Friday, December 23, 2011

NEW VIRUS: WIN32/Sirefef:N

This is a really insidious piece of crap virus. "win32/sirefef:N" is about as close to AIDS for computers as you can get. I have dealt with this exact same virus three times so far, and I have yet to fully eject it from my system.  It seems to partially infect Microsoft Security Essentials. 

What this bug does is shut down a service that enables the detection of signals from the internet.  Specifically it disables something called "DHCP Client Services".

The virus seems to lie dormant until you update and do a MSE scan. When the scan is complete, the history shows the name of this virus and you are advised that a restart is necessary to complete the removal of the virus. 

BUT when you re-start, you will find that you are unable to connect to the net.  Diagnostics suggests "restart DHCP Client Service" but that does not take care of the problem.

Going to the control panel and opening "administrative tools" and clicking on "services" reveals a list which includes DHCP. But, when you try to manually start the service you are greeted with a message that says that the service either does not exist or has been "marked for deletion".


I have twice gone through a procedure I have found to get around this bug, and have run Microsoft's "Malware Removal tool" and the emergency security scan,  This last says only that the bug was "partially removed".  

I even went to the length of uninstalling MSE and then re-installing a pristine copy.  But right now the MSE icon is glowing orange and advising me I need to re-start (to finish removing the threat).  What do you want to bet I will have the headache all over again if I do? 

What is worse, Microsoft Security has "no details" about this bug other than it hides in your files in order to replicate. As I said I have found a way around it, but it takes the better part of an hour and is a pain in the ass, and of course at the end when you re-start you are urged to run another scan and re-start. (I am not about to discuss how to get around this bug lest it give the bug's deigners ideas about "improvements")  

I hadn't intended to get online in the middle of the holidays, but I wanted to warn you all about this dangerous new trickster.  It's harder to get rid of than a broke-ass cousin who found out you just won the lotto.  Good luck.

No comments:


Blog Archive