Jump to content

False positive for Win32/Sirefef?

Recommended Posts



I got a strange detection warning since the data base update dated Monday May 12 2014.


ESET NOD 32 (v7.0.302.26, running Win XP 32-bit) detected "Startup scanner    operating memory    Operating memory    Win32/Sirefef trojan" but does not give any detail (file /directory etcetera) and no mean for cleaning it.


- Running the utility "ESETSirefefCleaner.exe" gives "INFO: Win32/Sirefef not found"

- ESET SYSRESCUE CD does find anything

- MalwareBytes AntiMalware does not detect anything

- HitmanPro does not detect anything

- AVAST! Boot CD: idem

- Kaspersy boot CD V10: idem

- Kaspersky Anti-rootkit utility TDSSKiller: idem

- Neuberg Security Task Manager does not show any suspicious running process (see details in attachment)

- WireShark does not show any suspicious Internet traffic

- No slow down of the PC


Comparing a SysInspector report (May 14 2014) with a previous one (March 10 2014) shows as main difference ""Rootkit" = "@Trojan.Win32/Sirefef" ( 9: Risky )".


Does someone have any clue about this strange issue? A false positive linked to the latest virus database?


Thanks for the attention :-)



processinfo 2014_05_14 17_18.html

Link to comment
Share on other sites

  • Administrators

This is most likely detection of older Sirefef remnants. Please refer to this topic and continue the discussion there.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...