Computer Support Forum

Continual Reboot After Virus (Possibly Sirefef?)

Question: Continual Reboot After Virus (Possibly Sirefef?)

Hi, I'm Kattie. My problem is with my Dell netbook (Inspiron Mini 1012 I think) with Windows 7 Starter.

Honestly, I have no idea where to begin. A few months ago, I contracted a pretty terrible virus that pretty much wiped out my netbook and entirely thwarted any of my attempts at fixing it. I don't remember how at this point, but before it became completely inaccessible, I somehow figured out that it was the sirefef virus. I got a mini-scan to bring up sirefef.exe or something similar, I really don't remember at this point. But the symptoms seem to match other reports, so unless I can figure out otherwise, I think it's safe to assume that sirefef was the beginning of the problem.

Now, when this first happened, I found other people's methods for posting logs and getting fixes, and that was my initial plan for repair, but I just generally ended up procrastinating it, and now, I have a completely different problem and have no idea how to even begin to solve it.

I'm really not sure when this happened or if it's even the result of the virus at all (though I assume it is), but my netbook is now stuck in the most irritating reboot loop that I can just not seem to get out of. I'm really not sure what details to mention here, so it'd probably just be better to ask me specific questions, but I'll explain as well as I can for now.

I was having a reboot problem when first infected, but it had a lag of 60-90 seconds, which meant I could actually bring up my desktop, though very briefly. This was probably how I was able to pinpoint the sirefef file in the first place. I messed around quite a bit, and I got in and out of safe mode a few times, but nothing really changed. I may have gotten it to stop rebooting long enough to try a system restore with no results, but that was probably it. I think all my restore points came up as corrupted or something similar. Anyway, at this point, it was bad, but I was still able to actually get into my account at the very least. Now, it's something completely different.

I'm going to turn it on and just describe the process:
- Boots up with normal Dell logo screen.
- Goes to 'Loading Window Files' screen, then to a system information screen which I'm not sure how to describe. Has processor information, which I can type out if needed. Here it says that my system is booting in safe mode - minimal services with network.
- Then, the screen comes up as "Setup is preparing your computer for first use" and goes into a scrolling command screen, of which I have no control over, annoyingly. Should I be able to access the commands? If there's something specific to look for here, I could try, but it scrolls pretty fast at most points. I'm able to catch quite a few phrases though, I just don't know what I'm looking for. Personally I don't like what I do see though, as it includes the phrases 'flushing current folder' and 'could not find' too many times for comfort.
- Lastly, "Setup will continue after restarting your computer"

This repeats endlessly. I am able to press F8 and get into Advanced Boot Options, not that it helps me any. I'm pretty sure this screen is how it's supposed to be, but it doesn't lead me anywhere, and I've tried all options except
'Enable low-resolution video (640x480)' because I don't think that's the problem;
'Directory Services Restore Mode' and 'Debugging Mode' because I don't know how to use them, though I doubt they'd alter anything as none of the other options lead to a different outcome.

This is a long babbly post, and I'm sure I missed necessary information, so please feel free to ask for anything I left out. I am very open to following any instructions, and even just a way to get back into my system would be a lot better than where I'm at now!

Thank you so much for wading through my nonsense. ;D

Relevance 100%
Preferred Solution: Continual Reboot After Virus (Possibly Sirefef?)

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Continual Reboot After Virus (Possibly Sirefef?)

I'll report this topic to appropriate helpers.
Hold on....

86 more replies
Relevance 83.64%

Hello and thanks for taking time to look at this

I have an HP Pavilion dv6 3250 laptop that has gotten infected by the win64sire fef, and I am stuck because I can not get it to stay started long enough to run MalwareByte or any other thing.

I have been reading other posts on the site and have run the Farbar Recovery Scan Tool see log below

Look forward to your help

Scan result of Farbar Recovery Scan Tool Version: 15-07-2012
Ran by SYSTEM at 15-07-2012 17:19:07
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2281256 2010-09-13] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-07-22] (IDT, Inc.)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1931024 2010-07-19] (Intel® Corporation)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [611896 2010-08-31] ()
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistan... Read more

Answer:Win64 sirefef virus, continual restarting

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

19 more replies
Relevance 81.18%

I started having a problem with one of my computers this morning.
What looked like the Adobe Updater came up already downloading, and now the computer restarts by itself after about 2 minutes.
Security Essentials says it's Win64\sirefef.P, but the computer restarts before I can do anything, or before any programs can get rid of it.

I've ran the recommended programs, but the computer restarts before most of them can finish.

Here are the files from the programs that have finished or nearly finished.

Thanks in advance for any help.
 

Answer:Malware causing system to reboot? Possibly Win64\sirefef.P

Found out how to properly run FRST64, the correct log is attached.
 

2 more replies
Relevance 69.7%

Hi Everyone

I have a Lenovo Laptop running Windows 7 Pro x64
It is infected with Sirefef
I have used FRST64 to get the txt files
They will be posted below
Please help right the fixlist.txt

Regards
Michael Tiemann
The IT Bunch

Answer:Sirefef Virus Computer Reboot 60 Secs

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 30-07-2012 19:08:08
Running from G:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-07] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-11-17] (Lenovo)
HKLM\...\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2011-11-17] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-11-17] (Lenovo(beijing) Limited)
HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [170264 2012-02-14] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [398616 2012-02-14] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [440600 2012-02-14] (Intel Corporation)
HKLM\...\Run: [nseapc] "C:\Windows\System32\rundll32.exe" "C:\Users\Scott.AAS\AppData\Roaming\nseapc.dll",Resize ... Read more

3 more replies
Relevance 68.47%

Hey guys, I got this virus somehow. rarely happens. I tried running combofix and it says "the subsytem needed to support the image type is not present." I have tried everything I can. I am attaching the FRST logs. I would GREATLY appreciate some help on this. I cant get it to stop rebooting. Ive done alot of stuff with F8. tried recovery cd's I made specifically for this kind of thing and those dont even work. FAIL on MS part. so I have to rely on other sources. and you guys have never failed. me. Again my up most gratitude if you would look into these logs and see if something can be fixed.

Thank you so much.
Regards Dean.

Typing on a laptop. not easy.
 

Answer:Virus:win64/sirefef.B + Firewall Disabled + Constant Reboot. Cannot fix.

I think I fixed it I really have no idea how. but its not rebooting anymore. My firewall is back. I ran combofix after the PC would stay on. Running MS Safety scanner which found the virus's in the 1st place. I am just happy I can back up files at least. A combo of this site and others helped me. I wish I had more info for others. persistance on trying different stuff.

