Trojan.Zeroaccess.C Description

Trojan.Zeroaccess.C is a Trojan that may distribute other malware infections to the affected PC. Trojan.Zeroaccess.C can steal confidential data from the infected computer system. While being run, Trojan.Zeroaccess.C determines if the affected computer is 32- or 64-bit and chooses the particular payload. Trojan.Zeroaccess.C adds and runs infected files, creates folders and registry entries. Trojan.Zeroaccess.C then contacts a peer-to-peer network and downloads other threat modules.

Aliases: Trojan.Zeroaccess, TR/Crypt.XPACK.Gen [AntiVir], Troj/ZAccess-KY [Sophos], Backdoor.Win32.ZAccess.cdsd [Kaspersky], TROJ_GEN.RC1H1E4, Suspicious file [Panda], Generic30.CAC [AVG], W32/ZeroAccess.B!tr [Fortinet], Win32/Sirefef.EV, Win32:Rootkit-gen [GData], Heur.Packed.Unknown [Comodo], Troj/ZAccess-EG [Sophos], Trojan-Ransom.Win32.PornoAsset.aqbx [Kaspersky], Win32:Rootkit-gen [Rtk] [Avast] and Trojan.Zeroaccess.C [Symantec].

Technical Information

File System Details

Trojan.Zeroaccess.C creates the following file(s):
# File Name Size MD5 Detection Count
1 %SystemDrive%\RECYCLER\S-1-5-21-1757981266-651377827-725345543-1004\$c92fb3b7c6b3de11862f12d94804b2dd\n. 52,736 4a8843f21767e135133d3c310a8ce1c3 4
2 %UserProfile%\AppData\Local\[UUID]\@ N/A
3 %Windir%\Installer\[UUID]\n N/A
4 %UserProfile%\Local Settings\Application Data\[UUID]\n N/A
5 %Windir%\Installer\[UUID]\@ N/A
6 %UserProfile%\Local Settings\Application Data\[UUID]\@ N/A
7 %UserProfile%\AppData\Local\[UUID]\n N/A
8 decry.tmp 108,544 bffc3e2b7382d093fb7440cabbd7b1ba 0
9 strikezIR1CF.dll 110,080 2f80f51188dc9aea697868864d88925d 0
10 malware.dll 124,416 21ffd24b8074d7cffdf4cc339d1fa8fe 0
More files

Registry Details

Trojan.Zeroaccess.C creates the following registry entry or registry entries:
HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32\"@" = "%UserProfile%\Local Settings\Application Data\[UUID]\n."
HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32\"@" = "%UserProfile%\AppData\Local\[UUID]\n."
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\"@" = "%Windir%\Installer\[UUID]\n."

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.