ZeroAccess, also known as max++ and Sirefef is a trojan horse that affects Microsoft Windows operating systems. It is used to download other malware on an infected machine and to form a botnet mostly involved in Bitcoin mining and click fraud, while remaining hidden on a system using rootkit techniques.


This variant of ZeroAccess will infect Services.EXE, a critical operating system file. This variant is also a browser-redirector, redirecting to sites such as Stopzilla and other adware links. It will drop the following items to "C:\Windows\Installer\{d3886955-9395-1032-8b62-ad0753710459}"

  • L folder
  • U folder
  • @.sys
  • N.sys

It will also drop copies of the file into AppData


  • Trojan.Zeroaccess (Symantec)
  • Trojan:Win32/Sirefef (MSE)
  • Win32/ZeroAccess (AVG)
  • BKDIR_ZEROACCESS (Trend Micro)

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.