I hope this thread can be closed. Waiting for final scan.

fixed
 

2 more replies
Relevance 68.06%

A few days ago, I got the Sirefef.AB and Sirefef.W virus on my computer. I had no idea the severity of my problem until after I reinstalled MSE which has now caused my computer to constantly restart. I have used Farbar to create a FRST.txt and Server.txt file, though I do not know if that will help on this site in the removal of this blasted virus, and I will wait to post it until I have been instructed if I should do so. I really am at a loss here. I am not that great with computers, and could really use some help.

Edit: Added note, for the short while before I reinstalled MSE, I was having redirection problems when clicking on Google links. It also restarts in Safe Mode.

Answer:Sirefef.AB and Sirefef.W for Windows 7 Infected Computer with Constant Reboot

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

3 more replies
Relevance 63.14%
Question: Continual reboot

My kids computer was frozen and I forced a reboot by pressing the restart button expecting the error message about problem shutting down as it scanned the disk for errors.
What happened instead was it continually gets partially booted taking me to the boot up options; safe mode, normal start up...
I first chose safe mode and the computer started to reboot from the beginning, then normal mode-same thing, last good configuration.
Every option I pick, the computer fails to completely reboot and continuously restarts with no intervention of my own.
If I could get it to boot on any mode, I may be able to find the problem.
Not sure if this is a virus or some kind of hardware problem.
Thanks, as always, for your generous help.
Larry
 

Answer:Continual reboot

16 more replies
Relevance 63.14%
Question: Continual Reboot

I am loading Windows XP and start out with boot CD and it checks system and starts loading. I press F6 to load driver for Sata hard drive and I have made the needed floppy and it loads it and then it formats hard drive and then it says it needs to reboot compter to finish It states that this portion of Setup has completed successfully then it tells to take floppy out then it has a count down to reboot. When it reboots it just goes to the opening screen of A8V deluxe Asus MB and then it shows the Serial ATA Raid Bios setting and scan devices and the serial Ch0 Master : WD2000JD and Serial Ch1 Master : No Device and then it just reboots and does the same thing. Does anyone know what would cause this or how to get it past this? Thank you
 

Answer:Continual Reboot

10 more replies
Relevance 63.14%
Question: Continual reboot..

i downloaded latest itunes and rebooted as required and then discovered the 'black screen' with safe mode/start normally etc....tried most options but the 30 seconds elapses and goes on a loop round and round.is this very bad news ? any ideas would be very welcome.

Answer:Continual reboot..

Here's what Microsoft says:http://support.microsoft.com/?scid=kb;en-us;314503Here is some more info:http://www.google.com/search?hl=en&q=black+screen+xp<---------------

1 more replies
Relevance 63.14%

I am working on a friends Dell computer and it continually restarts after the welcome page comes up. I tried to do an XP repair with the disc, but I never got the repair option. After consulting with my buddy, I did a fresh install of XP. Everything was working fine until I installed SP2 and did all the updates that went along with it. The SP2 installed fine and after the reboot I downloaded the ensuing updates to go along with SP2, but only the high priority (I hadn't even messed with the optional ones). After it promped me to restart I did, the perprtual reboot problem started again. I had an extra memory stick I swapped out with the installed memory to rule out a bad stick but no change. I can't boot in safe mode but I can get to the Setup (BIOS) page. It has a PCI ethernet card that I removed to rule out a bad PCI card and again no change. Any thoughts or ideas would be greatly appreciated!

Answer:XP continual reboot

What was the original problem you were trying to fix ?
If the unit just started rebooting & that is what you were fixing open the case & see if the heatsink/fan on the CPU are dirty & clogged,
Overheating will cause rebooting.

If that wasn't the case3 see below.

Reinstall following the directions.
As soon as you get a working desktop install ALL of the correct drivers .

Turn the unit on and put the XP disk in the drive.
Leave the disk in the drive and restart the unit,
Watch the screen for a message that says "Press any key to boot from CD,
Press a key on the keyboard,
Wait while it goes through starting from the disk,
[You may have to press F8 during startup to accept the EULA]
When you get to the screen with the box that shows the current version of XP installed press "D" on the keyboard,
Press "Enter"
Press "L"
You now should have a screen asking what file system you want to format to, NTFS should be selected by default,
Press enter,
The disk will be formatted and the installation will automatically begin when the format is finished,
During the installation the computer will restart DO NOT press a key to boot from the CD again !
At that point the unit will boot from the hard drive and continue the installation.
After awhile you will be asked to "name" your computer,
I suggest naming it the same as the main user ID
[Example, I have an XP unit named "testbox" the user name is also "testbox... Read more

11 more replies
Relevance 63.14%
Question: Continual reboot

Hi all my brothers PC keeps on rebooting its self, to counter this i then turned of the automatic restart if system failure function. After turning the computer back on and loging on to his account I got tis error message c:\windows\system32\relakiva.dll, after a bit of rsearch i understand this to be a trojan virus of some sort, I have very limited knowledge on this subject and am finding it very difficult to gather information on what to do next, please can someone shed some light onto this problem.

I have included a HJT log below:

Thanks all for your help!
Ethan

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:16:47, on 01/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files... Read more

Answer:Continual reboot

7 more replies
Relevance 63.14%

I have a continual reboot on one of my XP machines. I think it may have the new worm that came out recently. My question is since the machine cannot boot up how do i start the fix process. What do i do to get in and run a fix. This is a low use computer and just had the printer hooked to it for printing, faxing, and some internet work. I thought maybe there was a dormant sasser on their because occasionaly a new spyware popped up after several cleanings, but it looks like the xp virus w32 ircbot worm ms05 039 had a dormant downloader in there somewhere.

Low use machine

Free antivirus softwear (the one with the blue ball and an A on it)

mirosoft antispyware run daily,

Antivirus ran daily

Happened last night

Thank you

Pat

I have no access because of rebooting and XP came on the machine locally i am not sure but i think i had no xp disk given to me with the machine.
 

Answer:XP Continual Reboot

Hi, If you are connected through a router to other computers try removing it from any network shares and then physically remove it from the router and try starting up. There is a fix for the shutdown issue> but you have to be able to get to Start>Run in just seconds to type this:

Start>Run> type in this: cmd.exe
You have to know the name of the computer, here is how to find out:

Control Panel> click on System, when the window comes up, click on "Computer Name" and in the Description box, you see the name of the computer....

You might have time in one boot to get the name, and then do this in another session>

What the command line is up, type in this, right next to the C:>\Documents and Settings\Your accountname>
shutdown.exe -a

And hit Enter. Keep trying.

It is supposed to delay the reboot to give you time enough to run the Sasser removal tool. You can put the removal tool on a disk and copy it over to the desktop, run it from there.
If it is Sasser, the removal tool is here:

http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html

It is small, only 148kb, fits on floppy diskette if the computer has a floppy disk drive....just copy and paste the file from disk to desktop and run it.

It will tell you if Sasser was on there or not.

