Sunday, December 2, 2012

Trojan:win32/Siref!cfg Persists! - How to Remove Trojan Effectively?

Things Make You Want to Remove Trojan:win32/Siref!cfg 


Your system begins to hang on various tasks and duties, coupled with freezing webpages. An updated scan of anti-virus software nets nefarious Trojan:win32/Siref!cfg, but the cleansing produces no significant improvements in performance. The longer you have Trojan:win32/Siref!cfg, you may probably get the listed dysfunctions concluded by Tee Support experts 24/7 online:
  • Intensive CPU, memory is sapped, PC slows in general. 
  • Firewall would not be activated. 
  • Browser would open itself automatically. 
  • Pages with suspicious paid software prompt up during Internet surfing. 
  • Some programs and files are gone. 
A minor virus though it seems to be, it will infiltrate other system compartments in your computer and caused more damages to you if no immediate treatment is made. 

Before we take action to get rid of Trojan:win32/Siref!cfg, we should know how it becomes stronger and what assist in its affection act so that we could strike the Trojan without bind trials.

Tech Review on Trojan:win32/Siref!cfg 


Apparently, Trojan:win32/Siref!cfg is another variant newly stems from Siref Trojan family that could disable some security features in a bid to steal particular data from the infected computer. Once executed, the Trojan infects computer by copying itself to random subdirectory of %Currentuser%\Application data\ directory, using any of possible variants of system file names taken from SYSTEM32 folder; creating new service value under “HKU\Software\Microsoft\Windows\CurrentVersion\Run” key. To achieve the ultimate goal, a couple of damage should do to system first to make things go more smoothly:

a) Files are dropped
  1. to corrupt systematic and secure-related files; 
  2. to modify security settings; 
  3. to hide certain programs, tricking you into thinking that your files and programs are gone, and causing run error when trying to launch the attacked program. 

b) Registry keys are inserted into kernel part
  1. to mess up system settings; 
  2. to add its process into auto run setting; 
  3. to temper with systematic registries. 
Finally, it creates %Currentuser%\Application Data\Microsoft\Internet Explorer\setup.exe file that is a copy of self, injects itself into EXPLORER.exe, so it can run if at least 1 process with name “explorer.exe” is running in the system, by using crypto library to encrypt connections it can connect to the remote host for receiving new commands and sending out stolen information. Information equals money for hackers, they won’t stop the criminal act by programming Trojan:win32/Siref!cfg with the ability to write itself to burnable CD or BlueRay.

Trojan:win32/Siref!cfg should be removed immediately so that it would not hinder you from having a proper performance in your work as well as in your other activities. Follow the steps hereinafter; should you get confused, you are welcome to start a live chat with online computer tech here for professional help.


Detailed Instruction to Show How to Delete Trojan:win32/Siref!cfg Completely


Step1:Restart your system and get into the safe mode with networking As the computer is booting but before Windows launches, tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to highlight "Safe Mode with Networking" option and press Enter key.

 

Step2:Please stop the processes listed below Press CTRL+ALT+DEL key to open Task Manager

                 
random.exe


Step3:Go to the Registry Editor to delete all related entries listed below Click “Start” menu, hit “Run”, then type “regedit” click “OK”.
           

Related registry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SMRequiresRestart HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun


Step4: Delete related files and folders                
%systemdrive% .tmp
 %systemroot% .tmp
 %systemroot%\System32 .tmp
 %systemroot%\System32\dllcache .tmp
%systemroot%\System32\drivers .tmp
 %systemroot%\system32\config\systemprofile\Local Settings\Temp folder
 %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files

Video on How to Deal with Processes and Registries





Note: please don’t wasting your time of any antivirus programs and follow steps provided above now, since those programs are confined to detect and isolate it. If you cannot proceed the steps, please start a live chat with Tee Support experts 24/7 online for professional help.
   

No comments:

Post a Comment