Sirefef is a cruel fake antivirus tool that belongs to the Trojan family. There are different components of the family for performing different jobs, such as installation of the updates and additional malware, hiding from the system and then running pay loads. It is classified as Dropper Trojan. Pop up advertisements that disrupt the user of the computer and some of them also destroy your data, might be displayed by the Sirefef. Some other variants are also used to gather personal information related to the finances, usernames and passwords, etc. and can also open remote access connection to the infected computer.

Sirefef rogues can be received from the exploit kits such as the Blackhole one. These kits are used to identify versions of the browser and to display suitable contaminations that affect the PC.  But if the system does not have the known exposures, the infection does not succeed. Sometimes, one does not realize the infection taking place. While in other cases, installation is hidden as an update of adobe, Windows media player or any other software’s update etc. so in such cases one cannot see what is being installed. Besides that, Sirefef and other Trojans are dispersed through paid advertisements as fake flash and other software’s updates.

Symptoms of Sirefef:

The following are the symptoms showing that your computer system is infected with Sirefef.

  1. Redirection of the Google and yahoo searches or change in the desktop background image and browser homepage, the person might be having Sirefef on the PC.
  2. Slow working of the computer including the speed of the opening programs, shutting down the PC or slow speed internet or if it seems that the PC is stuck.
  3. Many unwanted pop ups.

Note: Sirefef can also rename or replace the system files. These renamed and replaced files may vary so you need to know the infected files and processes before deleting them. Though it is very tough, but it is equally important to remove the Sirefef parasite from your computer system.

Presence of such files like logevent.dll and win32k.sys might show that the system is infected with Sirefef family but one should confirm it by using the software.

Like other parasites Sirefef can also be prevented by the installation of the strong antivirus or anti-malware application. It is easy to prevent it than to cure it like other parasites.

Remove Sirefef Registry entries

  1. Click on Start then click on the option Run.
  2. Type regedit in the space and click Ok.
  3. This will open the registry editor note that there will be two panes there.
  4. Select the left panes in the registry editor and click on Edit from the top menu.
  5. Now select the option Find and type in the registry values then press enter.
  6. Right click on the registry values and select the option Delete.
  7. The sirefef registry values that should be removed instantly are:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{random characers}.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\{random characers}.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\{random characers}.exe

{malware filename}=%Aplication Data%\{malware filename}.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer”NoDesktop” = ’1′

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random].exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\[random numbers]

Remove Sirefef files

  1. Go to start and click on Run.
  2. Type cmd and press enter.
  3. Or you can either go to Start; then select the option ‘All programs’.
  4. Click on the option ‘Accessories’.
  5. Now click on the ‘Command prompt’.
  6. Type the complete path of the win32k.sys file.
  7. When the file opens; type ‘regsvr32 /u [dll_file_name]’ and press enter.
How to Remove sirefef?
Tagged on:                     

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>