Title: Sirefef
Type: Trojans
Also known as: Trojan.Sirefef, sirefef.ac, sirefef.b, win32/sirefef, win64.sirefef

Remove Sirefef
Removal instructions

 
Severity scale:Sirefef severity is 30  (30 / 100)
 

Sirefef is a Trojan family that includes different types of parasites, which does different things. Every version has it’s own task, like one component opens all firewall blocks, another downloads malicious files and updates from the internet, then the other tries to hide them all from the system. Some other versions redirect web traffic generate pay-per-click traffic and show annoying pop ups.

It is very important to remove Trojan Sirefef from your computer, because it may not only use your computer and internet resources for illegal purposes, but it can also delete files on your system, find sensitive information, like passwords, financial information and send them to a remote server, where cybercriminals can use them. Additionally it may open a remote control connection to your PC.

If you will not remove Trojan Sirefef from your PC, it will continue to change your registry settings and other important windows files, which might cause your computer crash. Additionally, it will make your computer much slower, and you might find it difficult to browse the internet,
or use search engines, to find information.

Sirefef in PPC results in Bing and Yahoo

Microsoft does not look enough to their paid results and Yahoo shows paid results from Bing. Guys at GFI labs cought Sirefef in their PPC results. If you would search for adobe flash player in Bing and Yahoo,  you would get these results some time ago. They look innocent, but if you try to get the flash update from there (in this case from getadobeflash.com), you would be redirected to page which looks like a page to get flash.

Sirefef in Bing paid results

The page you will land looks like official page from Adobe, where you can get the updates. The small difference is that it is not a page from Adobe. It redirects to a directory on fake site arulbrothers.com, downloading a file from torreandaluz (dot) com/flash/Flash Player 10 Setup.exe. After checking this file on Virustotal.com, GFI found Sirefef.

fake flash update

How to get rid of Sirefef virus?

Sirefef kills any attempt to remove it, and is nearly impossible to clean. Luckily antispyware developers found the way to delete Sirefef trojan for the PC system. Bad news is that manual removal instructions will not work, as Sirefef mutates, but you can use automated solution. For removal of Sirefef trojam we advise to use SpyHunterSTOPzilla or Malwarebytes Anti Malware.

Automatic Sirefef removal:

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use.
By downloading any of provided Anti-spyware software to remove Sirefef you agree with our Privacy Policy and Agreement of Use.
SpyHunter is recommended remover to uninstall Sirefef. You should confirm using free trial that it detects current version of parasite.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

If you failed to remove Sirefef using SpyHunter, submit question to our support team and provide as much details as possible.
dot
STOPzilla
download
manual required
We are testing STOPzilla's efficiency at removing Sirefef (2012-05-16 09:14:15)
dot
Malwarebytes Anti Malware
download
manual required
We are testing Malwarebytes Anti Malware's efficiency at removing Sirefef (2012-05-16 09:14:15)
dot
XoftSpySE Anti Spyware
download
manual required
We are testing XoftSpySE Anti Spyware's efficiency at removing Sirefef (2012-05-16 09:14:15)
dot
Defender Pro Ultimate
download
manual required
We are testing Defender Pro Ultimate's efficiency at removing Sirefef (2012-05-16 09:14:15)

what to do if you failed to remove the infection?
Virus Removal
Phone Support
Help Line to remove Sirefef
Sirefef snapshot:
Sirefef snapshot

Sirefef manual removal:

Kill processes:
%windir%\PCHealth\HelpCtr\Binaries\HelpSvc.exe
Unregister DLLs:
c:\windows\system32\logevent.dll
c:\windows\system32\logevent.dll

Delete files:
%systemdrive%\windows\system32\logevent.dll
%systemdrive%\windows\system32\logevent.dll
%systemdrive%\windows\win32k.sys:1
%systemdrive%\windows\win32k.sys:2
%commondocuments%\Thumbs.db

Geolocation of Sirefef:

This map reveals the prevalence of Sirefef. Countries and regions that have been affected the most are: Spain, Canada, Italy, Germany and United States.

QR code for Sirefef removal instructions:

Sirefef qrcode
QR is short for Quick Response. They can be read quickly by the mobile phones. QR codes can store more data than standard barcodes, including url links, geo coordinates, and text.

The reason we add QR code to the website is that parasites like Sirefef are really hard to remove on infected computer. you can quicly scan the QR code with your mobile device and have manual removal instructions to uninstall Sirefef right in your pocket.

Simply use the QR scanner and read removal instructions from mobile device.

Removal guides in other languages

Information added: 2013-09-24 07:01:51
Information updated: 2013-09-24 07:01:51

Additional resources:

Attention: If you know know a reputable website reated to security threats, please add a link here: add url

0
0
Richard
i cant access the internet, probably because of the virus. Can i download spyhunter in safe mode
0
0
Mike in IT
Malwarebytes didnt even detect it. We have Forefront and it gets detected, but after removal it just comes right back in only a couple of minutes.
0
0
ash
malwarebytes did not find it at all..it found trojans and some other thingy...i went to www.freeavg.com and downloaded thier free one and it found sirefef and got rid of it in no time.

Post Comment:

Attention: Use this form only if you have additional information about Sirefef parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.
Home page Name



«


* All field required
Like us on Facebook
Latest spyware news:
Subscribe to spyware news
Please enter your e-mail address:
If you do not want to receive our spyware
newsletter please unsubscribe here
48643 Subscribers
Ask us
I failed to remove Sirefef using SpyHunter.

Email


Close

Spreading the knowledge:

It is very hard to fight against computer parasites on the Internet alone. If you have a website, we would be more than happy if you would like to cooperate and help us spread the information about latest threats. Remember, knowledge is the most powerful weapon. Help your visitors protect their computers!
add text box
rss feed
help other