Jump to content


  • Content Count

  • Joined

  • Last visited

About Romanejo

  • Rank
  1. It took me most of a week to suspect, and then figure out, that it was a false positive, but only by diligent, skeptical searching and willingness to even accept what I was reading and what it meant: that SAS got it VERY wrong this time. Everywhere I read it, those affected were only SAS users, and only SAS was calling afd.sys "sirefef" while all other programs came up clean (Google isn't the only way to search). I will send in a report, however. (I looked about and found a way to do so.) I feel very shaken at the bullet dodged! I didn't have the time I spent on this, so other essential things got put aside. I didn't have the money to pay a professional, but if I had been an average user it would have been a huge expense based on the hourly rate alone to sort this out (oops, they wrongly assumed it was valid, had to restore my OS, drivers, programs... or spent the same hours to get the same answer to ultimately do nothing but have to charge anyway, which is what happened to others). As time permits I'm actively investigating my choices in methods of partitioning to have both Windows and Xubuntu on this machine - it would seem a worthwhile use of my time and certainly one way to keep the little grey cells exercised.
  2. Similar problem in parallel section of forum, and my results, in case it helps anyone to know. https://forums.superantispyware.com/index.php?/topic/7001-trojanwin32sirefef/page__hl__gen-sirefef__fromsearch__1
  3. I had this suppposed sirefef "trojan" show up on 2 XP laptops on the same day and both referred to rrbackups\fr\uf\windows\system32\drivers\afd.sys, but in both cases I also ran complete scans with MBAM and Microsoft Security Essentials, but for neither computer did those programs find ANYTHING - clean as a whistle. For one computer I actually let SAS clean the computer, but then felt very uneasy and refused to do the restart right away. Far too many of my searches gave me 2 diametrically opposite answers: 1. This is a dangerous trojan and 2. This is a dangerous false positive and it is going to cost you because afd.sys is a system file and without it you could have considerable trouble getting internet anymore (Microsoft and others). I spent days carefully protecting my data and preparing for the worst on that one computer (the other I closed and left alone for now, but I had a 3rd "safe" one to use). I even copied the entire drivers folder since I could still see the file and hoped that would be enough if I needed to try to copy it back. Then I restarted it. It was actually both worse and better than I feared. Worse, because I could no longer even get to the Windows logon! Better, because it asked me if I would like to try starting with an earlier restore point and I had actually made one a while back and I had something to get me back with! Hallelujah! (I must remember to make restore points more often!!) Without that I would be out a lot of time and money getting everything back. I have used SAS Free for years, but now I get heart palpitations even thinking of using it considering how close I came to utter disaster. Sorry guys, you're getting mothballed for a while until I see a LOT of TRANSPARENCY and mea culpas about how such a horrid error could occur in what used to be a very reliable program. IF I feel it necessary to run a scan with SAS it will be only as a secondary program at best, and I will be VERY cautious and skeptical about any alarming results. I have recently started making forays into the world of Linux and have found Xubuntu very user friendly and easily modified to resemble/behave like XP and if I get enough solutions to my particular needs I may just decide to ditch the whole virus/ad-ware/spyware/trojan anxiety and retreat into the cheaper, less-time-wasting, quieter, safer world of Linux where I can work WITHOUT ALL THIS DRAMA!!!
  • Create New...