Trojan.Sirefef virus, problems removing it

[iDennisW]

Since a couple of days, Microsoft Security Essentials has been giving alerts about Trojan.Win32(and 64)/Sirefef.(various shit)

Says it succeeds in removing them but they return every couple of minutes. Reboot after removal didn't help a thing, nor running Malwarebytes and TDSSkiller.

Any advice? Preferably some fancy combofix method with logs, conventional antivirus solutions haven't shown to help so far.

Thanks in advance!

 

[windude99]

Since a couple of days, Microsoft Security Essentials has been giving alerts about Trojan.Win32(and 64)/Sirefef.(various shit)

Says it succeeds in removing them but they return every couple of minutes. Reboot after removal didn't help a thing, nor running Malwarebytes and TDSSkiller.

Any advice? Preferably some fancy combofix method with logs, conventional antivirus solutions haven't shown to help so far.

Thanks in advance!

Try running Malwarebytes in Safe Mode and be sure to remove everything that comes up (make sure their checkboxes are enabled) Also, clear out all of your browser's cache. In Internet Explorer, click on the gear in the top right and select internet options. Then, find where it says browsing history in the middle of the page and click on delete. In the window that pops up, check all of the checkboxes except the one at the top that says "preserve favorite's website data" and select delete.

 

[iDennisW]

Cleared the cache, went into safe mode to run MalwareBytes but it shut down the computer halfway through the scan twice in a row; weird.

Anyway, MSE is still detecting the trojans every couple of minutes, got any more suggestions?

 

[Borg 386]

In a case where a PC is compromised by a rootkit, your best & safest option is to do a clean install. Cleaning out a rootkit isn't easy and there's always the chance that something was left behind.

http://www.sevenforums.com/tutorials/1649-clean-install-windows-7-a.html

If however you do not have this option or wish to try & save the PC, have a look at this site & follow the directions:

How to completely remove ZeroAccess/Sirefef rootkit (Removal Guide)

If the infection is still present, try running one of these tools:

Trojan.Zeroaccess Removal Tool | Symantec

This tool is designed to remove the infections of Trojan.Zeroaccess and Trojan.Zeroaccess.B.

Norton Power Eraser (This tool includes a rootkit scan)

Norton Power Eraser | Free Tool |Easily remove scamware that traditional virus scanning can

Because Norton Power Eraser uses aggressive methods to detect threats, there is a risk that it can select some legitimate programs for removal. You should use this tool very carefully. If you accidently remove a legitimate program, you can run Norton Power Eraser to review past repair sessions and undo them.