Monday, 27 May 2013

File "contained a virus and was deleted" removal, Sirefef blocks downloads in IE9/IE10

"[filename].exe contained a virus and was deleted." message may occur when your computer is infected with the Sirefef (ZeroAccess) malware. So, every time you try to download antivirus software onto your computer, even from Microsoft's website, this malware announces the program has a virus and will not allow you to download it. It may block other programs as well, for example CCleaner. You may end up in a situation in which you can't download a thing. This new anti MSE/Windows Defender module affects Windows 7/8 users using Internet Explorer 9 and 10. Here's an example of the fake Sirefef message I got when trying to download SUPERAntispyware onto my computer:

Self-defense modules are nothing new for the Sirefef malware which generates revenue for the cyber criminals, mostly by mining for bitcoins and perpetrating click-fraud. The current malware dropper changes security permissions, removes or corrupts Windows Defender, disables Windows "Action Center" and then drops the payload of the Blackhole Exploit Kit (most of the time, but may be anything else). As far as I can tell the payload hasn't changed, so it seems that cyber criminals decided to improve self-defense modules and keep as many infected computer as possible. By the way, just a few days ago Microsoft announced that roughly 500,000 machines were cleaned of Sirefef. Maybe this is how cyber criminals try to fight back.

In order to fix "[filename].exe contained a virus and was deleted." infection and stop this fake message from showing up and blocking software downloads you need to remove the Sirefef malware from your computer. If you are using Microsoft Security Essentials or Windows Defender you will have to reinstall them. Since you can't use these programs to remove Sirefef you will have to download the programs listed below using Chrome, Firefox or any other web browser. If you can't then download the files requested in this guide on another computer and then transfer them to the infected computer. To remove this malware from your computer, please follow the removal guide below. If you have any questions, please leave a comment. Good luck and be safe online!

Written by Michael Kaur,

Sirefef malware removal instructions:

1. Please reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key.

NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Download recommended anti-malware software (direct download) and run a full system scan to remove Sirefef malware from your computer.

3. Reboot your computer as normal. Download and run TDSSKiller. Press the button Start scan for the utility to start scanning.

4. Wait for the scan and disinfection process to be over. Then click Continue. Please reboot your computer after the disinfection is over.

5. Download the ESET ServicesRepair utility and save it to your Desktop. Double-click ServicesRepair.exe to run the ESET ServicesRepair utility. If you are using User Access Control, click Run when prompted and then click Yes when asked to allow changes.

6. If you are using Microsoft Security Essentials, you should reinstall it.

7. That's it! You should be able to download software without any problems and fake virus notifications. If you still have problems, please leave a comment below.

No comments:

Post a Comment