Friday, 5 April 2013

Remove Sirefef.gen!C and associated malware

Sirefef.gen!C is a generic detection of the Sirefef rootkit which can steal passwords and other sensitive information. Imagine if there was someone who was watching every move you made on your computer. Someone who knew exactly which websites you were looking at, knew the content of all your files and documents and who had access to your passwords, user names and log in information. Sounds like something out of George Orwell’s famous novel 1984 where Big Brother was the all seeing eye that knew everything about everybody doesn’t it? But in actual fact it can be a reality for anyone who is unfortunate enough to have been hacked by someone using this rootkit.

So what is a rootkit? If you haven’t heard of this term before, it is certainly something to know a little more about so that you can protect yourself from one of the most serious computer crimes currently around. The clue to what a rootkit is and does is in the name: in the simplest terms this is a set – or a kit – of processor utilities and tools that enables someone to monitor and maintain the files and activity on your PC at its most root core. Sirefef.gen!C is even more sophisticated. It has various modules that can load popup ads on your computer and redirect your browser to malicious or spammy websites.

And the worse thing about a rootkit is that it is almost completely undetectable. I mean without using anti-rookit and anti-malware software. Sounds scary but in actuality a rootkit cannot be described simply as malware (i.e. malicious software) as it can be used for rather more innocent purposes as well as for hacking. For example an employer, concerned parents or a law enforcement agency could use a rootkit to monitor its workforce, children or suspected criminals. The ethics of this may be debated but where rootkits really garner attention is when they are used in illegal or suspect activity.

But first things first, how does the Sirefef.gen!C end up on your computer? Well, it can be installed by a virus or a Trojan – a piece of malicious software which has been disguised as a normal application. In this case, it's named TrojanDropper:Win32/Sirefef.gen!C. As its name suggests, this dropper Trojan installs Win32/Sirefef.gen!C virus on the affected machine. You may have clicked on a link in an email from an unknown sender or opened an infected file or email attachment; any of these could have been designed to install a rootkit on your PC or laptop.

So what can a hacker who has installed this rootkit on your computer do? Well, they pretty much have access to anything and everything that you have saved and can see everything that you do. Once a rootkit is installed on your computer the hacker will have access to all of your information and can use this to spread throughout your network collecting different passwords and user names to create new personas for him or herself. This is called creating a DoS – a Denial of Services and means that they can then target and attack other computers remotely via yours, without the target knowing their identity.

The hacker will enter your computer system using ‘back door entry’ which basically means that it’s undetectable. They will also alter and change the log files and administrator tools to further avoid detection, making it very difficult to know that someone other than you, or other authorized users has been in your system.

So how do you know if you have been hacked and someone has installed a rootkit on your computer’s system? Unfortunately it is not that easy to tell however if you’ve spotted some unusual activity such as popups and Chrome redirects, ports that you didn’t open suddenly appearing or other bizarre behavior then you may well have been hacked.

And although it is also equally difficult to avoid being the victim of a rootkit, there are steps that you can take to try and do your best to prevent it from happening. Make sure you have reputable antivirus and security software installed on your PC or laptop and make sure that the version and patches are always up to date. Remember never to click on any link or open an attachment in an email from a sender that you do not know or trust.

Finally, if you do suspect that you have had Sirefef.gen!C rootkit installed on your computer, I recommend following the removal instructions below. While it's a rather sophisticated malware it can be removed in a few minutes if you know the right tools and how to use them. I'm afraid manual removal is almost impossible unless you are a computer genius. So, don't waste your time and if you want to remove Sirefef.gen!C virus completely, follow the step in the removal guide below. Yes, it’s a pain, but at least you know that you know that you are not being monitored by someone with malicious intentions. And one ore thing, if one or more of your accounts have been hacked, change your passwords immediatily. Please read my post about strong passwords.

Written by Michael Kaur,

Sirefef.gen!C virus removal instructions:

1. Download and run TDSSKiller. Press the button Start scan for the utility to start scanning.

2. Wait for the scan and disinfection process to be over. Then click Continue. Please reboot your computer after the disinfection is over.

3. Download recommended anti-malware software (direct download) and run a full system scan to remove the remnants of this virus from your computer.

No comments:

Post a Comment