkits and its driving me crazy trying to remove them I’m using my sons computer because mine won’t let me download anything much less let me open anything to fight it. Thanks again, I going to try it in the morning.

  17. Thank you! I spend 5 hours trying to find something to get zeroaccess off of my computer. I think I love you, it worked and wasy easy to use and follow. I am eternally grateful, may the stars never falter on you.

  18. Oh my god, it just worked. I had some .dll problem and windows update disfunction. ALL REPAIRED thanks alot really. (sry my english is bad im french canadian) ! I appreciate alot

  19. —————————

    Manual Fix of damaged firewall and Base Filtering services!

    Download both the registry files

    Windows firewall – Firewall
    http://download.bleepingcomputer.com/win-services/7/MpsSvc.reg

    Base filtering engine – BFE
    http://download.bleepingcomputer.com/win-services/7/BFE.reg

    Launch them,You should get a UAC prompt now

    Click YES & Restart your PC

    Now,Press Windows+ R key and type

    regedit and click ok

    go to

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

    Right click on it-permissions

    Click on ADD and type

    Everyone and click ok

    Now Click on Everyone

    Below you have permission for users

    Select full control and click ok

    Now,open RUN and type

    services.msc and click ok

    start base filtering engine service and then windows firewall service

    If you still have this error

    Windows could not start Windows Firewall on local Computer. See event log, if non-windows services contact vendor. Error code 5.

    Download and launch this key,click YES

    Shared access
    http://download.bleepingcomputer.com/win-services/vista/SharedAccess.reg

    give full control permission to this key similar to previous one

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess

    Right click on it -permissions

    Click on Add and type

    Everyone and select Full control

    You should able to start firewall now

    Good luck

  20. I replaced the file with a clean copy I found on the dell drivers disc. That fixed the problem and I was able to complete the procedure as you described. All is well! And I’m calm again.

    Thanks

  21. Can you please copy/paste the Combofix log?You should be able to find it in C:\Combofix.txt.
    Also for now,skip the RogueKiller scan and do the other scans.

  22. Stelian,

    I have followed your process. Tdsskiller ran & found 9 threats listed as medium risk. I put them In quarantine anyway. Combo fix ran as well. I attempted to run rogue killer. It started then I got a blue screen. Listed was stop: 0x0000008E …… dxec02.sys

    Please help as this is driving me nuts!!

    Thanks!

  23. Thank you so much for the guide! I am not very literate when it comes to any technical stuff on the computer, but your guide was so easy to follow. Hope I never have to go through that again!

  24. Hello Jm,
    Empty your recycle bin,this should fix this problem.
    Did you run all the other scans?

  25. I tried this, but I keep seeing remnant of Trojan.0Access in the c:\recycler folder when i run Malwarebytes. Should I run through these instructions again, or try something else?

  26. Combofix can take quite awile to prepair the reports after running. You should give it a good 3-4 minutes to finish. Also, I always run Combofix in safemode with any realtime scanners disabled. Also, malwarebytes is NOT an anti-virus program. It is designed to run alongside your anti-virus software to catch many of the malware type infections most anti-virus software programs do not protect against.

  27. It’s still happening. The icons all keep moving to the upper left hand corner too. No matter how many times i move them around.

  28. Hello raul,
    It seems like is a malfunction graphic driver…Can you please uninstall,restart and reinstall your display driver?
    Waiting for your reply.

  29. Hey Stelian,
    thanks so much for the detailed removal instructions.
    I was really hoping that the Windows Repair AIO program would finally repair my Desktop tab under the Display Properties. But it didn’t. I am missing the Web tab which isn’t a big deal. However, of the five tabs, the desktop tab is the only one that doesn’t work. It just shuts down the Properties Dialogue Box whenever I try to change the background picture.
    I’ve hacked the registry before and gotten it to work. However, after doing all of this registry cleanup and repair work. I’d rather not create more work for myself if necessary. Any ideas?
    -rcjr

  30. Thanks SO much for this outstanding walkthrough! It’s thorough, it’s easy to follow, and best of all it works! This is by far the most complete and comprehensive rootkit removal protocol I’ve seen. This is truly a gift, Stelian… good karma to you!

