Jump to content
radamo

Trojan:win32/sirefef

Recommended Posts

Windows Defender Alert detected this trojan. I have updated my SuperAntiSpyware twice and run complete scans and nothing has come up, yet this alert keeps popping up.

What should I do? Why won't my SuperAntiSpyware detect this and remove it?

Robin

Share this post


Link to post
Share on other sites

Hi Robin ,

Type MRT into the search bar on the start menu and run a Full scan.

When it has found and removed the Virus/Rootkit, get yourself a decent AV. Windefender and SAS are just Antispyware scanners. (unless you are using Win 8 in which case Windefender is the name given for MSE).

Share this post


Link to post
Share on other sites

Thank you for the suggestion. I tried it but it did not work. The MRT scan did not pick it up either. I downloaded PC Tools Spyware Doctor which identified the virus and removed it immediately.

Share this post


Link to post
Share on other sites

I had this suppposed sirefef "trojan" show up on 2 XP laptops on the same day and both referred to rrbackups\fr\uf\windows\system32\drivers\afd.sys, but in both cases I also ran complete scans with MBAM and Microsoft Security Essentials, but for neither computer did those programs find ANYTHING - clean as a whistle.

For one computer I actually let SAS clean the computer, but then felt very uneasy and refused to do the restart right away. Far too many of my searches gave me 2 diametrically opposite answers:

1. This is a dangerous trojan and

2. This is a dangerous false positive and it is going to cost you because afd.sys is a system file and without it you could have considerable trouble getting internet anymore (Microsoft and others).

I spent days carefully protecting my data and preparing for the worst on that one computer (the other I closed and left alone for now, but I had a 3rd "safe" one to use). I even copied the entire drivers folder since I could still see the file and hoped that would be enough if I needed to try to copy it back. Then I restarted it. It was actually both worse and better than I feared. Worse, because I could no longer even get to the Windows logon! Better, because it asked me if I would like to try starting with an earlier restore point and I had actually made one a while back and I had something to get me back with! Hallelujah! (I must remember to make restore points more often!!) Without that I would be out a lot of time and money getting everything back.

I have used SAS Free for years, but now I get heart palpitations even thinking of using it considering how close I came to utter disaster. Sorry guys, you're getting mothballed for a while until I see a LOT of TRANSPARENCY and mea culpas about how such a horrid error could occur in what used to be a very reliable program. IF I feel it necessary to run a scan with SAS it will be only as a secondary program at best, and I will be VERY cautious and skeptical about any alarming results.

I have recently started making forays into the world of Linux and have found Xubuntu very user friendly and easily modified to resemble/behave like XP and if I get enough solutions to my particular needs I may just decide to ditch the whole virus/ad-ware/spyware/trojan anxiety and retreat into the cheaper, less-time-wasting, quieter, safer world of Linux where I can work WITHOUT ALL THIS DRAMA!!!

Share this post


Link to post
Share on other sites

It took me most of a week to suspect, and then figure out, that it was a false positive, but only by diligent, skeptical searching and willingness to even accept what I was reading and what it meant: that SAS got it VERY wrong this time. Everywhere I read it, those affected were only SAS users, and only SAS was calling afd.sys "sirefef" while all other programs came up clean (Google isn't the only way to search). I will send in a report, however. (I looked about and found a way to do so.)

I feel very shaken at the bullet dodged!

I didn't have the time I spent on this, so other essential things got put aside.

I didn't have the money to pay a professional, but if I had been an average user it would have been a huge expense based on the hourly rate alone to sort this out (oops, they wrongly assumed it was valid, had to restore my OS, drivers, programs... or spent the same hours to get the same answer to ultimately do nothing but have to charge anyway, which is what happened to others).

As time permits I'm actively investigating my choices in methods of partitioning to have both Windows and Xubuntu on this machine - it would seem a worthwhile use of my time and certainly one way to keep the little grey cells exercised.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...