How do I remove Sirefef (ZeroAccess) trojan?

KB Solution ID: SOLN2895|Last Revised: February 05, 2014

Issue

  • Your ESET product detects the threat Win32/Sirefef, patched.b.gen, or Conedex
     
  • You believe that you are infected with a rogue antivirus such as "Open Cloud Security"
     
  • You receive the message "Error communicating with kernel"

Details

  • This malware is also known as "ZeroAccess" or "Max++" and ESET detects all variants of this threat as Win32/Sirefef

Solution

VIDEO: How do I remove Sirefef (ZeroAccess) trojan?

 

I. Download the ESETSirfefCleaner tool

Click the link below to download the ESETSirefefCleaner tool. Save the file to your Desktop and continue to part II.

ESETSirefefCleaner

Unable to download "ESETSirefefCleaner.exe contained a virus and was deleted"

More recent variants of Sirefef might prevent you from downloading our removal tool. If you cannot download the tool, follow the steps below:

  1. Click Start Computer Local Disk (C:) Program Files.
     
  2. Right-click the Windows Defender folder and select Rename from the context menu.
     
  3. Add a unique variation to the filename, such as .old (for example, Windows Defender.old).
     
  4. Click the link above to download the ESETSirefefCleaner tool.
     
  5. When the download is complete, make sure to rename the Windows Defender folder back to its original filename before running the ESET SirefefCleaner tool. When you are finished, proceed to part II.

 

II. Run the ESETSirefefCleaner tool

  1. From your Desktop, double-click ESETSirefefCleaner, which you downloaded in part I.
     
  2. If security notifications appear, click Continue or Run.
     
  3. The message "Win32/Sirefef.EV found in your system" will be displayed If an infection is found. Press Y on your keyboard to remove the infection.

Figure 1-1

  1. Once the tool has run, you will be prompted to restore system services after you restart your computer. Press Y on your keyboard to restore system services and restart your computer.

Figure 1-2

  1. Once your computer has restarted, if you are presented with a security notification click Yes or Allow. and then continue to part III below.

 

III. Perform a computer scan

  1. Open ESET Smart Security or ESET NOD32 Antivirus. How do I open my ESET product?
     
  2. Click Computer Scan Custom scan...  and select In-depth scan from the Scan profile drop-down menu.

Figure 1-3

  1. Select the check box next to Computer and click Scan. The scan will remove any remnants of the malware still left on your system.

    Windows XP users: Select the check box next to My Computer and then click Scan.

Figure 1-4

 

If you are still unable to resolve your issue, please contact ESET Customer Care.

Rate this article:
1 2 3 4 5
Please comment on your rating...
We cannot respond to feedback from this form. Requests for assistance should be submitted through your normal support channel.
5 - Definitely
4 - Mostly
3 - Somewhat
2 - Not Really
1 - Not At All