Another small antivirus tool is called Stinger by McAfee, also will fit on floppy diskette, also copy it to the desktop and run it> http://vil.nai.com/vil/stinger/
T... Read more

1 more replies
Relevance 62.32%

My pc is in a continual reboot loop. I have windows xp home edition. Is there a program I can download to make a rebootable cd that will fix this problem? I was told to just reformat my hard drive but I don't want to lose all of my files.
Thanks
mjt
 

Answer:continual reboot problems

how far does it get before it reboots?
 

21 more replies
Relevance 62.32%

My computer is in a loop of continual reboot. I have windows xp home edition. Is there an available cd boot disk I can download to repair the problem. I was told to just reformat my hard drive and thus loose all of my personal files.
thanks for your help
mjt
 

Answer:continual reboot problems

hey try to boot to safemode by pressing F8 while system is booting and choosing safemode. If you are able to boot to safe mode, then go to system properties, by right clicking on my computer and clicking on properties, then go to advanced, then click on settings button in "startup and recovery" section.
then uncheck automatic restart and click ok. Restart and you should see blue screen with error code, you may search on the net for the error code and you will get solution. Hope this helps.
 

1 more replies
Relevance 62.32%

hello folks i have the above problem which developed lately prior to that my anti virus reported a virus problem but could not delete the file, shortly after i got this continual rebooting, i am unable to get into the pc at all even in safe mode it gets as far as loading windows icons then reboots and restarts.is a reinstall my only solution? or is there another solution?

Answer:XP Continual Reboot Loop

have you installed SP3 lately?can you remember the name of the virus?

3 more replies
Relevance 62.32%

My PC reboots auto after boot process. It almost gets to the part where it load the OS (XP). Reboots same place everytime and cant figure out how to fix. Iv checked the OS by doing a windows xp repair which gave nill results to this matter. Was having troubles with OS couple of days ago having the nvatabus.sys mysteriously disappear, so had to place that file in the system32 drivers folder. Then not long after that occurance the system said my kernal was stuffed basiclly, so i re-installed windows xp. Thenw as working fine now wont boot at all into windows just as i said reboots before loding OS. NEED HELP PLEASE.

Answer:Continual System Reboot

If you are having files disappearing you could have a virus on the HD. What I would do is zero fill the drive. This will wipe any data from the drive. The reinstall the OS. If you still continue to have a problem, this may be a hardware related issue. You might want to have the components checked out. Normally a computer rebooting is a heat related or bad memory problem.

5 more replies
Relevance 61.5%

Had blue screen of death moment with error code but system rebooted before I had time to do anything. Stuck in a continual reboot loop ever since.System reboots shortly after BIOS but before XP splash screen. Using F8 I can access the Win Adv Options Menu but trying to reboot in Safe Mode or Last Known Good Config has no effect. Also, selecting the Disable Auto Restart on Sys Failure makes no difference.I should add that I already have Win Recovery Console installed from a previous unrelated incident about 12 months ago but selecting this option as opposed to trying to boot with XP also makes no difference as the system simply goes back to the reboot loop.I have been into BIOS to reorder the boot sequence to force the system to start from the XP CD and to try and access the Recovery Console from there but after starting, all I see is a black screen and nothing happens.No unusual noises coming from HDD, all dust cleaned from unit, all connections checked, memory sticks removed and cleaned, all unnecessary hardware disconnected - just monitor and keyboard left. No luck.I am desperate to access my files and my only other thought was to remove internal HDD and connect to my laptop with HD enclosure and USB connection to see if my files are there.Would be grateful for any further guidance with this.TIACal.

Answer:Win XP - Stuck in continual reboot loop

Driver Problem, Start in Safe Mode, by tapping F5 as computer is starting. in safe Mode go to Start\Run type MSCONFIG press enter on the startup tab make a note if you can of all box's with a tick, Write them down go back to General Tab Tick Diagnostic start box then try restart you computer normal. if ishuts down and starts ok look at the list at tick one box at a time restart comp until you find the problem. After each restart you will need to tick the little box bottom left on the box that pops up. See how it goes

10 more replies
Relevance 61.5%

Hi I hope someone can help me with this.The PC is pentium 3 300 mhz with Creative CT4810 sound card, Voodoo3 graphics card, 64mb ram, 4 ghz drive, and cdrw. OS = windows 98. power supply 300watt.The problem - continual cyclic reboot after start up.tried so far - format hard drive and re-install everything.Check for duplicated hardware entries in device manager.remove and re-plug voodoo3 card.I have no ide what to try next but soemthing tels me that it maybe the graphics card.can anyone please help ?thanksMike

Answer:I have a continual reboot problem on windows 98

Can you tell me what a 4 ghz drive is??? and where you bought it as i would like one.. Also what is in your startup folder?? Lastly when did this start to happen?? Was it after you downloaded something or installed something? If yes what was it..

5 more replies
Relevance 61.5%

I downloaded 13 updates of which 3 were for Windows 7 and 10 were for various Office components. There were also 3 Net Framework (?) updates which I also downloaded. The usual "Reboot" statement appeared and I clicked to allow the system to do so. As normal the message appeared "Do not switch off your computer" etc. and I left it to do its own thing. The system duly began its reboot process and the message came up "Please wait system initialising". I have never seen this one before and as I waited the system switched off and started rebooting again. This happened three times.Fortunately I had a back-up (made two days previously) which I used and I was back in business. Once again I was advised that backups were available for download but this time I download only the Win 7 ones, rebooted and the same thing happened again. Unhappily I never kept a note of the reference numbers but I will when next I am advised.Therefore the question is is there a problem with my system or is there a dodgy update in the mix? I'll get back with the numbers if needed.

Answer:Continual Reboot after Update Download

I think there is a problem. One of our Virtual Office employees was having the same problem after the last update. Her solution was the same to boot to last known good configuration. Looks like Black Tuesday strikes again. I just tried it on my personal laptop and it did ok, granted I am running Windows 7 Home on my personal. Not sure what the problem is yet.

5 more replies
Relevance 61.5%

Upon a continuous reboot I get the following error:

*** STOP: 0x000000051 (0x0000000,0xE13E586 ... (couldn't get the rest, but it changes every time...))
REGISTRY ERROR

Beginning dump of physical memory.
Physical memory dump complete. Contact you system administrator or
technical support group.

The BSOD comes up after the Win2000 splash screen, and lasts for about a third of a second. After that the computer reboots. I've tried safe mode, debugging mode, c prompt, etc. I always reboots with the same BSOD.

I know this an older machine, but it belongs to a friend and he really needs to have it working.

Thanks for any info you can provide!
 

