In-The-Field evaluation and removal of the “Sirefef” Trojan.

A new customer got in contact with me, recently, to explain various alerts her anti-malware produced over the last 24 hours – in this instance her anti-virus application was AVG.

She identified alerts such as virus descriptions: win64: sirefef-A win64: sirefef-AO win32: malware. gen. I quickly recognized these warnings as existence of the Sirefef virus. Sirefef is a nasty virus that will install rootkits, modify your registry settings, and adjust other important windows system files such as services. exe. If left unattended Sirefef can cause a full system crash. Some adaptations will probably include backdoors and keyloggers which can be used to gain access to confidential data like passwords, credit card, and bank account info.

Indicators of the Sirefef Trojan include things like: rerouted web searches, altered web browser homepage, changed desktop background image, slower operation from the pc, and uninitiated pop-up windows.

I start out by downloading the typical analysis and repair programs to the infected computer system through peripheral drive – programs consited of Avast, autoruns, ComboFix, OTL, and MalwareBytes. It’s important to be aware that I rename combofix. exe before uploading the program to the infected pc.

My 1st action consists of performing a system check with OTL. Here, the OTL log revealed undesired adjustments to the Internet Explorer registry values, undesired browser helper objects, and needless active x components. I proceed by scripting and applying an OTL fix.

Next, I continue to disable all anti-virus and anti-malware applications that were running and commence an test and repair using ComboFix. Keep in mind, Combofix can act undesireably during a diagnostic hence it’s preferred to leave it alone until completion. Combofix discovered several files for removal throughout the following directories: c: data, c: documents and settings, c: windowsDownloaded Program Files, c: windowsInstaller.

I conduct one additional scan of the computer with Avast which located no additional threats on the pc. I finish a few additional modifications including: updating Java, installing Malware Bytes and FileHippo update checker, and verifying that Windows in up-to-date.

Posted in Virus, Malware And Spyware Removal

Leave a Reply

Call Us!
Call us for a free analysis.
(818) 674-0941
Poke us