What is trojan.siredef.c

Jeddie · 14 Nov 2017

I just ran my monthly scan using Malwarebytes Free. It found 2 instances in Recycle bin. I have quarantined them.

How did it get past Defender?

What should I do next? Am I clean?

Masterchiefxx17 · 14 Nov 2017

Can you upload the log that Malwarebytes created about the found Trojan?

Microsoft Defender is an antivirus, whereas Malwarebytes is an anti-malware; two different products and beasts. Malwarebytes is a recommendation for most, because its goal is to stop treats as they are developed and released. Whereas Defender will take a little while to get a database update of new malware.

To check the entire system, use a tool like ESET's Online Scanner to check for any malware present on the computer: Free Virus Scan | Online Virus Scan from ESET ESET

If ESET is finding actual malware, we'll need a specialized malware tech to disinfect the system.

Cliff S · 15 Nov 2017

Trojan:Win32/Sirefef.C threat description - Windows Defender Security Intelligence

Also detected as: Win-Trojan/Agent.36864.BUQ (AhnLab)Trojan-Spy.Win32.Agent.bdka (Kaspersky)W32/Suspicious_Gen2.EXVQM (Norman)Trojan.Sirefef!E7JTVcoretQ (VirusBuster)Trojan horse PSW.Agent.AEZK (AVG)BackDoor.Maxplus.6 (Dr.Web)Win32/Sirefef.E (ESET)Trojan-Spy.Win32.Agent (Ikarus)Trj/Downloader.MDW (Panda)

Trojan:Win32/Sirefef.C is the detection for a component of the Win32/Sirefef family- a multi-component family of malware that moderates your Internet experience by changing search results and generating pay-per-click advertising revenue for its controllers. The family consists of multiple parts that perform different functions, such as downloading updates and additional components, hiding existing components, or performing a payload.

Jeddie · 15 Nov 2017

I ran ESET - All clear.

Next Step? Am I clean?
@simrick - would really like some help here please?

simrick · 15 Nov 2017

Jeddie said:

I ran ESET - All clear.

Next Step? Am I clean?
@simrick - would really like some help here please?

Hi.
If you would, please download and run ADWCleaner, just to make sure.
Downloads - AdwCleaner - ToolsLib

If it finds anything, please upload the logs.

I would really like to see the log file from MBAM - can you copy and paste here? Need to see what/where it found this trojan.

It's possible that all the browsers on the system may need to be reset - even the ones that you don't use (Internet Explorer).

Jeddie · 16 Nov 2017

Heres Adwcleaner; I removed the PUP it found.

# AdwCleaner 7.0.4.0 - Logfile created on Thu Nov 16 05:35:04 2017# Updated on 2017/27/10 by Malwarebytes # Database: 11-15-2017.1# Running on Windows 10 Home (X64)# Mode: scan# Support: https://www.malwarebytes.com/support*****
[ Services ] *****No malicious services found.*****
[ Folders ] *****PUP.Optional.Legacy, C:\Users\Geoff\AppData\Local\AdvinstAnalytics*****
[ Files ] *****No malicious files found.*****
[ DLL ] *****No malicious DLLs found.*****
[ WMI ] *****No malicious WMI found.*****
[ Shortcuts ] *****No malicious shortcuts found.*****
[ Tasks ] *****No malicious tasks found.*****
[ Registry ] *****No malicious registry entries found.*****
[ Firefox (and derivatives) ] *****No malicious Firefox entries.*****
[ Chromium (and derivatives) ] *****No malicious Chromium entries.*************************
C:/AdwCleaner/AdwCleaner[S0].txt - [1144 B] - [2017/5/20 7:44:8]
C:/AdwCleaner/AdwCleaner[S1].txt - [1240 B] - [2017/6/12 6:30:44]
C:/AdwCleaner/AdwCleaner[S2].txt - [1078 B] - [2017/10/6 7:47:57]
C:/AdwCleaner/AdwCleaner[S3].txt - [1145 B] - [2017/10/8 5:57:23]

Malwarebytes; This weird. The log says it found nothing and it ran for 20mins? Well it actually found 2 x Trojans & ran for a few hours because I always run a custom scan.

Malwarebytes Anti-Malwarewww.malwarebytes.org
Scan Date: 15-Nov-17Scan Time: 2:01
PMLogfile:
Scan Log.txtAdministrator:
YesVersion: 2.2.1.1043
Malware Database: v2017.11.15.01
Rootkit Database: v2017.10.14.01
License: FreeMalware
Protection: DisabledMalicious
Website Protection: DisabledSelf-protection:
DisabledOS: Windows 10CPU: x64File
System: NTFSUser: GeoffScan
Type: Threat
ScanResult: CompletedObjects Scanned: 315163Time Elapsed: 20 min, 14 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)
Modules: 0(No malicious items detected)
Registry Keys: 0(No malicious items detected)
Registry Values: 0(No malicious items detected)
Registry Data: 0(No malicious items detected)
Folders: 0(No malicious items detected)
Files: 0(No malicious items detected)

zbook · 16 Nov 2017

Windows defender is supposed to provide protection for this trojan: trojan.siredef.c
Each AV product has false positives, false negatives, true positives, and true negatives.
So another product checking is useful.
Expand the sections in this link.
There is an additional Microsoft scanner.
Trojan:Win32/Sirefef.C threat description - Windows Defender Security Intelligence
Prevent virus or malware infection - Windows Defender Security Intelligence

Jeddie · 16 Nov 2017

@simrick I've just done a Malwarebytes Threat scan. All ok.

Also performed SFC/ Scannow - all ok.

simrick · 16 Nov 2017

Jeddie said:

@simrick I've just done a Malwarebytes Threat scan. All ok.

Also performed SFC/ Scannow - all ok.

Sounds good!

Go ahead and mark the thread as solved.