Luhe.Sirefef.A - removal instructions

When AVG Antivirus Free of AVG Internet Security has found a Luhe.Sirefef.A infection, then your computer is infected with a ZeroAccess / Sirefef rootkit. Luhe.Sirefef.A is a dangerous malware infection which infects many computers around the world and is almost circulating for several years with different modifications to its functionality. The latest Luhe.Sirefef.A variants wil change the “symlinks” Junction reparse point of Microsoft Security Essentials and Windows Defender. Luhe.Sirefef.A is a rootkit that uses advanced techniques to hide its presence on the infected system, and Luhe.Sirefef.A is also able to setup a peer-to-peer (P2P) communication.

C:\Users\Username\AppData\Local\Google\Chrome\Application\chrome.exe (1692):\memory_02e10000″;”Found Luhe.Sirefef.A”;”Object is inaccessible.
C:\Users\Username\AppData\Local\Google\Chrome\Application\chrome.exe (1692)”;”Found Luhe.Sirefef.A
File: C:\windows\system32\services.exe(988):\memory_00f60000
Infection: Found Luhe.Sirefef.A

If your computer is infected with the Luhe.Sirefef.A (ZeroAccess / Sirefef) rootkit we advise to follow the instructions below to remove the Luhe.Sirefef.A rootkit completely from your computer.

Luhe.Sirefef.A

Luhe.Sirefef.A – removal instructions

All tools used in our malware removal guides are completely free to use and should remove any trace of malware from your computer.
Please be aware that removing Malware is not so simple, and we strongly recommend to backup your personal files and folders before you start the malware removal process.
Step 1 – Run a scan with HitmanPro to remove the Luhe.Sirefef.A (ZeroAccess / Sirefef) rootkit
Step 2 – Run a scan with TDDSKiller to check the computer for Luhe.Sirefef.A (ZeroAccess / Sirefef) and other rootkits and MBR modifications
Step 3 – Run a scan with RogueKiller to remove the Luhe.Sirefef.A (ZeroAccess / Sirefef) rootkit remnants.
Step 4 – Use Malwarebytes Anti-Malware to doublecheck for the precense of Luhe.Sirefef.A (ZeroAccess / Sirefef) rootkit

1. Run a scan with HitmanPro to remove Luhe.Sirefef.A

Please download HitmanPro to your desktop from one of the following links
HitmanPro (32bit) – Direct download link
HitmanPro (64bit) – Direct download link

Double click on HitmanPro to start the program, if you are experiencing problems while trying to start HitmanPro, you can use the Force Breach mode.
To start HitmanPro in Force Breach mode, hold down the left CTRL-key when you double click on HitmanPro and all non-essential processes will be terminated, including the malware processes.
HitmanPro will start and you’ll need to follow the prompts (by clicking on the Next button) to start a system scan with this program.
The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.
Click on the next button and choose the option activate free license
Click on the next button and the infections where will be deleted.

Click now on the Save Log option and save this log to your desktop.
Click on the next button and restart the computer.

2. Run a scan with TDSSKiller to remove the Luhe.Sirefef.A infection.

Please download the latest official version of Kaspersky TDSSKiller to your desktop from one of the links below.
http://support.kaspersky.com/downloads/utils/tdsskiller.exe
http://support.kaspersky.com/downloads/utils/tdsskiller.zip

If you can’t start Kaspersky TDSSKiller, you first need to rename it so that you can get it to run. Rename the executable from TDSSKiller.exe to iexplore.exe or svchost.exe, and then double-click on it to launch.
Kaspersky TDSSKiller will now start and display the welcome screen and we will need to click on Change Parameters option.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

Next,we will need to start a scan with Kaspersky TDSSKiller
Click the Start Scan button to begin the scan and wait for it to finish.
Warning! Do not use the computer during the scan!
When it finishes, you will either see a report that no threats were found like below:
If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
If any infection or suspected items are found, you will see a window similar to below.

If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. We will tell you what to do with these later. These may not be issues at all.
If ‘Suspicious objects’ are detected, the default action will be Skip. Leave the default set to Skip and click on Continue.
If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects.
Make sure that Cure is selected. Important! -> If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
Just for Reference purposes, if you were to quarantine any detected objects, Quarantined files will not be removed! They are moved to a quarantine folder.
The default quarantine folder is in the system disk root folder, e.g.:
C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
After clicking Next, TDSSKiller applies selected actions and outputs the result.
A reboot might require after disinfection, please reboot immediately if it states that one is needed.

3. Run a scan with rouguekiller to remove the Luhe.Sirefef.A rootkit

Download Roguekiller from one of the links below to your dekstop.
RogueKiller.exe
RogueKiller.exe (mirror)
RogueKillerX64.exe
Double click on RogueKiller.exe to start this malware removal utility it will start automatically the prescan, this should take only a few seconds to complete.
After the prescan is finished click on the Start button to perform a full system scan.

Roguekiller

When the scan has completed, you can press the Delete button to remove the detected items and registry keys they found by Roguekiller

Roguekiller - Scan

If RogueKiller detects malicious Registry entries, you can delete them by clicking the Registry tab and clicking the Delete button. Please check each registry entry before deleting it.

4. Run a scan with Malwarebytes Anti-Malware to remove the Luhe.Sirefef.A remnants

Download Malwarebytes Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes’ Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
After the restart in Normal mode, start Malwarebytes Anti-Malware again and perform a Full System scan to verify that there are no remaining threats.

Information

Some of the programs that we used in our malware removal guides would be a good idea to keep and used often in helping to keep the computer clean. Malwarebytes Anti-Malware is one of the most powerful anti-malware tools. It is totally free but for real-time protection you will have to pay a small one-time fee. The license of Malwarebytes Anti-Malware is life-time so you have to buy it once, and because Malwarebytes Anti-Malware is a great addition to your regular virusscanner of security programs.

Choose a good internet security suite, Bitdefender’s Internet security 2013 is an excellent, user-friendly security suite, and with the autopilot technology there are no popups, no alerts or other messages because in this mode it will resolve almost every security issue on its own without the intervention of the user.

Bitdefender Internet Security 2013

Bitdefender Internet Security 2013 builds on #1 ranked antivirus technology to provide secure e-banking and e-shopping, online safety for kids, privacy protection on social networks and more!

#1 ranking based on reviews from AV Test, AV Comparatives,CNET Downloads, PC Welt, Expert Reviews and many more.

Bitdefender 2013 has been officially named “Product Of The Year”, “Best Antivirus For 2013” and “Best Repair of 2012” by the famous PC MAG magazine, and by two major reviewing institutions to date, AV-Test and AV-Comparatives. These achievements crown a year of accolades and awards, including distinctions from CNET, Laptop, Magazine, PC PRO, Expert Reviews, WebUser, PC Achat and Micro Hebdo.

BitDefender Internet Security 2013
Licence	Price	Purchase link
1 PC \| 1 Year license	$ 49.95
3 PC \| 1 Year license	$ 69.95
1 PC \| 2 Years license	$ 89.95
3 PC \| 2 Years license	$ 109.95
1 PC \| 3 Years license	$ 129.95
3 PC \| 3 Years license	$ 159.95

Incoming search terms:

Misleading FakeAV
luhe sirefef a
luhe sirefef a removal tool
luhe sirefef a removal
Rootkit Sirefef spy
zeroaccess reparse
misleading fakeav removal
havij luhe fiha a
rootkit sirefef spy / trojan fakeav-download
avg rootkit defender
Luhe
rootkit sirefef spy and trojan fakeav- mac
luhe fiha a
rootkit sirefef spy mac
load gov state security pw