Answer:Continual blue screen reboot

sounds like your windows registry is trashed try runing a chkdsk / scandisk if that fails you may need to reinstall windows
 

2 more replies
Relevance 61.09%

Ok, so last night I was browsing the internet and a certain page caused Microsoft Security Essentials to give me a notification that it detected something and cleaned it. I opened MSE and checked the "All-detected items" under the history tab and found that it removed something called Sirefef.P. Since then, i've removed it from the history, but i'm pretty sure it was in the C:/Users/Owner/AppData/Local/Temp folder and it was an .exe file with a lot of numbers in it. I'm not sure if this is typical but there were no buttons to click on when MSE gave me that message in the corner of the screen. Just an X to close it. Sorry I don't have a screenshot of it but it must have been a real MSE one since the detected file was in the history tab. A couple of Java processes ran when I opened the page where it was detected, that made me think that there was something wrong with it so I uninstalled Java and installed the latest versions. I also ran MBAM and it didn't detect anything. I've also used CCleaner to clear Temporary Files and just about everything else that I could with it.

By the way, I didn't notice anything unusual during all of this, and the computer hasn't rebooted on its own or anything. I did get a message about updating Adobe Reader at some point, which I did, but I assume it's unrelated because the Java Platform SE Auto Updater was re-enabled in the msconfig Startup tab, because I re-installed Java. Is that what caused the u... Read more

Answer:Sirefef.P and possibly others

Combofix logs are not allowed here

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

2 more replies
Relevance 61.09%

I was instructed to remove my antivirus software and reinstall it by avast. They said to run their tool in safe mode. Try to start computer in safe mode and it gets just so far and reboots. Look for help and it is suggested I set MSConfig to boot as safemode/minimal. Do that and restart. Endlessly restarts - safe mode will not load, it just gets so far and then reboot.

My computer will not start now at all. Can not get a command prompt, safe mode, and could not do a restore for some unknown reason.

How can I reset my computer so it will start normally?

Can I reset msconfig in some other way? is there something I can do starting from the windows 7 disk?

Please explain yourselves well - I am a computer user and not a programmer. Probably how I got here in the first place...

Thanks for any help!

Answer:safemode continual reboot - never start - set in msconfig

Does F8 take you to the Advanced Boot Options screen. If so, select Repair your computer, then Restore your computer. Restore it to a date/time before you made the changes.

4 more replies
Relevance 61.09%

Hi, I have a t400 installed with both win7 and ubuntu 11.04. The system suffers from continual reboot, basically when I shutdown the machine, it automatically and forcibly get rebooted. I have followed some instructions on the web, and there is a device driver missing, which is PCI simple communication controller. I have tried download AMT package, which does not work for me. It gets stucked in a terminal saying that I need insert TN33, which I dont have. My t400 type is 7417. Any comments are appreciated.

Answer:continual reboot and device driver missing

hey tristartom,continuous reboot occured after installing ubuntu yes ? could you remove ubuntu and have your unit on a mono-boot with windows and see if the same error occurs.if it doesn't happen, then i suggest heading to Ubuntu forums or the Linux thread in this forum and check with other linux users if they have experience this same issue as you.





WW Social MediaImportant Note: If you need help, post your question in the forum, and include your system type, model number and OS. Do not post your serial number.Did someone help you today? Press the star on the left to thank them with a Kudo!If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"! Follow @LenovoForums on Twitter!Have you checked out the Community Knowledgebase yet?!How to send a private message? --> Check out this article.

1 more replies
Relevance 61.09%

Built my new Windows 7 computer, however right from the start I was having problems with my GeForce card (9600 GT). This was the only "borrowed" hardware I used in my new computer and I was not really happy about re-using this card because it was giving me problems in my old computer (freeze-ups and reboots when trying to run graphics intensive programs).

I finished building the computer last Monday and by Thursday the display problems were really getting out of hand. I would get all kinds of "Display driver NVIDIA Windows kernel mode driver, version 191.07 stopped responding" messages along with freeze-ups, reboots and BSODs.

Long story short, believing it to be the video card I ordered a new Radeon 5850, which was fortunate because later that evening it "broke."

What I mean is that it froze up and when I rebooted it posted the BIOS and then simply hung (with no error messages) when it tried to start loading Windows 7.

I tried booting from my Windows 7 install/setup DVD, but it would load files and then simply reboot. When I tried again from the DVD it either hung up or simply rebooted.

What eventually happened was that it was enter a (seemingly nonstop) boot, post BIOS, start loading Windows and then reboot (by itself) loop.

So I shut it down and waited for the new card.

Well, it arrived today, I installed it and turned the compute on and...

...same thing continued to happen.

I once even was able to get the Windows safe mode menu and t... Read more

Answer:Help! Windows 7 stuck in continual reboot loop

What power supply is in this rig may I ask?
 

6 more replies
Relevance 60.27%

Referred from here: http://www.bleepingcomputer.com/forums/topic462175.html ~ OBI am running Windows Vista with Microsoft Security Essentials when i first encountered the problem. The virus shutdown MSE and the Microsoft update center, my firewall, etc. I downloaded MBAM, ran the scan, and it caught some files. Disinfected them, rebooted, rescanned, and files appeared again. (while running in safe mode with networking from the point after being infected). I followed the instructions here: http://www.bleepingcomputer.com/virus-removal/remove-security-shield first because this is where I believe all the problems began (that is after my wife clicking on an embedded link within FB). Upon completing the entire process, I noticed I still had the sirefef trojan, sirefef virus, and rootkit 0 access as I was running MSE and MBAM right before getting the "windows (Vista) encountered a critical error and will restart" loop. I have already downloaded frst.exe and ran it thru the usb drive connected to the infected cpu. I do not know what to do from this point on to get my cpu back to "healthy" and virus free status again ??????Running Vista 32 bit

Answer:Security SHield 2012, sirefef trojan, sirefef virus, and rootkit 0 access TROUBLE!

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

58 more replies
Relevance 60.27%

Hi all, a friend pointed me in the direction of this site after borrowing my computer and (evidently) getting it infected with all sorts of wonderful crap.
So here's the situation: I appear, according to NOD32 (and my computer's poor performance) to be infected with something called Conedex and Sirefef (the exact names I can't remember and can't access NOD32 in safe mode; can't do crap out of safe mode) and one of the main infected files that NOD32 can't remove (but detects every 5 minutes) is services.exe (again, can't recall exact path, think it's in System32).

Attach.txt has been attached. Per the prep guide, I did not run GMER since I have an x64 OS. Please help?

Answer:Conedex, Sirefef, possibly others

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the t... Read more

10 more replies
Relevance 60.27%

About a week ago I started getting problems with search results redirecting to clickfraud sites, albiet usually only once before allowing me to access the desired website. I ran some scans to try and get rid of whatever virus might be causing the problem (seeing how I've had issues with this before) but nothing showed up until yesterday when Microsoft Security Essentials caught and supposedly removed Sirefef!cfg. My search results didn't immediately start showing up clean, however, even after a restart. I ran yorkyt.exe (which I understand is the dedicated tool for removing Sirefef), and it reported that it had cleared it off my system - however, I still had intermittent search redirects and running the tool again produced exactly the same effects. Nonetheless, my Google results are coming up clean at the moment, and MSSE, MalwareBytes and TDSSKiller are all showing clean results, so I don't know if there might still be a problem.