  31. Hello John,
    You can re-do another scan with Combofix,just make sure to disable all your antivirus products.
    Next,run a scan with Kaspersky Virus Removal Tool
    Click here to download the Kaspersky Virus Removal Tool.

    1. Save it to your desktop.
    2. Double click the setup file to run it.
    3. Follow the onscreen prompts until it is installed
    4. Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:
      • System Memory
      • Hidden startup objects
      • Disk boot sectors
      • Local Disk (C:)
      • Also any other drives (Removable that you may have)
    5. Then click on Actions on the left hand side
    6. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked
    7. Click on Automatic Scan
    8. Now click the Start Scanning button, to run the scan
    9. After the scan is complete, close the program

    2.Run a scan with Eset Online Scanner.

    1. Download ESET Online Scanner utility.
      ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
    3. Check Yes, I accept the Terms of Use
    4. Click the Start button.
    5. Check Scan archives
    6. Push the Start button.
    7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    8. When the scan completes, push Finish

    Good luck!

  32. Thanks for your detailed set of instructions. I especially like the clean-up part. I tell my customers that there is NO one product that protects them from EVERY type of attack. They are running ESET NODE32 (purchased) and I think that ESET kept this thing from taking over their POS system for almost a year!
    Thanks,
    The Bot

  33. After running Combo Fix and restarting it got stuck at the “Preparing Log Report”screen and I was unable to open any programs so I rebooted as someone on a forum suggested and now my programs ope fine but I’m wondering if I should rerun Combo Fix? I think the problem was that I didn’t keep my antivirus (Malwarebytes) from enabling protection upon startup so it messed with ComboFix. I’ve figured out how to fully disable protection now but I don’t know if I should rerun ComboFix or not? Also, Kaspersky TDSS Killer is not finding any objects even though RogueKiller is saying I am infected with ZeroAccess. I tried going to the page that RogueKiller links you to for instructions on removing ZeroAccess but it is in another language and there is no sound in the video. Any help would be appreciated.

    Thanks

  34. WOW, i have literally tried everything, all the way down to the point of nearly re-formatting my system and starting from scratch. However after i ran into your site – low and behold – it is all 100% fixed. . . AND MORE. Thank you very much for your kindness and generosity to the computer world.
    -MK

  35. Thx so much for your help.

    I ill try the Comodo Internet Security the free version, and the malwarebits free too.

    The browser that i use is chrome, can you pls add some addons to use?

    I check the forum you said, the the information is to complicated for me, lol.

    Thx again

  36. Hello Igor,
    After you format ,their is no need for you to run Combofix as this is a hard-core tool which needs to be used only in extreme cases…. You can scan with all the other software if you really like. :)

    As far as your real time protection goes,I advise to avoid McAfee and Microsoft Security Essetianls because this two products aren’t that great when it comes to zero day malware prevention!
    Below you can find some quick suggestions:
    Free – Avast 7 Free version or COMODO Internet Security
    Paid : Norton Internet Security 2012,Avast Internet Security 7,G-DATA Internet Security 2012 or ESET Smart Security 5.
    Anyway ,you should really start a thread in our Security Configuration forum as you need to build a layered security config: http://malwaretips.com/Forum-Security-Configuration-Wizard

    Also it would very good if you took the time and read this article that I’ve wrote: http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/ .. If you follow it,then we’ll never meet again in this conditions:)

  37. Thx so much for the quick tip. I ill format today, and after ill run the malware scanner.

    And post here if it solved completly.

    Btw i lost my mcaffe CD is the internet security suite 2012, i have to install the microsoft security essencials, is it anygood? or maybe i have to buy a new securiy suite?

  38. Hello, I just discovery that I have that trojan in my computer.
    But I ill erase all partition of my disk, create new partitions and format using ntfs. And then install a clean windows on it.

    my question is, Ill this clean my computer? Or the trojan ill still be there? I ill erase all the partitions of the disk.

    I cant found a tutorial about it, only about cleaning, but i prefer the formal, after all i dont have anythin interessing on the computer, i just play games on it.

    can pls someone help?

    Thx a lot

  39. Thanks for the idea to use RogueKiller, I tried them all , computer was clean for a week, find this website which had step by step and I said what the heck , I should try it and it found and removed it. Thanks a bunch!!

  40. You are my hero! Had some problems with Combofix but in the end everything was ok!
    Thanks Stelian!

Leave a Comment