KillZA is a ZeroAccess Malware Removal/Repair Tool
Current Version: 2.0.1
NEWS: KillZA is dated and does not work on the latest variants. There are other tools out there like Bitdefender’s tool and another I’m not thinking of right now, and they seem to do a good job at both removal and repair. No reason to reinvent the wheel until the next time we have a new ZeroAccess variant and no tool to remove it easily.
NEWS: KillZA v2.x now performs Windows repairs after the removal is complete!!!
KillZA is a quick and dirty tool I wrote to remove the newer ZeroAccess (Sirefef) user mode variants, those that hide in a subdir of Windows, and some of the Recycle Bin variants.
Currently this is the Sirefef.P dropper with .X – .Z and other misc. payload, but may work for others. NOTE on 5/2013 that KillZA does not handle complete cleanup of the most current revisions of Zero Access, so your mileage may vary depending on the particular variant.. The actual repair process performed by KillZA still proves effective at the time of this writing.
The removal procedure takes care of the hidden files in your %temp% directory, anything found in %windir%Installer, anything found in a hidden dir within the Recycle Bin, as well as replacing a potentially infected services.exe file, and repairing infected registry entries.
SIDE EFFECT NOTE: On Vista/7, this utility will remove the current user’s Windows logon password, if set – don’t ask why it’s not important… Also when Windows has multiple user accounts, you must log in to the same user account where you first started KillZA from on all subsequent reboots, until the utility is finished.
This tool is NOT for earlier versions of ZA (the old rootkit versions that used an NTFS junction point to mask its files.)
These Youtube videos demonstrate the latest infection techniques and showcases removal with KillZA, and repair with D7. NOTE: These videos showcase v1.x of KillZA – where repair with D7 was required after removal – this is no longer the case as KillZA v2.x now performs the repairs!
Latest News
-
d7x v21.2.27 Release Notes For the new Windows Updates (DISM Wrapper) – updated install...
Read More -
d7x v21.2.26 Release Notes Added d7x function to enable Windows System Restore, which is...
Read More -
d7x v21.2.19 Release Notes Registry Hive backup function now backs up registry hives to...
Read More -
d7x v21.2.16 Release Notes Fixed an issue with dUninstaller (UI) failing to uninstall programs...
Read More -
d7x v21.2.13 Release Notes Added ability to run Custom Apps with standard user privileges...
Read More -
d7x v21.2.12 Release Notes Added the ability to test your configured Map Drives directly...
Read More -
d7x v21.2.5 Release Notes Added ability to search/run all custom apps directly from the...
Read More -
d7x v21.2.3 Release Notes d7x email functionality is now enabled for all, regardless of...
Read More -
d7x v21.1.27 Release Notes Reports tab now displays reports with Unicode characters. For example,...
Read More -
d7x v21.1.25 Release Notes Fixed an issue in dUninstaller (KillEmAll) where programs installed without...
Read More