I am on Windows 7 64-bit edition. I've been using Firefox for my browsing, and it never occured to me to run IE to see if there was a difference.

Edit: Just had a search redirect on me thirty seconds ago.

Answer:Possibly infected with Sirefef!cfg

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

13 more replies
Relevance 60.27%

Hi all, I'm having some problems. First off, system specs:

Asus A7N8X-E MB
AMD Athlon XP 2400 +
1.5 GB Kingston 184-Pin DIMM (PC3200) (3 524mb chips)
Antec 480 True Blue PS
ATI Radeon 9600 256mb DDR Video Card
Western Digital 250 GB HD
Sony CR-R/RW drive - #CRX22SE
Pioneer DVD R/RW - #DVR-A08XLA

Windows XP Home

Okay, the problems started like this. One day, after a power outage (I do use surge protectors on all incoming cables/power), windows rebooted, and continued to reboot. It would reach the windows loading screen with the bar moving across the bottom, and then just start over. I put in the windows CD, and using repair console, used chkdsk /p which fixed the problem, and windows restarted normally. Since then, any time I have had the computer turned off for any period of time, or when there is a power outage, upon booting up, the computer has experienced the same problem.

Recently, I started having another problem, which I assumed was unrelated. ASUSprobe's temperature monitor started telling me that the Power Fan was below threshhold. I checked the fans in the power supply, and the CPU fan, and everything seemed to be working properly. I checked to make sure the connector from the power supply to the motherboard which allows monitoring was properly attached, and it was. I opened up the case and used an air duster to clean the fan (we do have cats, and sometimes a bit of cat hair will get pulled into the case). Everything seemed to b... Read more

Answer:Continual Reboot after Power Loss, Now Won't Enter Setup

Following a lead I found in this thread, I tried creating a boot disk with NTLDR, ntdetect.com, and boot.ini on it, from one of my other WinXp computers.

Using a Win98 Startup disk, I copied the files using DOS to the C:drive as directed on this site. Upon reboot, I still got the message that NTLDR was missing.
 

7 more replies
Relevance 59.86%

Hello, first time on here looking for some help, definitely out of my league with these issues. First issue was extreme slow downs to the point of inability for every action tried when starting windows normally. I was eventually able to boot up in safe mode and tried Malwarebytes, but an error repeatedly came up that vbalgrid could not be found, even after a new installation and trying the chameleon application. Other programs like Google Chrome and CCleaner were also not able to run. I tried system restore from safe mode, but received an error that system restore could not be completed because (I forget the exact wording) the shadow could not be found. I restarted, but this started a boot loop, and it only stopped after a few tries at the startup repair function on the F8 bootup menu and I was finally able to use the system restore point. I tried to uninstall Trendmicro since it was outdated anyway, and I downloaded Avast in safe mode with networking and ran a full scan which found several things, including the Win32Sirefef-fq and -ho. Avast then did a boot scan which found more instances of rootkits, but when it finished, it entered the boot loop again and I had to repeat all the startup repair steps to get the pc to restore and finally run again, and lost all the changes that Avast made.

So I followed the preparation guide as best I could, I'm not sure if the firewall step worked though as I received a "Due to an unidentified problem, windows cannot displa... Read more

Answer:Win32:sirefef-fq problems and possibly more?

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At t... Read more

21 more replies
Relevance 59.04%

Greetings...Got hit with the Sirefef Trojans(A, B, AB, P is all I remember)

I cannot open up the following items:
Windows Update
Windows Firewall

I originally had MSE installed on my computer, but the Trojan must have removed it as I clicked on the MSE Icon(Start Menu) and it could not find it. I re-installed it, found most of the Sirefef Trojans and removed some of them which caused the infinite restart loop. I then uninstalled MSE, installed spyhunter and it could not find the sirefef trojans.

I do notice also the Adobe Flash Player 11_3 Crashes alot and I was getting redirected on google searches.

Since I uninstalled MSE, I have not had any issues with sirefef symptoms. I'm willing to bet its not gone though

Here is the DDS Log, I have Windows 7 Home 64-Bit.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by DIM at 20:19:50 on 2012-07-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8187.6515 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\E... Read more

Answer:Possibly infected with Sirefef Trojam family

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

18 more replies
Relevance 59.04%

no noticeable symptoms, eset has picked up on them. i dont know why but my .iso files are being all infected, unless they already were and they are just false positives.

9/02/2012 10:26:05 AM Real-time file system protection file C:\Windows\assembly\temp\U\80000032.$ probably a variant of Win32/Olmarik.AVQ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\System32\svchost.exe.
9/02/2012 10:25:28 AM Startup scanner file Operating memory ? C:\Windows\assembly\GAC_32\Desktop.ini a variant of Win32/Sirefef.DN trojan cleaned by deleting (after the next restart) Vincent\Vince

these 2 keep coming up, i dont know how to remove them. they are being scanned by eset nod32. any and all help will be appreciated.

Answer:Sirefef and Olmarik, possibly from some msil injector

Please follow the instructions in ==>Malware Removal and Log Section Preparation Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Once you have created the new topic, please reply back here with a link to the new topic.Most importantly please be patient till you get a reply to your topic.

4 more replies
Relevance 59.04%

nothing has actually happened so far aside from eset constantly updating.

9/02/2012 2:57:42 AM Real-time file system protection file C:\Windows\assembly\temp\U\80000032.$ probably a variant of Win32/Olmarik.AVQ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\System32\svchost.exe.

9/02/2012 2:40:49 AM Startup scanner file Operating memory ? C:\Windows\assembly\GAC_32\Desktop.ini a variant of Win32/Sirefef.DN trojan cleaned by deleting (after the next restart) Vincent\Vince

i deleted what may have possibly been the cause (a game torrent, but searching through the comments, nobody else has been affected. or they arent aware)

any and all help will be appreciated.

Answer:Sirefef and Olmarik, possibly from some msil injector

Please follow the instructions in ==>Malware Removal and Log Section Preparation Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Once you have created the new topic, please reply back here with a link to the new topic.Most importantly please be patient till you get a reply to your topic.

2 more replies
Relevance 59.04%

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Answer:Sirefef and Olmarik, possibly from some msil injector

ComboFix 12-02-10.01 - Vince 10/02/2012 23:41:48.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.6135.4680 [GMT 11:00]
Running from: c:\users\Vince\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Vince\AppData\Local\._Revolution_
c:\users\Vince\AppData\Local\._Revolution_\._2e560bb3002b000000032367000000005e92903c86e5058d003af8fdf1ba6dc5_000012e0.pid
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\isRS-000.tmp
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2012-01-10 to 2012-02-10 )))))))))))))))))))))))))))))))
.
.
2012-02-10 12:48 . 2012-02-10 12:48 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-02-10 12:48 . 2012-02-10 12:48 -------- d-----w- c:\users\Default\AppData\Local... Read more

77 more replies
Relevance 56.99%

Before anything, thank you for your help.

