Trojan.Zeroaccess.C Description

Trojan.Zeroaccess.C is an alternative of the ZeroAccess rootkit, also known as Max++ or Sirefef, that uses file-downloading attacks to install other PC threats, along with potentially stealing confidential information, altering web browser pages and infecting native Windows files. Because Trojan.Zeroaccess.C, like all variants of Sirefef, is a high-level threat that will attempt to avoid your attention while Trojan.Zeroaccess.C circumvents your PC security, malware experts recommend that you trust anti-malware products to detect and delete Trojan.Zeroaccess.C when necessary. Notable casualties of a Trojan.Zeroaccess.C infection that isn’t removed with sufficient alacrity include logins for e-mail accounts and bank accounts, as well as compromised web-browsing safety. Other than the relatively minor file changes that are required for Trojan.Zeroaccess.C to function, Trojan.Zeroaccess.C doesn’t show symptoms of its attacks, despite their danger.

Trojan.Zeroaccess.C: Shedding Old Tricks for New Ones

Trojan.Zeroaccess.C is an innovative and somewhat risky update for ZeroAccess, in that Trojan.Zeroaccess.C abandons traditional rootkit-based attacks in lieu of a new NT File System exploit. This exploit uses the Extended Attributes feature of that file system to patch malicious code into the Windows services.exe file – permanently. The nature of Trojan.Zeroaccess.C’s attack means that the only way to restore services.exe is to use a backup from a clean source (such as a Windows CD or DVD). Fortunately, Windows versions from Vista on up to Windows 7 do include a ‘Restore previous versions’ feature that will let you roll back to a clean version of a Trojan.Zeroaccess.C-infected file.

» Learn more about SpyHunter's Spyware Detection Tool
and steps to uninstall SpyHunter.

Services.exe files that are infected by Trojan.Zeroaccess.C may be identified by their own labels such as Trojan.Zeroaccess!inf4.

Scanning files that exploit Extended Attributes maliciously requires some additional coding effort for anti-malware products – hence the purpose of this new feature for Trojan.Zeroaccess.C is an obvious defensive measure to prevent detection. However, many prominent brands of anti-malware programs are capable of detecting PC threats that exploit the EA and other NTFS-related features, and malware researchers still recommend that you use anti-malware software as usual for removing Trojan.Zeroaccess.C as the latest variant of ZeroAccess (no longer a rootkit).

A Survey of All the Functions That Trojan.Zeroaccess.C Hasn’t Abandoned

Although Trojan.Zeroaccess.C was quick to drop a function that wasn’t working out for Trojan.Zeroaccess.C as intended, other features that are traditionally-observed as part of the ZeroAccess/Sirefef/Max++ package remain intact. malware experts have delineated some of the most central attacks and side effects of Trojan.Zeroaccess.C attacks as follows:
  • Loss of account information associated with banks and e-mail accounts due to Trojan.Zeroaccess.C monitoring browser-submitted data with traditional spyware features (keylogging, screen captures, etc).
  • Altered web page content. Trojan.Zeroaccess.C may use this to redirect you to hostile sites, phish for additional information or block you from PC security domains.
  • Internet connectivity and firewall issues due to Trojan.Zeroaccess.C’s backdoor capabilities, which allow unauthorized network traffic. Your data transfer speeds may drop for no obvious reason, and your Internet connection may even be disabled randomly.

Trojan.Zeroaccess.C is limited to attacking Windows PCs, but malware analysts have noted Trojan.Zeroaccess.C’s significant expertise within that specialty. Trojan.Zeroaccess.C will install different components for different versions of Windows and is capable of infecting even modern versions of that OS such as Windows 7.


Trojan.Zeroaccess [PCTools]TR/Crypt.XPACK.Gen [AntiVir]Troj/ZAccess-KY [Sophos]Backdoor.Win32.ZAccess.cdsd [Kaspersky]TROJ_GEN.RC1H1E4 [TrendMicro-HouseCall]Suspicious file [Panda]Generic30.CAC [AVG]W32/ZeroAccess.B!tr [Fortinet]Win32/Sirefef.EV [ESET-NOD32]Win32:Rootkit-gen [GData]

More aliases (15)

Trojan.Zeroaccess.C Automatic Detection Tool (Recommended)

Is your PC infected with Trojan.Zeroaccess.C? To safely & quickly detect Trojan.Zeroaccess.C we highly recommend you run the malware scanner listed below.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

Registry Modifications

Tutorial: To edit and delete registry entries manually, read the tutorial on how to remove malicious registry entries.

Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
  • The following newly produced Registry Values are:
    HKEY..\..\{Value}HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32\"@" = "%UserProfile%\AppData\Local\[UUID]\n."HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32\"@" = "%UserProfile%\Local Settings\Application Data\[UUID]\n."HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\"@" = "%Windir%\Installer\[UUID]\n."

Related Posts

Posted: August 16, 2012 | By
Rate this article:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Threat Metric
Threat Level: 9/10
Detection Count: 103
Home Malware ProgramsTrojans Trojan.Zeroaccess.C

Leave a Reply

What is 4 + 4 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)