Threat Database Rootkits Mal/ZAccess-D


By Domesticus in Rootkits

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 1
First Seen: December 12, 2011
Last Seen: November 13, 2020
OS(es) Affected: Windows

Mal/ZAccess-D attacks a computer system by altering the way commands are issued and received within its operating system. By doing so, Mal/ZAccess-D causes severe conflicts to occur in the way the infected computer system accesses its own hardware, causing it to essentially shut down and display constant hardware error messages. There are many ways of referring to Mal/ZAccess-D. In general, Mal/ZAccess-D is known as 'ZeroAccess' or as some variant of this name. This name is quite apt because of Mal/ZAccess-D's capacity to block all access to the computer system's hardware. A computer system infected with Mal/ZAccess-D will have access to its own devices essentially closed down, becoming impossible to control. ESG security researchers recommend using a strong, reliable, and fully-updated anti-malware program to remove Mal/ZAccess-D from your computer system. ESG malware analysts consider that Mal/ZAccess-D and all its variants are extremely severe malware infections that can incapacitate a computer system completely. This malware infection contains rootkit elements that make Mal/ZAccess-D quite difficult to remove completely from the infected computer.

Basic Facts About Mal/ZAccess-D and its Variants

The first versions of Mal/ZAccess-D were first discovered in the wild in 2009. Mal/ZAccess-D first gained the attention of PC security analysts because of its ability to stop most security programs of the time. Since 2009, Mal/ZAccess-D has evolved continually, becoming ever more advanced and potentially dangerous. Variants of Mal/ZAccess-D and the ZeroAccess rootkit are among some of the most advanced kernel mode rootkits, capable of infecting a computer system at its deepest levels. While not the most dangerous of these malware infections (many PC security researchers consider the TDLx family of rootkits as even worse than Mal/ZAccess-D and its variants) Mal/ZAccess-D has several features that allow Mal/ZAccess-D to become associated with other dangerous malware infections (such as the Google Redirect Virus). In fact, due to the way Mal/ZAccess-D works, Mal/ZAccess-D is an ideal vehicle for other associated malware, such as browser hijackers and other kinds of Trojans. Mal/ZAccess-D has been closely associated with the fake search engine scam, which has gained notoriety since the summer of 2011. By using Mal/ZAccess-D's rootkit capabilities, any malware infection can hide from detection and gain full access to the victim's computer system while remaining undetectable by most security applications.

File System Details

Mal/ZAccess-D may create the following file(s):
# File Name Detections

Registry Details

Mal/ZAccess-D may create the following registry entry or registry entries:
"EnableUIADesktopToggle"= 0
HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List "%windir%\\Network Diagnostic\\xpnetdiag.exe"=


Most Viewed