Showing results for 
Search instead for 
Did you mean: 
Level 7

McAfee says it's fixed but trojan "generic.grp!jl" keeps looping

McAfee message keeps saying "Trojan Removed" but "generic.grp!jl" message keeps returning every 2 minutes or so.  Ran McAfee total computer scan and found no viruses.  I am still concerned that this recurring trojan is persistent.  Can you help?

Message was edited by: uneedtoknow on 03/07/12 11:07:35 CDT AM
0 Kudos
2 Replies

Re: McAfee says it's fixed but trojan "generic.grp!jl" keeps looping

I have the same problem-it's a symptom of other problems in my case. Currently, am doing a full Windows re-install. From my reading even this may not be successful. McAfee has been no help! I have tried the McAfee AV, rootkit tool, stinger, MBAM, Kaspersky, etc best of luck!

0 Kudos
Level 18

Re: McAfee says it's fixed but trojan "generic.grp!jl" keeps looping

Moved to Malware Discussion (Home User Assistance) in Security Awareness, to be with other similar threads.

This Trojan "generic.grp!jl" appears in a VirusTotal list on June 25th, and the equivalent Microsoft name for it there is "Trojan:Win32/Sirefef.P". Confusingly, on the Microsoft page for this malware it says the McAfee name for it is "FakeAlert-GA.gen.r", so the identification is not certain, especially as a later VirusTotal list links Microsoft's "Sirefef.P" with McAfee's "".

This confusion makes it difficult to be sure what is causing the symptoms you describe. This is what Microsoft has to say about the Trojan :

Trojan:Win32/Sirefef.P is a trojan component of Win32/Sirefef - a multi-component family of malware that moderates an affected user's Internetexperience by modifying search results, and generates pay-per-click advertising revenue for its controllers. The family consists of multiple parts that perform different functions, such as downloading updates and additional components, hiding existing components, or executing payload routines.


Trojan:Win32/Sirefef.P is installed by other malware and may be present as a file named "wpbt0.dll". The trojan component is responsible for downloading other malicious components.

Either the Trojan is not actually being removed by McAfee (possible, if a rootkit is present) or immediately after deletion some other malware is replacing it, which implies it exists in some hidden part of the file system.

A system restore seems to be effective, in at least some cases. Otherwise Microsoft are advising, for some variants of this, that a complete reinstallation of the OS may be necessary.

0 Kudos