How to get rid of the Srefef maleware virus?

Sithlyone

Solid State Member
Messages
14
Location
United States
The Wife's computer (win7) contracted the "Sirefef" virus and I am totally baffled as to how to get rid of it.

I've googled and youtubed my way to this site and have downloaded Malewarebytes.

I ran it on the computer twice. First pass was the quick scan and it didn't detect it. The second pass I did the deeper version and it found it, however it only allowed me to "quarenteen it. How do I get rid of it completely?

Also on the second pass I noticed that it too found the same two problems that it found the first time. I clicked the box that said to get rid of them, but apparently that didn't work.

Any suggestions would be great, thanks.
 
Hey man. I had a quick search and most places recommended this.

1. Shut down your computer.
2. Restart your computer. Press the F8 key (one of the small keys located at the top center of your keyboard) when you're prompted to do so for advanced options during start-up to run your computer in Safe Mode. If you don't see the prompt during start-up, you may want to restart the computer and hold down the F8 key during the entire start-up process.
3. From the advanced Start-up menu, choose Safe Mode with Networking from the menu and press the Enter key.
4. When your computer is ready, press the CTRL, ALT and Delete keys at the same time to open the Task Manager.
5. Find Win64/Sirefef.G in the Processes list and stop it by clicking the name to highlight it and then clicking on the End Process button at the bottom right of the Task Manager window.
6. Go to the Windows Start Menu.
7. Run a search for the files that contain the name "Win64/Sirefef.G." These are files that the malware downloads to your computer.
8. Right-click on the files that contain Win64/Sirefef.G and choose the Delete option.
9. Run a search for a file named "%CommonDocuments%[random].sys."
10. Right-click on the files that contain that name and choose the Delete option.
11. Run a search for a file named "%Windows%system32\DRIVERS\[random].sys."
12. Right-click on the files that contain that name and choose the delete option.
13. Run a search for a file named "%System%\[random].dll."
14. Right-click on the files that contain that name and choose the delete option.
15. Run a search for a file named "%Windir%\addins\[random]."
16. Right-click on the files that contain that name and choose the delete option.
17. Go to the Start Menu again and open the Accessories file.
18. Click on the Run program.
19. Type in "regedit" and click the OK button.
20. This will bring up a list.
21. Find"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_[random string]."
22. Right-click on the file and select Delete.
23. Find "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_[random]."
24. Right-click on the file and select Delete.
25. Find "HKEY_LOCAL_MACHINE\Software\Classes\CLSID\ [random]."
26. Right-click on the file and select Delete.
27. Restart your computer in Normal Mode.
28. Run a full system scan to look for any traces of the Trojan.
 
Hey, thank you for the reply. However I've already attempted that solution and got as far as

5. Find Win64/Sirefef.G in the Processes list and stop it by clicking the name to highlight it and then clicking on the End Process button at the bottom right of the Task Manager window.

I didn't see this file name in the tskmnger.

However I found in: [My computer> Windows > Installer] A file that housed the virus. (A guy on youtube did a nice tut on how to find this).

This is the same file that Maleware bytes singled out and quarenteened.

You can't just delete it, it won't let you.

So, I guess my problem is that I can't find it in tskmgr in order to remove it. Is there a special way to do this?
 
Back
Top Bottom