ZeroAccess Part 3: How to stop it.

If you have read Part 1 and Part 2, you should have a pretty good idea of what ZeroAccess is and how dangerous it is. In this post, I will go through multiple methods of removal that I have found while searching the web.

1. Tools
1. cleanpcguide.com has a removal tool that you can download here
2. Use ESET's removal tool downloaded here
3. Use McAfee's RootkitRemover, available here
2. Manual Removal (as Provided by   http://www.cleanpcguide.com/remove-zeroaccess-removal-guide-how-to-remove-zeroaccess/ )
1. Stop ZeroAccess process using the windows task manager. (This will most likely be some random name, if you see a process that you do not recognize, right click and view location to find files associated with it, this will be needed in step 4, then end it.)
2. Uninstall ZeroAccess program from windows control panel Add/Remove Programs. (control panel --> Programs --> Remove/change, then find something you think looks fishy, or do not remember installing)
3. Open windows registry using regedit.exe command. Find and Remove all ZeroAccess Registry Files. (will usually be under the HKLM or HKCU run directory (startup registry))
4. Search for ZeroAccess Files on your computer and delete it. (files found in step 1)

If none of these work, the malwarbytes community is very helpful. You can ask for help here.

Tell me what you thought of this three part series, and remember to comment what I should blog about next.