Help! a Trojan called: Trojan.Sirefef.K


Re: Help! a Trojan called: Trojan.Sirefef.K

hi i also have had this problem and thanks to you guys i will get rid of it thank you


Re: Help! a Trojan called: Trojan.Sirefef.K

Hi Oiwa


I can see, that you´ve heard about Sirefef.C which is in the system32 folder. I have that virus and cannot remove it. I have tried a full computerscan as described earlier, but F-Secure didn´t quarantine the file. I have also tried booting in secure mode and remove the file manually, but Í get the message, that the files is open, so it can´t be deleted.


Can you help? And if you can, I need to tell you, that I am not very computerskilled and English is my second language, so please very basic descriptions....


And do you know, if it is safe for me to use the computer - netbanking etc.?


Best regards


Luna 99


Re: Help! a Trojan called: Trojan.Sirefef.K

I am sorry to tell you this, but I have it removed by a different AV. I won't be sharing it here, but I hope F-Secure will make updates real fast.


Re: Help! a Trojan called: Trojan.Sirefef.K

Hi Luna99,


I´m sorry this reply comes quite late. It´s been a while since i´ve been surffing on these forums. If you still have this problem, please post f-secure log file, and i can check it for you.




Re: Help! a Trojan called: Trojan.Sirefef.K



When using Windows XP and the Windows' System Restore Folder feature is enabled, it is NOT possible to disinfect malware, because Windows will use its own cache to re-plant the files which the antivirus deletes or moves to quarantine. The malware just keeps coming back, no matter how many times it gets detected and disinfected.


Some antivirus vendors use tricks, like asking the user to reboot and vanquishing the malware file during start-up time, when System Restore is not yet active. F-Secure does not do this, so it is necessary to disable Windows System Restore folders for all disk partitions (drives) before attempting to disinfect.


(Windows System Restore folder functionality has been somewhat replaced with WinSxS in VIsta and Win7).


Another possibility is for malware to come back from another infected computer, via network transfer, if there is a wired or Wi-Fi connection to the LAN.


Best Regards, Tamas Feher from Hungary.