OneNote-related malware plants Sirefef.N trojan whenever OneNote used

Have some sort of a rootkit which is triggered every time I use OneNote 2007. Various malware/virus/rootkit scanners have not been able to find the malware which triggers only when OneNote is used. Using OneNote predictably causes the malware/rootkit to repeatedly plant a Sirefef.N trojan which is recognized by the real-time security software (MSE), removed and then reappears. Tried uninstalling and reinstalling OneNote to no avail. Given this known cause/effect relationship between OneNote and the malware, how can one manually track the malware down which keeps eluding full scans by various anti-malware software?

Posting this in the Office2007/OneNote/WinXP forum as well as the Microsoft Security Essentials forum.


Question Info

Last updated February 22, 2019 Views 1,758 Applies to:

The mere presence of those PCPitstop, PCPitstop Antivirus & PCMatic ActiveX Controls and the continuing presence the two (2) Symantec AntiVirus ActiveX Controls tells me several things:

1. The ACTIONS I proprosed in my previous post will not do anything to address your many problems.

2. Microsoft Security Essentials did NOT install properly and therefore has never worked properly since you installed it earlier thise year (hence the Guard Online "rogue" infection & the Trojan W32/Sifrfef.N infection as well as your Google Toolbar & Office problems).

3. You are seeing the effects of an ongoing hijackware infection of considerable longstanding. There's not an online scan or anti-virus application or anti-spyware application in the world that can "come to the rescue" now.


   • Cleaning a Compromised System

Follow the instructions in this post of mine in another forum (to-the-letter & in order! ) to return your computer to a secure & functional state:

If you need additional assistance with the clean install, please begin a new thread in this forum:


Note: Your computer should NOT be connected to the internet or any local networks (i.e., other computers) in its current state. All of your personal data (e.g., online banking & credit-card passwords!) should be considered at-risk, if not already compromised.

Wish I'd had better news for you.  Good luck!

~Robear Dyer (PA Bear)
Microsoft MVP (Windows Client) since October 2002

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.