I have a net-book that is infected with variants of sirefef as reported by MSE. Upon power-up, the computer loads, and reboots in a loop every 60 seconds or so. When I log in, I can get very little done (as in running utilities) before the system has a critical error and reboots.

I tried to complete the README. Installed ccleaner. (system rebooted) Ran CCLeaner, system rebooted before the scan could complete.

Downloaded (RougeKiller, Malwarebytes, Hitman Pro, and MG tools) from a working computer, moved to usb drive, copied to correct locations on infected pc. (working between reboots)

Ran RougeKiller: System rebooted during scan, no log.
Ran MalwareBytes: System rebooted during scan, just after I was able to get scan to start, no log.
Ran HitMan Pro: System rebooted during scan, no log.

Ran MGtools: this is the only one that produced a log. I don't know if the program finished, the cmd window did not close and did not have a "completed" message when the computer rebooted. (I did make the mistake of running this twice (after a reboot), contrary to the instructions. I have included both logs as a precaution. Log Attached

Thank you again for your help,
Greg
 

Answer:sirefef and 60 second reboot

As soon as you boot into windows, open a command prompt and type in:
shutdown /a

Now see if you can run the scans.
 

11 more replies
Relevance 56.99%

Help, my computer automatiquely reboot after 1 minute.
MSSE say sirefef infection

here the FRST.TXT file.

Thanks

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-07-2012 01
Ran by W7 at 23-07-2012 09:11:53
Running from C:\
Service Pack 1 (X86) OS Language: French Standard
Attention: Could not load system hive.Erreur?: Le processus ne peut pas acc?der au fichier car ce fichier est utilis? par un autre processus.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.
============ One Month Created Files and Folders ==============

2012-07-23 09:35 - 2012-07-23 09:11 - 00000000 ____D C:\FRST
2012-07-23 09:12 - 2012-07-23 09:12 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\yyhuknpj.sys
2012-07-23 09:08 - 2012-07-23 09:08 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\guwslplh.sys
2012-07-23 08:24 - 2012-07-23 08:24 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2012-07-23 08:19 - 2012-07-23 08:36 - 00000000 ____D C:\Windows\erdnt
2012-07-22 23:32 - 2012-07-22 23:32 - 00892164 ____A (Farbar) C:\FRST.exe
2012-07-22 23:05 - 2012-07-23 08:36 - 00000000 ___SD C:\32788R22FWJFW
2012-07-22 23:03 - 2012-07-23 08:36 - 00000000 ____D C:\Qoobox
2012-07-22 23:02 - 2012-07-22 23:02 - 04582474 ____R (Swearware) C:\Users\W7\Desktop\z.exe
2012-07-22 21:22 ... Read more

Answer:HELP Sirefef reboot

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.FRST needs to be run from the Recovery environmentplease follow these directionsdownload Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer... Read more

2 more replies
Relevance 56.99%

Windows Vista 32 bit on a dell computer, we got this nasty virus that kept telling us that windows will restart in 60 seconds, making it very hard to stop.

we rebooted in safe mode and even in safe made it still rebooted after a short time with networking or without. Even the command line safe mode got this message, and no amount of shutdown -a would stop it.

By perusing your excellent forums, we were able to restore to a sysstem snapshot from the top thing in safe mode F8 and get rid of the reboot, and we got some files off with malware bytes, but then the virus attacked and disabled malware bytes.

Because we think this may be a java exploit, we killed all the jre, and the computer runs ok, but we would really like to clean it up.

Attached are dds logs and gmer logs.

Answer:sirefef ac ag reboot

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopIMPORTANT....1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Do not install any other programs until this if fixed.How to : Disable Anti-virus and Firewall...http://www.bleepingcomputer.com/forums/topic114351.htmlDouble click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt Note:Do not mouse click ComboFix's window while it's running. That may cause it to stallNote: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.htmlNote: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.===Third party programs if not up to date can be the ca... Read more

5 more replies
Relevance 56.17%

Hi! Had good results with this forum; back again!Working on my nephew's computer, I noticed Google searches were being redirected. Microsoft didn't catch the initial problem so I ran Malwarebytes and Eset Online scanner which found and clean some problems. Rebooted. Microsoft Security Essentials found Sirefef trojan, cleaned and rebooted. Now every I boot the computer it says it will "restart automatically in one minute" (both safe and normal mode)OS is VistaAV is MSEAdvanced Boot options does NOT give me "Repair you computer" optionI do not have the Windows installation disk, although it might be possible to find with a lot of hunting.Please help!(As an aside, the reason I went to my nephew's computer was to check on the router... On my laptop my Symantec Endpoint Protection was giving me popups that it a "port scan attack is logged" coming from the router. Since it was being blocked I figured I would use the other computer to view router's admin page.)

Answer:Sirefef (one minute reboot)

Update:
I booted to safe mode and brought up the task manager with a CTRL-ALT-DEL at the first opportunity. I used the processes tab to locate the MSI process and ended it. This allowed me to run DDS and GMER to get the following logs.

Awaiting help,
Thanks!

.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by COREY at 20:04:59 on 2012-08-12
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2047.1652 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.... Read more

33 more replies
Relevance 56.17%

Hi all, i'm new to the community here so that's my first post unfortunatelly. Well the problem started with windows firewall being disabled and i was getting and error. So i decided to install mse when the reboots started... Is there a "fast" solution? my system is w7 x64 and i have bitdefender security center..

Any help you could provide would be appreciated a great deal.

Thanks in advance.

Apostolis

Answer:Sirefef.y infection and reboot every 60 sec

Doing a little research i found what has to be done with Farbar so i did that and i will post the log file.

Scan result of Farbar Recovery Scan Tool Version: 17-06-2012 04
Ran by SYSTEM at 18-06-2012 13:50:46
Running from G:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [BDAgent] "C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe" [1067256 2012-04-01] (Bitdefender)
HKLM\...\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [310272 2010-07-29] (Saitek)
HKLM\...\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [158208 2010-07-29] (Saitek)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [WindowsLiveDeviceIntegrator] C:\Program Files (x86)\Windows Live\Device Integrator\wldi.e... Read more

14 more replies
Relevance 56.17%

Please run the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

Answer:Win64/Sirefef.y sirefef.w sirefef.b present. Laptop keeps rebooting every 1 minute. Firewall cannot turn on

Hi,

Thanks for the reply.

