Back in June 2012, I was looking at an infected PC, and after running Malwarebytes, it looked like the PC was clean.

But after a restart, Microsoft Security Essentials reported that it had found sirfef.y, and that it would remove it.

After removal, the computer would give a 60 second grace period before restarting.

I first thought that the 60 seconds was MSE forcing a restart.

But it was actually sirfef.y restarting the PC to prevent anything from removing it.

Since sirfef.y is a rootkit, most standard security tools struggle to remove it.

I tried a few different tools (all had to be run from safe mode, to avoid the 60 seconds before a reboot), but tdsskiller and a few others either wouldn’t detect it, or would not be able to remove it.

After a lot of research, I eventually had to use a tool like gmer… then interpret the results, and then manually remove the rootkit files responsible for the infection.

Certainly not something an average (or even an advanced) PC user would be able to do.

With infections like this on the rise, I’m starting to wonder how much worse this can get, and if the PC security companies can do anything to improve their products, to defend against this type of infection?