1. #1
    stefanw56 is offline New Member
    Join Date
    Aug 2012
    Posts
    1

    Default Trojan WIN64 Sirefef-A removal

    Anyone know how to get rid of this nasty Trojan WIN64 Sirefef-A it seems to have disabled Update and Windows Firewall & Security Centre. Managed to get Avast and Comodo Firewall on but rest don't work.

  2. #2
    HappyAndyK's Avatar
    HappyAndyK is offline Site Administrator
    Join Date
    Jun 2008
    Posts
    7,284

    Default

    Microsofts Malware Protection Center says that the antivirus definitions may be able to detect and prevent WIN64 Sirefef, but nothing is mentioned about its removal.

    Win32/Sirefef is a dangerous threat that uses advanced stealth techniques in order to hinder its detection and removal. Particular variants of Win32/Sirefef may also make lasting changes to your computer that will NOT be restored - some system files may be irrevocably corrupted and essential security services may be disabled. Due to the severe consequences associated with this threat, you may need to reinstall your Windows operating system and other computer programs, and restore your files and data from backup if your computer is infected with any of the following Sirefef variants.
    See if you can do a system restore to a prior good point - or even restore the PC to factory condition. That may be the easiest option right now.

    Or else, clean up your PC junk using the Disk Cleanup tool, and see if you can schedule a a full in-depth boot-time scan of your Avast. Maybe that will help.

    Microsoft's Answer Desk is another option you may want to consider - but thats a paid option.

  3. #3
    Corrine's Avatar
    Corrine is offline Gold Member
    Join Date
    Jan 2009
    Location
    Upstate NY
    Posts
    961

    Default

    Hi, stefanw56.

    The ZeroAccess rootkit is indeed nasty and your best bet is a fresh install. However, if you would like assistance, please provide the following logs.

    Please download TDSSKiller.exe by Kaspersky and save it to your Desktop. <-- Important!!!
    • Right-click on TDSSKiller.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.

      If TDSSKiller does not run, try renaming the program file. Right-click on TDSSKiller.exe, select the Rename option and give the program a random name with the .com file extension (i.e. ektfhtw.com).

      If you cannot see file extensions, please refer to: How to change the file extension.
    • Click the Start Scan button. Do not use the computer during the scan!
    • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
    • Now click on Report to open the log file created by TDSSKiller.
    • The log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt is created and saved to the root directory. (Usually C: drive).
    • Copy and Paste the entire contents of the TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt file into your next reply.


    PLEASE DO NOT TRY TO FIX ANYTHING AT THIS STAGE.


    In addition, please download DDS.scr by sUBs and save it to your desktop: Link
    • Double-Click dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear, DDS.txt and Attach.txt.
    • A window will open instructing you save & post the logs.
    • Save the logs to a convenient place such as your desktop.
    • Copy the contents of both DDS.txt and Attach.txt logs and post in your next reply.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Log in

Log in

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22