Win32:Sirefef-AHF [Trj] is a terrible Trojan that slows down your computer and even make PC freeze randomly. It is a disaster threatens computer and makes PC work unstable. Such malware won’t come alone, it can open backdoor to invite other viruses such as Win32:Malware-gen and win32:downloader-pku. When the Trojan is executed, it will drop a file under Temporary folder of Windows. Next, it will make some changes on the affected computer including Windows registry. Tricky as this virus, it is able to disable security software from being deleted, modify system settings and gather confidential data to a remote hacker.
Besides those visible bad behaviors, Win32:Sirefef-AHF [Trj] still involves more potential threats that may ruin your system. It may open a backdoor on the infected computer and connect to a distant server as well as allow a remote attacker to gain an access on the affected PC. Moreover, this threat may mess up your system files then lead to unrepairable damage to your system. while this Trojan is running, your antivirus program such as Avast may detect the virus but will definitely fail to remove it. Hence, an immediate manual removal is required to remove the virus.
When Win32:Sirefef-AHF [Trj] is executed on the computer. It will drop several files on Windows system folder, User Profile, and Temporary directory. These files are harmful and typically consist of random file name which require expert skills to figure it out. It is recommended PC users to back up all your data before performing the guides below.
1. Show hidden files and folders.
Open Folder Options by clicking the Start button, clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
Click the View tab.
Under Advanced settings, click Show hidden files and folders, uncheck Hide protected operating system files (Recommended) and then click OK.
2. Open Registry entries. Find out the malicious files and entries and then delete all.
Attention: Always be sure to back up your PC before making any changes.
a. Press the “Start” button and then choose the option “Run”. In the “Open” field, type “regedit” and click the “OK” button.
b. All malicious files and registry entries that should be deleted:
%AllUsersProfile%\[random]
%AppData%\Roaming\Microsoft\Windows\Templates\[random]
%AppData%\Local\[random].exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[RANDOM]”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “[RANDOM].exe”
As mentioned above, Win32:Sirefef-AHF [Trj] should be regarded as a stubborn virus which makes user quite upset. They may spend a few days trying to remove the virus but still with no luck. Don’t ignore this tiny Trojan as it can do a lot of things such as invite Metropolita Police virus once downloaded. For example, it can drop and execute additional threat, open a remote shell, generate a list of running process on the system and create its own process for the Trojan. Even worse, it is able to steal sensitive information including user name and password, computer name, and system information. Form here we can know this virus is a fatal virus should be deleted as soon as possible.
Published by on August 20, 2012 1:30 pm, last updated on May 24, 2013 5:22 am
Leave a Reply
You must be logged in to post a comment.