How to Remove Win32/AccessibilityEscalation Trojan from Windows 10

Windows Defender will trigger an Win32/AccessibilityEscalation alert if any of the accessibility programs (like sethc.exe, utilman.exe, magnify.exe, osk.exe, etc) has been manipulated. Such attempts are used within the sticky keys hack to reset forgotten Windows password from the lock screen. Since September 2018 those hacks won't work anymore.

In this tutorial we'll show you a simple way to remove the Win32/AccessibilityEscalation trojan from your Windows 10 computer, by repairing the corrupted or hijacked accessibility programs.

Steps to Remove Win32/AccessibilityEscalation Trojan

1. Open the Command Prompt as administrator and run the sfc /scannow command. The System File Checker will run a full system scan and fix any missing or corrupt system file. It might take quite a while to finish.

   

   You can also just check the integrity of a particular file and repair it using the /scanfile option, like this:

   sfc /scanfile=c:\windows\system32\sethc.exe

2. Once the verification reaches 100%, you'll see the message "Windows Resource Protection found corrupt files and successfully repaired them", assuming issues were found and fixed.

   

3. All errors found and fixed are recorded in a CBS.log file located in the folder: C:\Windows\Logs\CBS. You can open this file to view the details.

   

   if the SFC command fails to run properly or can't repair the accessibility programs, use the DISM command:

   DISM /Online /Cleanup-Image /RestoreHealth

4. Now, reboot your computer and Windows Defender should no longer report the Win32/AccessibilityEscalation trojan.