F-Secure highlights new removal process used by ZeroAccess malware

ZeroAccess malware – deletes itself using an innovative technique

QUOTE: We normally see malware developing and evolving over the years. One particular malware we’ve been following is ZeroAccess, which has been continuously improving which we first detected it in late 2010. Case in point: in the latest samples, its self-deletion routine has changed.  This is a simple Windows batch file ZeroAccess used to use to remove itself after execution, as a fast and simple way to hide any traces of its presence from the user. Lots of other malware use this batch file self-deletion method. Recently though, it looks like ZeroAccess wants to be a bit more different and make things more complicated for analysts.