How to Remove Newsfudge and Win32/Sirefef Trojan

newsfudge

Just recently, my system got infected by a serious trojan type virus/malware named Sirefef. The main problems were secure websites (https://) were refusing to connect in Firefox and Google Chrome and sites would pop up or be redirected to Newsfudge or some random page. The main difficulty getting rid of this virus was that the solution was very difficult to find. When googling “newsfudge” or “newsfudge removal”, almost all of the result pages were prepared pages with bogus content and possibly harmful solutions – a pretty clever way to confuse people and hide ways to delete the virus.

The major problems and symptoms I had were as follows:

– Secure site connection warning for google login pages and other https connections
– Sites redirected to newsfudge.com or newsfudge.com and other random blog pages opening in new window
– “Newsfudge.com removal” searches showing bogus results (through sites and forums such as zimbio.com and yoosecurity and many, many others)
– Windows Defender being disabled and difficult to restore
– Microsoft Security Essentials detecting Sirefef Trojan and restarting Windows after 60 seconds continuously

Even Malwarebytes was not able to completely fix the situation. While it did detect and quarantine the problematic Sirefef trojan files, they were regenerated again shortly after or even after a reboot.

[Note: Using any virus/malware removal tool mentioned below may disable programs or even your whole system. Please use at your own risk.]

While searching for solutions, I found a Sirefef trojan removal tool from ESET(http://kb.eset.com/esetkb/index?page=content&id=SOLN2895). Running this tool in Safe Mode with Networking, this seemed to have removed the source of the problem and restored affected registry items that were deleted. Microsoft Security Essentials did not reboot the system anymore and the Sirefef detection from Malwarebytes was gone!

ESET solved this problem properly and my trust extended to their free online scanner: http://www.eset.com/us/online-scanner/

The online scanner took a rather long time to complete but did pick up a few other items. I plan to test it further when other issues come up.

After the Sirefef removal, I noticed a continuous audio ad in the background. It was a mix of a bunch of audio ads cutting in and out randomly. For this, I tried Kapersky’s TDSSKiller utility. http://support.kaspersky.com/faq/?qid=208283363 It’s better to click on the “Change Parameters” option and check all boxes for a more complete scan. Use the quarantine option during removal in this case. This tool also removed several possible threats not found before and the audio problem seems to be gone!

Now, still one item from the Malwarebyte scan still remained: Trojan.Agent on svchost.exe. Fortunately, several runs of Malwarebyte seems to have eliminated the problem. I cannot be 100% sure my system is secure, but it definitely is better than it was.

Summary of Advice:
– Back up your data frequently! (The only 100% secure way to remove these threats is to format and do a fresh reinstall. Fixing these type of problems still may pose a risk, even after supposed removal.)
– Install and keep Microsoft Security Essentials/Windows Defender running. Real-time detection picks up infections as they pop-up.
– Run Malwarebytes Anti-Malware periodically to monitor and remove any possible threats.
– When infected with Trojan/Rootkit type malware and viruses, use the tools mentioned above. (Malwarebytes, TDSSKiller, ESET Tools and scan)

Leave a Reply

Your email address will not be published. Required fields are marked *