ZeroAccess

ZeroAccess Description



ZeroAccess is a rootkit that uses advanced techniques to conceal itself and thwart your PC security software. Afterwards, ZeroAccess may also be used to open a backdoor on your system in the fashion of a backdoor Trojan. As is true of other rootkits that SpywareRemove.com malware researchers have analyzed, ZeroAccess has negligible symptoms of its activities, although you may be able to find ZeroAccess by watching for malfunctions in your anti-malware and security programs. ZeroAccess has been updated several times throughout its life and is sufficiently advanced and potentially damaging that only specialized and up-to-date anti-malware programs should be used to delete any ZeroAccess infection on your PC. Refraining from doing so will leave your computer open to attack by criminals and other forms of harmful software, and can cause lose of private information or destruction of files on your PC.

The Hidden ZeroAccess Threat to Your Computer


ZeroAccess is considered a highly-sophisticated kernel mode rootkit due to its use of multiple methods to obscure itself and attack programs that could find or remove ZeroAccess and similar rootkits. Although ZeroAccess isn’t considered quite as advanced as a TDL3 Rootkit, it remains comparable to such rootkits (including Rootkit.Boot.Mybios.a, TDSS.e!rootkit, TDSS Rootkit and Rootkit.Win32.Agent.bhnc) in terms of potential damage to your PC.

Since SpywareRemove.com malware researchers have found that ZeroAccess, like many other rootkits, prefers to load itself without an independent process that can be seen and shut down, you may not be able to tell when ZeroAccess is active unless its related attacks give off visible signals, such as browser hijacks, system slowdown or visibly-altered network settings.

However, the attack that ZeroAccess is most well-known for is its ability to shut down any program that engages in behavior that ZeroAccess feels would be a threat to ZeroAccess.
Download SpyHunter Spyware Scanner
This includes most forms of standard system scans that are used by anti-malware and security programs. Since ZeroAccess has received multiple updates since its origin in July of 2011, keeping your anti-malware software equally up-to-date is important for removing ZeroAccess.

You may also be able to infer the existence of ZeroAccess by noting the presence of related PC infections, particularly dropper Trojans. These Trojans, such asTrojan-Downloader.Agent-BFJ, Trojan-Dropper.Win32.Delf.br, Trojan-dropper.win32.VB.agtq, Trojan-Dropper.Win32.HDrop.apo or Trojan-Downloader.Agent-FCX can install ZeroAccess and may also install spyware, ransomware Trojans, worms or other PC threats.

Why ZeroAccess is a Great Big Zero for Your Computer’s Safety


Besides its notable security program-disabling traits, any particular ZeroAccess variant may also possess any or all of the following attributes:
  • In all instances that SpywareRemove.com malware experts have observed thus far, ZeroAccess chooses a system driver to infect for its base of operations. This allows ZeroAccess to launch without your consent and makes it extremely difficult to remove ZeroAccess, which can restore itself even when partially deleted. Improper removal of ZeroAccess is almost certain to cause harm to your operating system, which is why the use of a dedicated anti-malware program to delete ZeroAccess is strongly encouraged.
  • ZeroAccess may be used to steal private information. This can include account login data or passwords, Social Security numbers, credit card numbers or even all keyboard input, monitor output and webcam footage.
  • ZeroAccess may install other types of harmful programs onto your PC just as a standard dropper Trojan would do; these programs can include Remote Administration Tools, worms, viruses and many other forms of malicious software.
  • ZeroAccess may allow remote criminals to access and control your PC; the level of control that ZeroAccess potentially can allow to a criminal may be effectively unlimited.
  • Your system may also experience undesirable setting changes while ZeroAccess is on your PC. While open network ports and exceptions added to your firewall are the most likely changes, ZeroAccess may also cause any number of other alterations, such as concealing files, hijacking your browser or changing your desktop image.

Confirmed aliases for ZeroAccess include Dropper.Sirefef.B, Generic Dropper!dvy and Trojan-Dropper.Win32.Sireref.b.

ZeroAccess Automatic Detection Tool (Recommended)


Is your PC infected with ZeroAccess? To safely & quickly detect ZeroAccess, we highly recommend you run the malware scanner listed below.



Related Posts

Posted: August 23, 2011 | By
Share:
Follow Me on Pinterest More More
Threat Level: 10/10
3 votes, average: 5.00 out of 53 votes, average: 5.00 out of 53 votes, average: 5.00 out of 53 votes, average: 5.00 out of 53 votes, average: 5.00 out of 5 (3 votes, average: 5.00 out of 5, rated)
Loading ... Loading ...
Rate this article:
Detection Count: 13,900

2 Comments

  • Dwire says:
    January 16, 2012 at 5:01 am

    It’s actually a cool and useful piece of info. I’m happy that you simply shared this helpful info with us. Please keep us informed like this. Thanks for sharing.

  • Mary says:
    October 11, 2011 at 10:30 am

    saying system admin will not allow download. I am sys admin and can not find where i have this blocked.

Leave a Reply

What is 12 + 5 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)