Win32/Sirefef.R is another member from the nasty Sirefef Family targets to attack computers with 32 bit just like Trojan:Win32/Sirefef.FA. It is discovered by Microsoft Security Essentials recently. This infection can access the targeted computer without any permission and conceal its components deeply in an infected operating system to avoid the deletion of antivirus programs.
Upon installation, this virus may establish a connection so that remote attacker may gain control on the infected computer. It will gather your personal data such as credit card info, log in numbers and then connect to a remote IRC server and forward the data to cybercriminals without your permission. Moreover, it displays numerous annoying advertisements while you are browsing online. This annoying virus is also capable of bring additional spyware to your machine, making your computer in crisis. Hence, users should know Win32/Sirefef.R only represents security risk for the compromised system and its network environment. Do not hesitate to remove it before a precious mess to computer.
1. Reboot your computer to safe mode with networking. As your computer restarts but before Windows launches, tap “F8” key constantly.
2. Show hidden files and folders.
Open Folder Options by clicking the Start button, clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
Click the View tab.
Under Advanced settings, click Show hidden files and folders, uncheck Hide protected operating system files (Recommended) and then click OK.
3. Open Registry entries. Find out the malicious files and entries and then delete all.
Attention: Always be sure to back up your PC before making any changes.
a. Press the “Start” button and then choose the option “Run”. In the “Open” field, type “regedit” and click the “OK” button.
b. All malicious files and registry entries that should be deleted:
%Documents and Settings%\[UserName]\Application Data\[random]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\”Shell” = “[random].exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\”Taskman” = “%UserProfile%\Application Data\[RANDOM CHARACTER].exe”
If you failed to remove Win32/Sirefef.R with the instructions above or need any assistant, you are welcome to contact YooCare experts to resolve all the problems completely.
Published by & last updated on August 17, 2012 5:05 pm