Short Version:
Beware of the zeroaccess trojan. You may not even know you have it. It’s been around awhile but it has been found on the computers of several people I know. Your anti-virus software will most likely not even detect it. Even if that software has tools for rootkit removal, because each rootkit remover is made for a specific rootkit. Scroll to bottom to see how to check if you have it or remove it.

Long Version:
There has been a big resurgence of the zeroaccess trojan sometimes called avg zeroaccess trojan because AVG found it. It is NOT from AVG the anti-virus software. It is also known as max++ and Sirefef. It only affects Microsoft Windows operating systems. It is used to download other malware on an infected machine and to form a botnet mostly involved in Bitcoin mining and click fraud, while remaining hidden on a system using rootkit techniques.

Rootkits are very bad news … A rootkit is malicious software designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer.

Rootkit installation can be automated (you can get it from an email, clicking on web ads, installing software, etc. or an attacker can install it once they’ve obtained root or Administrator access. Obtaining this access is a result of direct attack on a system by exploiting a known vulnerability or obtaining a password. Once installed, it becomes possible to hide the intrusion as well as to maintain privileged access. The key is the root/Administrator access. Full control over a system means that existing software can be modified, including software that might otherwise be used to detect or circumvent it.

Rootkit detection is difficult because a rootkit may be able to subvert the software that is intended to find it. Detection methods include using an alternative and trusted operating system, behavioral-based methods, signature scanning, difference scanning, and memory dump analysis. Removal can be complicated or practically impossible, especially in cases where the rootkit resides in the kernel; reinstallation of the operating system may be the only available solution to the problem. When dealing with firmware rootkits, removal may require hardware replacement, or specialized equipment. The Avg Zero Access trojan does not typically require a fresh install and it does not attack hardware.

This particular trojan is big business the “bad guys” are making a lot of money off this and are even paying people to put it out there. It has been around for maybe 3 years, but since I’m seeing it so much lately I thought I’d throw it out there for you guys.

 

Your favorite anti-virus software may have a remover for it I know these do and here are the instructions with the downloads:

Free AVG – http://free.avg.com/us-en/remove-win32-zeroacces

MWB (usually can clean it with a normal full scan but here is the rootkit tool) – http://blog.malwarebytes.org/news/2012/11/meet-malwarebytes-anti-rootkit/

McAfee – http://www.mcafee.com/us/downloads/free-tools/how-to-use-rootkitremover.aspx

Norton – http://www.symantec.com/security_response/writeup.jsp?docid=2012-080900-3758-99&tabid=3

or google for the file named avg_remover_zeroaccess.exe