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 29-07-2012 11:19:09
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL "" [1111568 2011-10-08] (Trend Micro Inc.)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2589992 2011-04-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [617120 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [197152 2011-02-10] (Trend Micro Inc.)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\A... Read more

20 more replies
Relevance 55.76%

Got another one for you... Can't stay logged into windows because of a critical error, and rebooting 1 minute later.Here is my frst.txt content...Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01Ran by SYSTEM at 27-07-2012 20:21:28Running from I:\Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001========================== Registry (Whitelisted) =============HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16333856 2009-07-14] (NVIDIA Corporation)HKLM\...\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [190472 2009-09-16] (Logitech Inc.)HKLM\...\Run: [EKAIO2StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe [3240448 2011-12-10] (Eastman Kodak Company)HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)HKLM-x32\...\Run: [ABNotify] C:\Program Fi... Read more

Answer:Another Sirefef Infection/1 minute reboot

Please do the following:Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt start
1 evrhwdch; \??\C:\Windows\system32\drivers\evrhwdch.sys [x]
2012-07-27 17:17 - 2012-07-27 17:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2243DA0DB5B173E7
2012-07-27 17:17 - 2012-07-27 17:17 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wwogfass.sys
2012-07-27 15:35 - 2012-07-27 15:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2BADF4F3E3ADF4FB
2012-07-27 15:20 - 2012-07-27 15:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3BADF02DBC08DE8D
2012-07-23 11:00 - 2012-07-23 11:00 - 00311296 ____A C:\Users\Courtney_2\AppData\Local\plogolc.exe
C:\Windows\Installer\{4935c656-a5da-c5b8-8fc3-b9e67597a38b}
C:\Users\Courtney_2\AppData\Local\{4935c656-a5da-c5b8-8fc3-b9e67597a38b}
replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
... Read more

13 more replies
Relevance 55.76%

OS - Windows 7 32-bitI have obtained the Sirefef trojan on my laptop and would like assistance in getting rid of it.My situation is very similar to the one found in this topic.I am afraid to use the Internet on my infected laptop, so I hope to use a USB flash drive to solve the problem (as in the above topic).Let's tackle this problem together! You guys are great at what you do, and I admire your expertise. I'm ready to follow your lead!Thanks,Stratego

Answer:Sirefef Trojan ||| Reboot Loop

I do not have access to the System Recovery Options because I have misplaced my Windows 7 installation disc.

However, I still managed to use Farbar Recovery Scan Tool, although it was not in a recovery environment.
I think I should be okay.

The following is my FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 15-08-2012
Ran by Zack at 15-08-2012 16:40:14
Running from F:\
Service Pack 1 (X86) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.
============ One Month Created Files and Folders ==============

2012-08-15 16:31 - 2012-08-15 16:40 - 00000000 ____D C:\FRST
2012-08-15 14:31 - 2012-08-15 16:04 - 00000914 ____A C:\Windows\PFRO.log
2012-08-15 14:14 - 2012-08-15 14:14 - 00000000 ____D C:\Users\All Users\ESET
2012-08-15 14:08 - 2012-08-15 14:14 - 00000000 ____D C:\Program Files\ESET
2012-08-15 03:06 - 2012-08-15 16:37 - 00001512 ____A C:\Windows\setupact.log
2012-08-15 03:06 - 2012-08-15 03:06 - 00000000 ____A C:\Windows\setuperr.log
2012-08-14 21:18 - 2012-08-14 21:18 - 00000000 ____D C:\Windows\System32\%APPDATA%
2012-08-09 18:10 - 2012-08-09 18:10 - 00098304 ____A (Sony DADC Austria AG.) C:\Windows\System32\CmdLineExt.dll
2012-08-07 23:20 ... Read more

9 more replies
Relevance 55.76%

I am having the same trouble as many others. Can't do anything cause computer restarts every minute. Here are my FRST logs. Thank you in advance for the help.

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 25-07-2012 13:18:19
Running from F:\
Windows 7 Professional (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-09-08] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [174104 2009-09-08] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [151064 2009-09-08] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [7739936 2009-09-16] (Realtek Semiconductor)
HKLM\...\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" [159456 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM\...&#... Read more

Answer:Sirefef Infection/1 minute reboot

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

5 more replies
Relevance 54.94%

Hello,

i post my problem here as it seems the only place where i've found people who actually know what they're talking about. I have a Sony Vaio Laptop running windows 7 64 bit infected with the sirefef virus. Microsoft security essentials shows that it found:

Trojan: Win64/Sirefef
Trojan: Win64/Sirefef.Y
Virus: Win64/Sirefef.B
Trojan: Win64/Sirefef.Z
Trojan: Win64/Sirefef.W

Every time i boot the computer, MSE finds these infections, and prompts me after a minute to restart in order to complete the removal. But every time it reboots, the message is still there. I tried installing Malwarebytes but it won't let me cause it says "access denied" or something like that. Sorry for not providing any more information but i can use my pc for a couple of minutes every time (cause it reboots automatically). I followed your instructions and scanned with DDS. I attach the attach.txt file it generated. I look forward to hearing from you as i really need the laptop for my university studies and i'm in the middle of the exams period. Thank you for your time!

P.S. If i restore my whole system to factory settings, is the problem going to persist? Cause if it's not, i will do it in a heartbeat. Only problem is that i am afraid of infecting my external hard drive (which would be already infected if the virus spreads to external devices). Would that be the case? Will i need to clean my external HDD too?

Answer:Win64/Sirefef.y sirefef.w sirefef.b present. Laptop keeps rebooting every 1 minute

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed. Download Farbar Recovery Scan Tool x64 and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an... Read more

2 more replies
Relevance 54.94%

Hello,

I have a Windows 7 Home Premium 64-bit laptop which is infected with the Win32/sirefef.ah trojan. As soon as the Microsoft Security Essentials launces it causes the system to give this error: WINDOWS HAS ENCOUNTERED A CRITICAL PROBLEM AND WILL RESTART AUTOMATICALLY IN ONE MINUTE and then reboots. This happens a regular boot and in safe mode. MSE cannot be uninstalled either. I've read other threads and would like to know when program needs to be run first so i may supply the log files. Your help is apprecaited.

thank you,
-kA

Answer:win32/sirefef.ah trojan (causes one minute reboot)

please run the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

4 more replies
Relevance 53.71%

Hi,

I was hit by Live Security Platinum. I managed to uninstall it manually, but then my PC started rebooting after one minute. I solved that with Windows Defender Offline, and cleaned up Sirefef with Malwarebytes. Malwarebytes and MSE says that I'm clean, but I cannot start Windows Firewall or Windows Updates.

I got various error messages when trying to start WF, so I installed ZoneAlarm's firewall. WF is listed in Services, but when I try to start it, it says Windows could not start the Windows Firewall on Local Computer.(Edit: I followed the suggestions from http://social.technet.microsoft.com/Forums/en/w7itprosecurity/thread/5366225a-46e7-4d6c-a389-8bd18a5c3aad and it works now!)

