Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Sirefef 'cleaned' now IE cannot connect to google or yahoo

  • Please log in to reply
1 reply to this topic

#1 jaxjason


  • Members
  • 13 posts
  • Local time:08:51 AM

Posted 14 September 2014 - 08:47 AM



On 9/10 Microsoft Security Essentials warned me that my PC was infected with "Trojan:Win64/Sirefef.AN". I allowed Microsoft Security Essentials to remove it.


I also followed all of the steps here for removal of sirefef:



After this removal process, internet explorer cannot connect to google or yahoo. I don't get any message, just a blank screen. I can access other websites such as Microsoft.com. I reinstalled IE 11, but it still cannot connect to google or yahoo.


Also Symantic Endpoint protection detected trojan.zeroaccess.c and trojan.gen.2. I allowed Symantec to remove them.


EMSISoft Emergency kit detected and removed Urausy which appears to be ransom ware. Although I never received any ransom ware attacks.


I have run MBAR and TDSSKiller and they didn't find anything.


How should I proceed




BC AdBot (Login to Remove)


#2 LiquidTension


  • Malware Response Team
  • 1,278 posts
  • Gender:Male
  • Local time:12:51 PM

Posted 14 September 2014 - 09:23 AM

Sirefef, or more commonly known as ZeroAccess, is a backdoor Trojan with rootkit capabilities, used to evade detection and conceal the dropped payload. You can read more about ZeroAccess here and here. Due to the nature of this infection, I would be doing you a disservice if I did not make you aware of the following.



One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal critical system, financial and personal information.

Please disconnect your computer from the internet immediately. If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, email, eBay, paypal, online forums, etc). Consider these accounts already compromised.

If you have used a router, you will need to reset it with a strong logon/password to ensure the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach immediately. Please read the following for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Whilst the identified infection(s) can be removed, there is no way to guarantee that your computer will be trustworthy again. This is due to the nature of the infection, which allows the attacker complete control over the computer. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat the hard drive and reinstall the Operating System. Please read the following articles for more information.

Please let me know how you wish to proceed, and if you have any questions.


Posted Image

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users