Here’s a quick run-down on how to clean a PC that’s infected with the Win64/Sirefef.b Virus. This article is written for an experienced user, but might be helpful enough for anybody to follow along. The virus may also be detected as Rootkit.0Access.H through Malwarebytes. Before you begin, make sure you’ve created a System Restore Point, so that you can recover from a worst-case scenario.
Firstly, I ran Malwarebytes in Safe-mode, to ensure that any other viruses that this Trojan horse may have invited to the party. We had to disable Microsoft Security Essentials’ Real time protection, so that the PC wouldn’t keep restarting after each detection.
Running Combofix will require that you disable the active anti-virus program anyway, so it might even be a good idea to uninstall it at this point, since Combofix will reboot the computer several times during its cleansing process. At the end, we’ll re-install the latest version again from whatever website.
After Combofix has done its removal process, you’ll need to uninstall it from the control panel.
Now let’s get a 2nd opinion, by downloading another tool called “Hitman Pro“. Choose either the 32 or 64bit version from this download link. This program will scan your computer using several individual tools, such as bitdefender and Dr. Web. It’s free to scan your computer once, if you choose to install it as a resident program that constantly protects your computer. Don’t worry, we can remove it once the job’s done, so that you can keep your favorite anti-virus program.
The combination of these two programs will kill any trace of the virus. Note, that if you still see Malwarebytes find infected files, examine their paths, because they might be quarantined items. I manually deleted the Combofix’s quarantine and all, in a folder on C: drive called Qoobox – which you can only delete if you fix permissions on one of the subfolders, or simply use Start->run->”combofix /uninstall” to help it along…
Now you can re-install your Anti-virus program from their website again, and life is gooder again!