Win32:Sirefef-PL [Rtk] is categorized as a fatal Trojan that can invade the targeted PC stealthily without the computer owner’s consent and awareness. It includes backdoor capabilities which can open network ports to download and install additional malware threats onto the infected computer without your permission and it can bypass the detection and deletion by many security tools. Once downloaded, your computer will keep getting messages every 5 minutes from Avast about this virus is getting blocked. However, everytime when you take action to remove it, you will get the error like Error: Access denied (5) or others that stop you from deleting the virus. It is a disaster for all the users since the nasty virus will perform many evil actions after it is installed. It can steal confidential data from affected computer users and then use it for malicious activities. Besides, this virus can reduce PC performance and make your computer non responding to commands. Therefore, it is recommended users to get rid of this malicious virus as soon as possible.
1. Reboot your computer to safe mode with networking. As your computer restarts but before Windows launches, tap “F8” key constantly.
2. Show hidden files and folders.
Open Folder Options by clicking the Start button, clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
Click the View tab.
Under Advanced settings, click Show hidden files and folders, uncheck Hide protected operating system files (Recommended) and then click OK.
3. Open Registry entries. Find out the malicious files and entries and then delete all.
Attention: Always be sure to back up your PC before making any changes.
a. Press the “Start” button and then choose the option “Run”. In the “Open” field, type “regedit” and click the “OK” button.
b. All malicious files and registry entries that should be deleted:
%UserProfile%\Start Menu\Programs\Win32:Sirefef-PL [Rtk]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
If you failed to remove this Trojan with the instructions above or need any assistant, you are welcome to contact YooCare experts to resolve all the problems completely.
Published by & last updated on August 17, 2012 5:04 pm