Monday, September 24, 2012

Melbourne Brisbane Computer Repairs, Website design & SEO

Melbourne Brisbane Computer Repairs, Website design & SEO

Link to Computer Help

sirfef.y is very difficult to remove

Posted: 23 Sep 2012 11:45 PM PDT

Back in June 2012, I was looking at an infected PC, and after running Malwarebytes, it looked like the PC was clean.

But after a restart, Microsoft Security Essentials reported that it had found sirfef.y, and that it would remove it.

After removal, the computer would give a 60 second grace period before restarting.

I first thought that the 60 seconds was MSE forcing a restart.

But it was actually sirfef.y restarting the PC to prevent anything from removing it.

Since sirfef.y is a rootkit, most standard security tools struggle to remove it.

I tried a few different tools (all had to be run from safe mode, to avoid the 60 seconds before a reboot), but tdsskiller and a few others either wouldn’t detect it, or would not be able to remove it.

After a lot of research, I eventually had to use a tool like gmer… then interpret the results, and then manually remove the rootkit files responsible for the infection.

Certainly not something an average (or even an advanced) PC user would be able to do.

With infections like this on the rise, I’m starting to wonder how much worse this can get, and if the PC security companies can do anything to improve their products, to defend against this type of infection?

Related posts:

  1. Malware that’s ***really*** difficult to remove I’ve just fixed a badly infected computer system. It was...
  2. Stupid HP share-to-web upload folder (and how to remove) I recently purchased another (I must be a masochist!) HP...
  3. uninstall / remove CA internet security, then parental control blocks the internet Customer uninstalled the CA internet security from his vista laptop....

Posted by funjoke at 12:04 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)