Link to home
Start Free TrialLog in
Avatar of SqueezeOJ
SqueezeOJFlag for United States of America

asked on

How can I get rid of Sirefef.gen!C Virus?

Running Vista 32-bit.

Chrome reports that I have the Sirefef.gen!C virus and that any secure login credentials could be compromised.

It also says that Microsoft Security Essentials "reportedly removes it."  Problem is that every time I try to download it, my browsers reject it as a virus.  I'm sure this is the virus trying to protect itself.  So, I need help removing this virus.

Can I download Microsoft's Security Essentials for 32-bit Vista via FTP?  If so, then how and where?  (The http link: http://windows.microsoft.com/en-us/windows/security-essentials-download.)

Any other ideas on best way to remove this virus?
Avatar of aadih
aadih
Flag of United States of America image

Take a look here for solution(s):

https://www.experts-exchange.com/questions/28119810/ZeroAccess-Trojan-Win64-Sirefef-AE.html >

But, since you have a 32 bit system, first I'd try the "ZeroAccess removal tool":

http://blog.webroot.com/2011/08/03/new-tool-released-kiss-or-kick-zeroaccess-goodbye/ZeroAccess removal tool >

Then I'd run MalwareBytes AntiMalware (free) to scan and clean (from safe mode if necessary and then in the normal mode also).

Then I'd run TDSSKiller.
Avatar of Haresh Nikumbh
How to manually delete Virus:Win32/Sirefef.gen!C?

To get rid of this virus, you need to search for and terminate its malicious program files, processes, .dll files and registry entries completely one-by-one. Please follow this guide here to start.

Step1. Press CTRL+ALT+DELETE to open the Windows Task Manager. Then stop all processes.

Step2. Click on the Processes tab, search for Virus:Win32/Sirefef.gen!C then right-click it and select End Process key.

Step3. Click Start button and select Run. Type regedit into the box and click OK to proceed. Once the Registry Editor is open, search for the registry keys and Delete them.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\”Shell”=”[SET OF RANDOM CHARACTERS].exe”
HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\MsConfig\startupfolder\[random names]

Step4. Search for infected files and delete it manually.

%AppData%\[random].exe
%Windows%\system32\[random].exe
ASKER CERTIFIED SOLUTION
Avatar of nobus
nobus
Flag of Belgium image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of SqueezeOJ

ASKER

This is exactly what I was looking for.
and what was the solution you have choosen? just curious
I attached the hard drive to another PC and ran a scan from there. Very easy compared to battling it head on. Thanks all for time & thought!
ok -  tx for updating us