Malware Removal Instructions

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Monday, 27 May 2013

File "contained a virus and was deleted" removal, Sirefef blocks downloads in IE9/IE10

Posted on 10:43 by Unknown
"[filename].exe contained a virus and was deleted." message may occur when your computer is infected with the Sirefef (ZeroAccess) malware. So, every time you try to download antivirus software onto your computer, even from Microsoft's website, this malware announces the program has a virus and will not allow you to download it. It may block other programs as well, for example CCleaner. You may end up in a situation in which you can't download a thing. This new anti MSE/Windows Defender module affects Windows 7/8 users using Internet Explorer 9 and 10. Here's an example of the fake Sirefef message I got when trying to download SUPERAntispyware onto my computer:


Self-defense modules are nothing new for the Sirefef malware which generates revenue for the cyber criminals, mostly by mining for bitcoins and perpetrating click-fraud. The current malware dropper changes security permissions, removes or corrupts Windows Defender, disables Windows "Action Center" and then drops the payload of the Blackhole Exploit Kit (most of the time, but may be anything else). As far as I can tell the payload hasn't changed, so it seems that cyber criminals decided to improve self-defense modules and keep as many infected computer as possible. By the way, just a few days ago Microsoft announced that roughly 500,000 machines were cleaned of Sirefef. Maybe this is how cyber criminals try to fight back.

In order to fix "[filename].exe contained a virus and was deleted." infection and stop this fake message from showing up and blocking software downloads you need to remove the Sirefef malware from your computer. If you are using Microsoft Security Essentials or Windows Defender you will have to reinstall them. Since you can't use these programs to remove Sirefef you will have to download the programs listed below using Chrome, Firefox or any other web browser. If you can't then download the files requested in this guide on another computer and then transfer them to the infected computer. To remove this malware from your computer, please follow the removal guide below. If you have any questions, please leave a comment. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


Sirefef malware removal instructions:

1. Please reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key.


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Download recommended anti-malware software (direct download) and run a full system scan to remove Sirefef malware from your computer.

3. Reboot your computer as normal. Download and run TDSSKiller. Press the button Start scan for the utility to start scanning.



4. Wait for the scan and disinfection process to be over. Then click Continue. Please reboot your computer after the disinfection is over.



5. Download the ESET ServicesRepair utility and save it to your Desktop. Double-click ServicesRepair.exe to run the ESET ServicesRepair utility. If you are using User Access Control, click Run when prompted and then click Yes when asked to allow changes.

6. If you are using Microsoft Security Essentials, you should reinstall it.

7. That's it! You should be able to download software without any problems and fake virus notifications. If you still have problems, please leave a comment below.

Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in Rootkits | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • What is wrtc.exe and how to remove it?
    wrtc.exe - by Perion Network Ltd. What is wrtc.exe? wrtc.exe is a part of IncrediMail software, digitally signed by Perion Network Ltd. This...
  • Remove ShopperReports (Uninstall Guide)
    ShopperReports is defined as adware or a potentially unwanted program that displays marketing related results in a side pane of the browser...
  • Trojan.MBRlock, Внимание! Ваш компьютер заблокирован
    Trojan.MBRlock is a very disturbing piece of malicious code which infects the master boot record (MBR) and prevents Windows from starting. ...
  • False Positive: Ikarus and Comodo detecting TDSSKiller as a Trojan horse
    This awkward moment when you realize that your favorite rootkit removal utility is detected as malware. I probably wouldn't even have no...
  • Remove RiskTool.Win32.BitCoinMiner (Uninstall Guide)
    RiskTool.Win32.BitCoinMiner is a risk tool or potentially unwanted application that may use your computer's resources to generate bitco...
  • Remove Rattlingsearchsystem.com (Uninstall Guide)
    Rattlingsearchsystem.com is a ZeroAccess/Sirefef rootkit-related browser hijacker that redirects users to shady websites while searching on...
  • Remove TR/ATRAPS.Gen2, removal instructions
    Cyber crooks and third parties that buy stolen data are increasingly using more and more sophisticated techniques, in a variety of different...
  • Remove Ask Search and Ask Toolbar (Uninstall Guide)
    Ask Search and Ask Toolbar are very often incorrectly classified as virus/spyware that may cause search redirects. The majority of us pref...
  • How to remove 'TidyNetwork' adware virus from your computer
    As internet users most of us have seen those irritating little pop-up windows that are advertising something that we normally have little or...
  • Remove Windows Attention Utility (Uninstall Guide)
    Windows Attention Utility is a rogue security application that generates misleading warnings about nonexistent viruses and attempts to lure...

Categories

  • Adware
  • Answers
  • Antivirus software
  • Browser Hijackers
  • Cloud Computing
  • Fake Alerts
  • Giveaways
  • Hoax
  • How-To
  • IaaS
  • Internet
  • Malicious websites
  • Malware
  • PaaS
  • Parental Controls
  • Passwords
  • Phishing
  • Process Information
  • Ransomware
  • Rogue programs
  • Rootkits
  • SaaS
  • Security Advisories
  • Spam
  • Spyware
  • Trojans
  • Viruses
  • Web Browsers
  • Worms

Blog Archive

  • ▼  2013 (173)
    • ►  December (6)
    • ►  November (13)
    • ►  October (11)
    • ►  September (20)
    • ►  August (4)
    • ►  July (17)
    • ►  June (31)
    • ▼  May (25)
      • Protecting Against Rootkits with RKhunter (Rootkit...
      • System Doctor 2014 Virus Removal Guide
      • Remove oyodomo.com pop ups and redirects (Uninstal...
      • Remove The United States Courts Virus (Uninstall G...
      • Remove "Internet Security 2014" Malware (Uninstall...
      • What is BCHelper.exe and how to remove it?
      • File "contained a virus and was deleted" removal, ...
      • Remove kaq.pagerte.net pop-up ads, removal instruc...
      • What is DefaultTabSearch.exe and how to remove it?
      • Skype virus: "this is a very nice photo of you" re...
      • BrowserProtect.exe: What you need to know, how to ...
      • Remove dnsbasic.com (Uninstall Guide)
      • What is cltmng.exe and how to remove it?
      • Remove Trojan.Zeroaccess!inf4 (Uninstall Guide)
      • What is ibsvc.exe and how to remove it?
      • RCMP Ukash virus, help on how to remove
      • Remove "You shall not pass" virus (Uninstall Guide)
      • SnapDo.exe - Process Information
      • Remove ad.xtendmedia pop-up "virus", removal instr...
      • Remove VisualBee, removal instructions
      • Remove Mysearchdial, removal instructions
      • YontooDesktop.exe - Application Error - What is it?
      • How to remove Chatzum, removal instructions
      • Remove Tuvaro, removal instructions
      • Remove Win32:Malware-gen, removal instructions
    • ►  April (15)
    • ►  March (17)
    • ►  February (7)
    • ►  January (7)
  • ►  2012 (86)
    • ►  November (2)
    • ►  October (4)
    • ►  September (6)
    • ►  August (6)
    • ►  July (11)
    • ►  June (1)
    • ►  May (5)
    • ►  April (7)
    • ►  March (7)
    • ►  February (17)
    • ►  January (20)
  • ►  2011 (239)
    • ►  December (8)
    • ►  November (18)
    • ►  October (21)
    • ►  September (24)
    • ►  August (28)
    • ►  July (32)
    • ►  June (16)
    • ►  May (23)
    • ►  April (15)
    • ►  March (16)
    • ►  February (9)
    • ►  January (29)
  • ►  2010 (2)
    • ►  December (2)
Powered by Blogger.

About Me

Unknown
View my complete profile