Home » Blog » Cybersecurity » Cybersecurity » How to remove the ZeroAccess virus – ZeroAccess Trojan (Removal Guide)
Trojan horse removal

How to remove the ZeroAccess virus – ZeroAccess Trojan (Removal Guide)

What is the ZeroAccess virus (Trojan.0A)?

The ZeroAccess virus is a broad term for a dangerous Trojan horse that has been in circulation for several years. Since the ZeroAccess Trojan has been active there has been a lot of revisions and repackages focused on modifications to the Trojan’s functionality, in particular the strategy of infection, and mechanism orchestrated when infiltrating a computer system. However, the primary objective of the ZeroAccess virus has essentially remained persistent, as the ZeroAccess Trojan was developed and is used to access and take control of a computer by adding it to the massive ZeroAccess botnet in order to monetize the new acquisition by downloading additional malware to the infected computer system.

ZeroAccess removal

Trojan ZeroAccess is a Win32 and Win64 kernel-mode rootkit. This Trojan utilizes techniques to remain undetected, mask it’s presence, and fight against terminating factors. It is more than capable of functioning on both Windows 32 and Windows  64-bit versions from a single installer. The ZeroAccess virus may contain very aggressive self defense system against general software used to eradicate it and acts as an advanced delivery platform for other malware, including spyware and ransomware such as the FBI virus.

Trojan ZeroAccess remains masked on an infected computer while downloading more visible peripherals that may generate additional income for the botnet owners. At the moment the downloaded malware is mostly aimed at spreading spam and promoting click fraud or other scams.

How does the ZeroAccess virus infect a computer?

The ZeroAccess virus is primarily distributed on compromised or malicious websites via exploit kits and unethical software downloads, including third-party software such as Scareware that promotes itself as a legitimate tool, though exploits computer users. The ZeroAccess virus or Trojan ZeroAccess may also bundle with torrents, keygens, freeware, shareware, and codecs, as well as browser add-ons, extensions, plug-ins, and Toolbars.

It should also be noted that the ZeroAccess Trojan can infect a computer via compromised social media posts, including Facebook posts that may post fraudulent videos, images, and text promoting malicious websites.

In the wild, the Trojan ZeroAccess may be detected by antivirus products as:

  • ZeroAccess.BX (AVG)
  • Trojan.Zeroaccess.B (Ikarus)
  • ZeroAccess.C (McAfee)
  • HEUR.Backdoor.Win64.Generic (Kaspersky)
  • Troj/Sirefef-AQ (Sophos)
  • Trojan.Zeroaccess!inf2 (Symantec)
  • Trojan:Win32/Sirefef (Microsoft)
  • W32/Troj_Generic.UUZF (Norman)
  • Rootkit.ZeroAccess.Gen.4 (VirusBuster)
  • Trojan horse Crypt.AQLW (AVG)
  • TR/Sirefef.BV.2 (Avira)
  • Trojan.Sirefef.BV (BitDefender)
  • BackDoor.Maxplus.3710 (Dr.Web)
  • Trojan.Sirefef.C (Ikarus)
  • ZeroAccess.B (McAfee)
  • Troj/ZAccess-AH (Sophos)
  • Trojan.Zeroaccess!inf4 (Norton)
  • TROJ_ZACCESS.CQJ (Trend Micro)

The ZeroAccess Trojan is very dangerous and is associated with severe cyber crimes involving credit theft, identity theft, and extortion. It is important to immediately remove the ZeroAccess Trojan and relating malware from your computer. To remove ZeroAccess, use the specialized Trojan removal steps below.

How to remove the ZeroAccess virus (Trojan)

  1. Automatic ZeroAccess removal – Remove ZeroAccess using Malwarebytes
  2. Automatic removal Troubleshooting
  3. Additional ZeroAccess removal tips


1. Automatic ZeroAccess Removal

Malwarebytes Anti-Malware software will automatically remove ZeroAccess. It should be noted that the ZeroAccess Trojan will not block you from installing and running Malwarebytes Anti-Malware software.

1. Install the free or paid version of Malwarebytes Anti-Malware.

Purchase   Download

2. Once Malwarebytes is installed, run the program. If you are using the free version of Malwarebytes you will be prompted to update the database, make sure to do so.

3. On the first tab labeled “Scanner” select the Perform full scan option and click the Scan button to perform a full system scan. Malwarebytes will automatically detect malware infecting the computer system.

Malwarebytes Perform Full Scan

4. Once the malware scan is complete, Malwarebytes may prompt a notice stating malicious objects were detected. Select the malicious objects and click the Remove Selected button to completely remove the malicious files from your computer (the image below shows a file that is NOT selected) or click the Delete button to remove quarantined files.

Malwarebytes Gadgetbox

2. Automatic removal (Troubleshooting)

Malwarebytes Chameleon technologies will allow you to install and run Malwarebytes Anti-Malware without being blocked by ZeroAccess.

1. Download Malwarebytes Chameleon and extract it to a folder in a convenient location such as your desktop. Open the Malwarebytes Chameleon folder and double click the file that says svchost.exe.

Malwarebytes Chameleon svchost fileIf Malwarebytes Chameleon will not open, double-click on another file until you find one will work, which will be indicated by a black DOS/command prompt window.

2. Follow the onscreen instructions on the black command screen and press a key to continue. Chameleon will start to download and install Malwarebytes Anti-Malware for you. Once complete, it Malwarebytes Anti-Malware will update, and you may be promoted with a window that says the database updated successfully. Click OK.

Kill Win32 downloader gen

3. Malwarebytes Anti-Malware will now start to kill known malicious processes associated with the ZeroAccess virus. This may take up to ten minutes.

4. Next, Malwarebytes Anti-Malware will automatically open and start to perform a Quick scan for ZeroAccess malicious files (pictured below).

remove Win32.downloader.gen

5. Once the scan is complete, click on Show Result to visit a screen showing you the malware infections that Malwarebytes Anti-Malware has detected.


6. Make sure that everything is selected in the list of malicious files (clicked),then click on the Remove Selected button.

7. After your computer restarts, it is important to open the Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats associated with the ZeroAccess Trojan.

3. Additional ZeroAccess removal tips:

System Restore is an easy solution to restore an infected computer to a date and time before it became infected with the ZeroAccess malware (politically a Trojan) and other forms of malicious software. To learn more please select a link below relating to your Windows Operating System.

Windows Recommended Restore And Choose A Restore Point

Sean Doyle

Sean is a tech author and engineer with over 20 years of experience in cybersecurity, privacy, malware, Google Analytics, online marketing, and other topics. He is featured in several publications.

More Reading

Post navigation

Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

How to remove Odin ransomware (Virus Removal Guide)

How to remove info@cryptedfiles.biz ransomware

How to remove Isis virus (Removal Guide)