I can see, that you´ve heard about Sirefef.C which is in the system32 folder. I have that virus and cannot remove it. I have tried a full computerscan as described earlier, but F-Secure didn´t quarantine the file. I have also tried booting in secure mode and remove the file manually, but Í get the message, that the files is open, so it can´t be deleted.
Can you help? And if you can, I need to tell you, that I am not very computerskilled and English is my second language, so please very basic descriptions....
And do you know, if it is safe for me to use the computer - netbanking etc.?
I´m sorry this reply comes quite late. It´s been a while since i´ve been surffing on these forums. If you still have this problem, please post f-secure log file, and i can check it for you.
When using Windows XP and the Windows' System Restore Folder feature is enabled, it is NOT possible to disinfect malware, because Windows will use its own cache to re-plant the files which the antivirus deletes or moves to quarantine. The malware just keeps coming back, no matter how many times it gets detected and disinfected.
Some antivirus vendors use tricks, like asking the user to reboot and vanquishing the malware file during start-up time, when System Restore is not yet active. F-Secure does not do this, so it is necessary to disable Windows System Restore folders for all disk partitions (drives) before attempting to disinfect.
(Windows System Restore folder functionality has been somewhat replaced with WinSxS in VIsta and Win7).
Another possibility is for malware to come back from another infected computer, via network transfer, if there is a wired or Wi-Fi connection to the LAN.
Best Regards, Tamas Feher from Hungary.
This topic has been closed due to inactivity. If you would like to discuss this topic further, please start a new post.
You can reference this topic in your post by adding this link:
Visit the Community
Check our Forums or How-to & FAQs for advice or answers
View User Guides
Refer to our getting started guides and product manuals
Talk to our Support and get answers to your questions