Trojan.sirefef.fy Options

[Foot Doc]

Hello (IMG:style_emoticons/default/smile.gif)

Welcome to the forums!

I have posted new removal tools for Sirefef over here:

http://forum.bitdefender.com/index.php?showtopic=29525

Please run it and after, send me a BDSYS log.

[how to GENERATE A BDSYS LOG]
. Save and extract the BDSYS tool to a location of your choice:

http://www.bitdefender.com/files/Knowledge.../BDSysLog_i.exe

. Make sure you close all active applications and then run "BDSysLog_i.exe"; If you receive a firewall
alert,select to Allow the application to connect;
. Click the "Create log" button to start generating the
log; A progress bar is indicating that the tool is creating the report;
. When the small window appears with the message "Log
saved" then the report is complete and a new file named "bdsyslog.zip" has appeared on your Desktop;
. Upload that file on

http://www.sendspace.com

or

http://www.mediafire.com

and send me a PM with the download link.

If you were already asked to generate the log file, disregard the message above and just post the ticket ID.

IMPORTANT:

.During this process the Real Time Protection in Bitdefender must be temporarily disabled;
.If you receive a Bitdefender Firewall alert to inform you that BDSysLog_i.exe tries to connect to the internet,then you need to select Allow;

[how to DISABLE THE ANTIVIRUS PROTECTION in Bitdefender 2012]
In order to disable the antivirus protection, please open Bitdefender and click the "Settings" button in the upper side part of the interface"; In the new window go to "Antivirus" > "Shield" tab and click on "ON" under On-access scanning. Select the time interval that suites your troubleshooting needs and click "OK". The On-access scanning should be enabled back after finishing the troubleshooting procedure.

[how to DISABLE THE ANTIVIRUS PROTECTION in Bitdefender 2013]
In order to disable the antivirus protection, please open Bitdefender and click the "Settings" button in the upper side part of the interface"; In the new window go to "Antivirus" > "Shield" tab and click on "ON" under On-access scanning. Select the time interval that suites your troubleshooting needs and click "OK". The On-access scanning should be enabled back after finishing the troubleshooting procedure.

We will get back to you as soon as the analysis is complete.

Have a nice day.

I too have the Trojan.sirefef.fy infection while running a fully up todate Toyal Internet Security 2012!
I have tried the removal tool posted under Greenhorns thread and it did not work or show the infection, yet the normal scans do but cannot disinfect nor quarantine the infection. I also tried the windows file cleaner the sfc/scannow from command prompt thing...it will not even start even from administrator command prompt!

I get the same desktop.ini notepad window popping up in starting my pc. Nothing you have mentioned has worked! I sent in my log. Via BDAMST.zip yesterday and have received no response!!! That PC is my main work pc! It has over 2000 patient files on it!
Why haven't I received a response yet? Entering day 2 of work without my PC!
Help PLEASE!!!!!

[Christian]

Hi (IMG:style_emoticons/default/smile.gif)

Welcome to the forums!

Yesterday we compiled new removal tools for Sirefef:

Please download one of the following versions and scan your PC:

32 bit:
http://www.mediafire.com/file/vei9nrw4kwun...fef_sfc_x86.exe

64 bit:
http://www.mediafire.com/file/17lpf0ceyaja...fef_sfc_x64.exe

If you want to download them, please press the green button under the file name.

[How to check if your computer is a 32bits or 64bits]
Please right click on the icon MY COMPUTER / COMPUTER located on your desktop and go to PROPERTIES. There, under system information and computer
information you will see a notification about your computer being a 64bits. If none (nor one about 32bits ) then your computer is a 32bits one.
Note:
- if using Vista or 7 you will see if your computer is either 32bits or 64bits.
- if using XP you will only see it mentioned ONLY if your computer is a 64bits.

After the first reboot, update Bitdefender and run a full system scan. Let me know if everything is OK after.

Take care.

[Foot Doc]

Hello Christian!
As I mentioned in my post, I already tried that removal tool this morning! It had NO affect!
I still cannot connect to Internet, cannot update bit defender, cannot use anything audio, cannot, cannot cannot! No email, and I dare not open anything sensitive personally in nature for fear those files will get corrupted which means I cannot open even my Outlook for calendar or contacts!!

Your tool doesn't help me! :'(

Any other ideas?

[Foot Doc]

Hello again!
I have used the removal tool twice now and run 2 full virus scans. The full virus scan now takes almost 4 hours which is crazy!
Results... Still infected!
I have managed on my own to re enable my Internet connection and have downloaded and completely updated the bit defender definitions etc. BUT the scan still shows the infection AND the desktop.ini notepad window still pops up when the computer boot_s!!

How is this virus going to be eradicated ????

This has already destroyed 2 days of work and will be starting a 3rd in the morning!
PLEASE Help!

[Christian]

Hello (IMG:style_emoticons/default/smile.gif)

Last night we introduced new detections, please run Update by right clicking on the system tray icon (last option, Update now).

Rerun please another scan and send me the scan logs.

[how to COLLECT A FULL SYSTEM SCAN LOG from Bitdefender 2012]

This is accomplished by running the Support tool file that can be downloaded from this location:

http://www.bitdefender.com/files/Knowledge...or_scanlogs.exe

Save the file prior to running it and to continue you need to accept the terms of use.
At the end of this process an archive will be created on your Desktop starting with bdamst.

Upload that file on

http://www.sendspace.com

or

http://www.mediafire.com

and send me a PM with the download link.

Have a nice day!

[Christian]

Hello (IMG:style_emoticons/default/smile.gif)

Please check my answer from here:

http://forum.bitdefender.com/index.php?sho...st&p=150971

Thank you very much. Have a great weekend!