Products & Services
Greeting! Today 2:03 a Trojan called: Trojan.Sirefef.Kentered in to my computer, but was fortunately removed by F-Secure.
But this Trojan keeps coming back! So far it has made 37 attempts & 8 of those it hasfailed to remove it! What should I do?
Please configure Manual Scanning options then run a Full computer scan.
- Settings > Manual Scanning > Scanning options:
a. Uncheck Scan only known file types.
b. Check Use advanced heuristics.
- Actions: Quarantine the file.
It Worked! Or at least I think it did…
After I did as instructed, I made a full security scan and it found & guarantiedfew viruses, but it didn’t found any spyware. This is odd, since I assumed thatTrojans are spywares and not viruses. Still I’m very grateful for your help!Good fortune & happy cyber surfing
No wait it’s still in my computer! TheF-Secure alarmed me again that it removed the Trojan.Sirefef.K.
The same Trojan that it removed exactly 40 times already! I don’t understand this. My F-Secureis up to date and I’ve been done the full virus scan 3 times today!
Is there anything else I can do?
Please provide the infection locations shown in your scanning report.
How? I’m sorry but I’ve never done this before.
I would greatly appreciate if you would post a step-by-step guide for me.
I found this text in scanning reports.
Is This what you are looking for?
Scanning Report 04 November 2011 16:13:33 - 17:05:58
Computer name: DRAGON-PCScanning type: Scan hard drivesTarget: C:\ \
Result: 3 malware found
I had exact the same trojan on my computer. Nasty little keylogger....
It seems i got it removed.
What i did was a full system scan with settings mentioned earlier in this thread.
(F-secure will put infected files to quarantine but still after a while it will promt a message of infected file. However the files are actually quarantined.)
After a scan i rebooted my computer and searced those infected files mentioned in f-secure log.
In your case, according your log-file Trojan.Sirefef.K is located here. -->> C:\Users\Sseeth\AppData\Local\9ea44023\X
You can remove the whole folders starting from 9ea44023 folder.
If you cant remove the file/folder, boot your computer to safemode, by pressing F8 when your computer is restartting. Find the files, remove them manually and boot your computer normally.
I hope this helps.
It worked! It really worked this time! No more alert messages for me
Thank you Oiwa & Jayson for your most excellent help.
However I would like to add a little detail that the file in question wasactually a hidden file. Had to make it a viewable from the control panel first.Thank you again for your help
Good fortune & happy cyber surfing
Good to hear you got it removed.
Tbh i forgot to tell that usually those files are hidden. I always make system/hidden files viewable right after installing windows so i can see them all the time.
This seems to be a newer version of this Trojan, as the files of older version were usually in system32 folder and there were also some registry-keys, you had to remove.
I did a little forum-search and it seems that this keylogger has newer variants already.
Got to be more careful when surffing on... ehmm.. adult sites
Happy and safe surffing to you too!
hi i also have had this problem and thanks to you guys i will get rid of it thank you
I can see, that you´ve heard about Sirefef.C which is in the system32 folder. I have that virus and cannot remove it. I have tried a full computerscan as described earlier, but F-Secure didn´t quarantine the file. I have also tried booting in secure mode and remove the file manually, but Í get the message, that the files is open, so it can´t be deleted.
Can you help? And if you can, I need to tell you, that I am not very computerskilled and English is my second language, so please very basic descriptions....
And do you know, if it is safe for me to use the computer - netbanking etc.?
I am sorry to tell you this, but I have it removed by a different AV. I won't be sharing it here, but I hope F-Secure will make updates real fast.
I´m sorry this reply comes quite late. It´s been a while since i´ve been surffing on these forums. If you still have this problem, please post f-secure log file, and i can check it for you.
When using Windows XP and the Windows' System Restore Folder feature is enabled, it is NOT possible to disinfect malware, because Windows will use its own cache to re-plant the files which the antivirus deletes or moves to quarantine. The malware just keeps coming back, no matter how many times it gets detected and disinfected.
Some antivirus vendors use tricks, like asking the user to reboot and vanquishing the malware file during start-up time, when System Restore is not yet active. F-Secure does not do this, so it is necessary to disable Windows System Restore folders for all disk partitions (drives) before attempting to disinfect.
(Windows System Restore folder functionality has been somewhat replaced with WinSxS in VIsta and Win7).
Another possibility is for malware to come back from another infected computer, via network transfer, if there is a wired or Wi-Fi connection to the LAN.
Best Regards, Tamas Feher from Hungary.