Help me remove Trojan Win64/Sirefef.Y

My computer is infected with Trojan Win64/Sirefef.Y. I believed, this virus is part of the email I opened earlier. Microsoft Security Essentials first detected the threats. Later on, my antivirus also shows alert for the same virus. MSE automatically was able to detect and remove it. However, it requires a reboot to finish the process. MSE will display a message “Trojan Win64/Sirefef.Y Removed: You are about to be logged off.”

The computer restarts on itself. After it loads Windows, the same thing occurs. MSE will detect the Trojan and restart the computer. I am in constant loop. I don’t know what to do to be able to remove Win64/Sirefef.Y completely and stop the restart process.

I have search the net regarding this Trojan and found that this is a common topic on every forums. It seems that this is a widely spread infection. Forums are giving specific solution for each user and I don’t have extra time to submit and analyze my log file.

Please help me. Is there any removal tool for this Trojan? I need to get this computer up and running as soon as possible.

By the way, my computer is Dell N5010, running under Windows 7.

Thanks,
Ana

5 Responses

  1. yorkituser says:

    I am a LAN admin for a medium-sized company. Every time that Sirefef and Zeroaccess attacks our workstation, I used these tools. So far, they are effective.

    Procedure 1: Scan with Panda’s Yorkyt Disinfection Tool1. Download yorkyt.exe disinfection tool from this link.
    http://www.pandasecurity.com/resources/tools/yorkyt.exe

    2. Save the file to specific location on your hard drive. To access the file easily, we suggest saving it to your desktop.
    3. It will advise you to reboot the computer. This is necessary to install some files on the system.
    4. The tool will request another reboot to complete the disinfection process.
    5. After it remove Sirefef Trojan, it will display a message. Please accept the message to finalized the process.

    Procedure 2: Scan with Microsoft Safety Scanner
    1. Download Microsoft Safety Scanner from this link.
    http://www.microsoft.com/security/scanner/en-us/default.aspx

    2. Save the file on your desktop or any folder where you can access the file easily.
    3. This is quite a big file (70MB), so it will take some time to download.
    4. After completing the download, run the program. You don’t need to update it. The package already contains the latest database and you can only use it for ten (10) days. If you want to run the tool after this period, you need to download the file again.
    5. After the scan, remove all identified items.
    6. Restart the computer when prompted.

    It would be better if you can re-run these scans in Safe Mode. Also, run a scan with your installed antivirus program to make sure that there are no more leftover of Win64/Sirefef.Y Trojan.

  2. smashinrobin says:

    As far as I remember, there is also a Sirefef removal tool from Eset. However, I can recall that it only supports up to Windows Vista 32bit. Check their website for some updates.

  3. jerm says:

    this is good info. however if my computer reboots every minute I don”t have time to download any of these tools. I can’t seem to find the file that makes the computer reboot every minute. Any ideas?

  4. plesky says:

    Jerm, how about in Safe Mode with Networking? If that is your case you neet to use Kaspersky Rescue Disk. This tool can make a bootable virus scanner. Though, you still need a separate PC to download and create the drive.

  5. Dan Ambroise says:

    I had this problem and here’s what I did
    Went into BIOS and changed boot sequence to CD first, hard disk second.
    Put in my win7 install disk and then (from Bios) click save and reboot
    It now boots from cd to win7 install
    There is an option to REPAIR. Choose this.
    There is a pop up option asking if you want to restore original or something like that.
    Choose NO.
    It will lauch the repair process and won’t delete anything but fixes system files only.
    remove CD and reboot again.
    problem solved. ran complete scan using MSE and it will find and destroy your rootkit virus.
    Let me know if this helped.