How do I remove Sirefef (ZeroAccess) trojan?
- This malware is also known as "ZeroAccess" or "Max++" and ESET detects all variants of this threat as Win32/Sirefef
I. Download the ESETSirfefCleaner tool
Click the link below to download the ESETSirefefCleaner tool. Save the file to your Desktop and continue to part II.
II. Run the ESETSirefefCleaner tool
- From your Desktop, double-click ESETSirefefCleaner, which you downloaded in part I.
- If security notifications appear, click Continue or Run.
- The message "Win32/Sirefef.EV found in your system" will be displayed If an infection is found. Press Y on your keyboard to remove the infection.
- Once the tool has run, you will be prompted to restore system services after you restart your computer. Press Y on your keyboard to restore system services and restart your computer.
- Once your computer has restarted, if you are presented with a security notification click Yes or Allow. and then continue to part III below.
- Open ESET Smart Security or ESET NOD32 Antivirus. How do I open my ESET product?
- Click Computer Scan → Custom scan... and select In-depth scan from the Scan profile drop-down menu.
Select the check box next to Computer and click Scan. The scan will remove any remnants of the malware still left on your system.
Windows XP users: Select the check box next to My Computer and then click Scan.
If after performing the steps in parts I-III above the issue is not resolved, follow the instructions below:
Click Start → All Programs → Accessories. Right-click Command Prompt and choose Run as administrator from the context menu.
- Windows 8 users: Press the Windows key + Q to open an app search and type cmd into the Search field. Right-click the cmd application when it appears in results and select Run as administrator from the context menu.
- Click Start → All Programs → Accessories. Right-click Command Prompt and choose Run as administrator from the context menu.
- In the command prompt, type CD %userprofile%\desktop. The directory will change to indicate that you are accessing files from your Desktop.
To run the ESETSirefefCleaner tool in manual repair mode, type the command ESETSirefefCleaner.exe /f
The following switches can be used with ESETSirefefCleaner.exe:
- /d => Generate log: The scanner will produce a log of its activity which can be submitted to ESET for further analysis. We recommend that you use this switch so that ESET technical support agents can examine these logs if needed.
- /s => Silent mode: Files will be cleaned/decrypted in the background with no logs created.
- /f => Force cleaning: Any infected files will be cleaned or decrypted without any prompt from the user.
- /r => Restore system services: Attempts to restore any system components that have been disabled or damaged by the malware.
- Once the tool is finished you will be prompted to restart your computer. Click Yes to restart.
- Once your computer has restarted, follow the instructions from part III of this article to perform a computer scan.