How to remove ZeroAccess.Rootkit from Windows Vista

[FLU|TER]

I am running Windows Vista home premium in my Dell computer. Recently it is affected by a notorious Trojan named ZeroAccess.rootkit. The problem is I cannot run Malwarebytes on the system. It shows me "corrupted image". Even it is disrupting my Internet connection again and again while downloading or browsing something. What can I do? How can I remove this stuff? Antivirus only showing me that it is present but does not remove it.

[JustineBB]

The new rootkit zero access "which is currently spread very quickly and is based on the famous TDL3 rootkit features a clickbot called z00clicker2. The purpose of this clickbot is to use infected computers to perform click fraud on ads so much money can be earned. However, this rootkit also an outstanding feature and that is the anti-TDL routine that is built, zero-access is automatically removed rootkits and other especially TDL3 zero where access is based. Access to zero very rapidly and massively spread is clear and this happens mainly via pirated software and cracks, patches, keygens, etc.

[-Deven-]

To remove rookits you will need to take special 'tools' to grab the rootkit removal, such as Kaspersky or Avast TDSSkiller aswMBR.

[JyotiT]

Today only a real-time virus scanner no longer sufficient to use, it is therefore advisable to use an additional malware scanner such as;

• MBAM
• Emsisoft Antimalware

Both programs are free version that can be used as on-demand scanner, it does so in contrast to the paid version but it does not offer real-time protection.

[Go!pee]

Some antivirus programs keep these attacks will be deleted and not stand up, so the PC is suddenly completely unprotected and is delivered by other malware attacks. Users of BitDefender software are protected against zero access, since all security suites can detect and remove this threat. Users who have not encountered an attack by the rootkit may be under a free City malware removal tool downloaded from BitDefender.

[Panop]

ComboFix has succeeded in eliminating a lot of infections but could not delete everything in your computer.

First of all make sure that you Windows vista version is official. If not official this partly explains the extent of damage caused by infections and probably the loss of the connection. Infections may have unexpected effects on this type of system, the tools used as well, the success of disinfection will be problematic.

[Shurod]

I heard that only those users infected by this Trojan who had downloaded patch or cracks from the third party sites. Once infected its malicious code then saves the culprit in the "% SYSTEMROOT% \ system32 \ config \" from under a random name. This leads at every boot from now on "Rootkit.Sirefef" instead of the original driver. To protect yourself further, infecting zero access at random another executable file from the "system32" folder. If the rootkit is active, the infected file previously compromised the system again.

[AnitG]

As soon as the scanning occurs when the virus manages to eliminate the threat, then posts sector 0 because at this point I think that was part of the infection in areas outside the disk partition, just to reinstall themselves when you least expect it.

[Koman]

Zero access has full control over a computer system and can perform actions. At this point, the only ad-clickers and 'search engine hijackers' infected mostly. And there is also a possible link between the two rootkits. The zero clickbot which access to download the rootkit is used to serve ads to open and the name is Z00clicker2. In January 2010, two variants of the rootkit TDL3 discovered, one of which used as plugin called 00clicker.dll.

[Kaufman]

As far as I know that the stand alone sweeper is so far enough to find and kill the Trojan wherever it is reside in your computer. On the other hand the Microsoft has also released security patch for Windows vista and other Windows Oss also, which will surely going to remove the threat.