Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Sirefef - 0Access Removal

  • Please log in to reply
No replies to this topic

#1 NDSupport


  • Members
  • 5 posts
  • Gender:Male
  • Local time:02:02 PM

Posted 01 July 2013 - 08:27 AM

Good morning, all!


It seems this virus is the next cool thing as most of the machines we've seen in our office have severe damage and traces listing 0Access/Sirefef.  It also seems the malware comes bundled with a faux-Anti-Virus program, "System Care" (A fake AV that seems to be months old.) We've noticed some of the damage that comes with 0Access and Sirefef is severe services issues, missing or corrupted.  I just wanted to put this on the site (As I use Bleeping Computer for a lot of referencing but I don't see this in the downloads section)




Eset has a reset to the services damaged by the malware as well as a quick trick to help fix the Windows Defender issue that comes about with the malware.  We've used it on the last couple machines and applications like "RKill" and a proprietary PXE no longer list issues related to base services, and the services have returned to the services.msc list.


(Must run in CMD with switch "/r")


Bit Defender also has a removal tool,




I hope this helps those select few that become infected with the malware and they're able to remove and repair the OS without having to restore!




Edited by NDSupport, 01 July 2013 - 08:45 AM.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users