Wednesday, 26 October 2011 (Uninstall Guide) is a ZeroAccess/Serifef-related browser hijacker that will take you to malicious and adware websites instead of the one you wanted. Although, the address in the URL box of your web browser shows the correct web address, the actual web page displayed is completely different and very often irrelevant to what you were searching for. This very annoying and sophisticated rootkit blocks certain system tools and legitimate antivirus programs. It says "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

At the bottom of your web browser you'll see that it's accesing instead of the intended website. It's a fake search engine and browser hijacker at the same time. You will notice that search results take longer to appear, however, if you type in the website manually it works fine.

Windows Firewall alerts may show up from time to time asking you to unblock certain applications. That's because ZeroAccess rootkit injects malicious code into system files to bypass Windows firewall.

And probably the most clear sign of this infection is a questionable process named numbers:numbers, for example 238466872:32468238.exe.

This process is protected, you can't just terminate it as any other system process. Doing system restore won't help either. First of all, you need to remove the rootkit; otherwise you won't be able to run anti-malware software. Thankfully, there are a couple of tools designed to remove ZeroAccess rootkit from the system. To remove the rootkit and to stop redirects, please follow the removal instructions below. Good luck and be safe online! removal instructions:

1. First of all, download and run ZeroAccess/Sirefef/MAX++ removal tool. (works on 32-bit systems only!)

2. Then use TDSSKiller.

3. Finally, scan your computer with recommend anti-malware software to remove the leftovers of this virus from your computer.
NOTE: if you get the following Windows Security Alert, please click on Unblock button. This alert is caused by ZeroAccess rootkit.

Share this information with your friends:

No comments:

Post a Comment