When I try to run Windows Update it says that Windows could not search for new updates with a 80244018 error. But when I try to search from Microsoft Updates it finds 18 updates. However, when I try to install them, they all fail and it says Some updates were not installed with a 80246008 error. (Edit: I stopped the service and renamed Windows\SoftwareDistribution. I am now able to update from MS Updates, but not from sys admin.)

I'm running Win7-64. I'm in the process of moving, so I don't have my Win7 DVD, but I have the files on my backup drive, so maybe I can make a bootable DVD or USB.

I delete old restore points with CCcleaner, but always keep one. But now I don't see any, so maybe Sirefef delete that one, too?

Here is DDS.txt. I wasn't abl... Read more

Answer:Cleaned Sirefef and auto reboot, but can't start firewall and updates

Hi,

I've managed to sort out most of my problems. The remaining Windows Updates problem was actually caused by some old registry entries from when I once joined a domain.

But when I had solved that, I realized that I couldn't start the Security Center from the Action Center. But http://windowsxp.mvps.org/helpsvcfix.htm fixed that.

So now everything SEEMS to work and be clean, but I would be grateful if you could please take a quick look at the log file to see if there's anything.that looks like a leftover from the Trojan.

Thanks!

3 more replies
Relevance 53.71%

I cant reboot my computer without my computer getting to the windows screen and then restarting and going to system restore. I have down MalwareBytes scans and Microsoft Essential Security scans that came up with some trojans. Was told that it was removed but it still happens.

Answer:Everytime I reboot,It doesnt work. Last check sirefef trojan.

Download OTL to your DesktopDouble click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.OTL should now start. Change the following settings
Change Drivers to AllChange Standard Registry to AllUnder File Scans, change File age to 30Under the Custom Scan box paste this in
netsvcs
set /c
/md5start
consrv.dll
UXTHEME.DLL
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
Userinit.exe
Explorer.exe
Winlogon.exe
Regedit.exe
SCLWAPI.dll
/md5stop
%SYSTEMDRIVE%\*.*
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\assembly\tmp\U\*.* /s

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.Please post the contents of the OTL.txt file and attach the Extras.Txt, if any, in your next reply.

24 more replies
Relevance 52.48%

Hi everyone,I've got a persistent issue on my PC. I have had no help from Microsoft, McAfee, Norton, or the following tools which I have tried: LavaSoft's Adware, Spybot, CCleaner, Prevx1, TrojanHunter, or Spyware Doctor. The issue began with odd sites popping up. It escalated with the inability to open any folders without an explorer.exe error, and a lot of viruses showing up in McAfee.I got the machine booted into Safe Mode, ran all of the above tools (including HiJack This), and have gotten the machine to boot again. Unfortunately every time I load IE for any purpose, while Spyware Doctor is catching the infections as they occur, my machine is continually trying to pull down malicious code from www.winantivirus.com, url.cpvfeed.com, 85.17.3.250, etc. They are bunches of random applications, including trojan.downloader.hookcon. I've followed every set of instructions out there I can find. I've deleted every key using HiJack This that appears to be an issue. The PC is still trying to download malicious code every minute or so. Unfortunately I work from this PC and I am a small business owner, so this has created a work stoppage for me. I've pasted my log file for HiJack this, and would appreciate any help anyone can give!!Thank you..DaniLogfile of HijackThis v1.99.1Scan saved at 8:49:27 PM, on 3/16/2007Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT&... Read more

Answer:Continual Problem With Virus, Nothing Is Resolving..

Welcome to the BleepingComputer HijackThis forum mischik Download Avenger from the link below:http://swandog46.geekstogo.com/avenger.zipUnzip/extract it to your desktop.Start up Avenger. Check the 'Input script manually' option.Click the Magnifying Glass icon.In the box that opens,copy and paste ALL the following bold blue text in the Quote box below:Files to delete:C:\WINNT\system32\LFCCHK.dllThen click on 'Done'.Click the Traffic Light icon to start the program.Then press OK at the prompts to reboot your PC.Post the Avenger output.txt, which you can find at C:\Avenger\.txt into your next reply.Also post a new Hijackthis log please.

1 more replies
Relevance 52.48%

My security alert says I have these four viruses and all attempts to clean them using microsoft forefront client security have failed. Besides, the computer shuts down every couple of minutes. Please help, I am frustrated.

Answer:Please help me rid my laptop of win32/sirefef.an, sirefef, sirefef.ao, and sirefef.ag

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

23 more replies
Relevance 52.48%

A few days ago I started having issues with Google redirecting me to random ad websites, as well as Flash Player update popups. I updated my Microsoft Security Essentials, and since then it has been warning me with the presence of the file names in the topic title, and giving me the option to remove them. I select the removal option and everything is fine for a time but then MSE pops up again warning me of the same files. Anything you could do to help me get rid of these is greatly appreciated.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_25
Run by Dave at 14:15:54 on 2012-04-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4031.2141 [GMT 10:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\... Read more

Answer:Infected With Alureon.FP, Sirefef.B, Sirefef.W, Sirefef.AB & Sirefef.J

Download aswMBR ( 511KB ) to your desktop.Double click the aswMBR.exe icon to run itIf you can have an open Internet connection, allow it to download the latest Avast engine detections.If avast! antivirus is already installed, just do the next step.Click the Scan button to start the scanOn completion of the scan, click the save log button, save it to your desktop and post it in your next reply.In addition, aswMBR will produce a copy of the boot sector, MBR.dat, on your desktop. Attach this file to a reply.

3 more replies
Relevance 52.48%

Good morning and thank you for what you do.

On May 6th my laptop was hit with SMART HDD. I went straight to the "Am I Infected" forum, posted the problem and followed the "Remove SmartHDD Uninstall Guide" with the help of a BC Advisor. It seemed ok for a few days and I got most of my icons back.

On May 16th Microsoft Security Essentials popped up a notice saying it wasn't turned on. Absolutely couldn't get it to start without uninstalling and re-installing it. On install it ran a scan and found no threats, but later found & quarantined Trojan:Win32/Sirefef.AG and Trojan:Win32/Sirefef.I At the same time, the Windows Firewall became disabled and would not be turned on. I returned to the forum with my original BC Advisor and ran TDSSkiller and GMER and posted the log report. When I had internet connection MSE would quarantine Trojan:Win32/Sirefef.I and Trojan:Win32/Sirefef.AG at a rate of one every two minutes. The screen also said Recommended Action: Remove this software immediately. Items: file:C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\[email protected] and file:C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\[email protected] I hit "remove all" every time it appeared. BC Advisor responded "That?s a new variant of zero access" "We need advanced tools" and told me to read the preparation guide and post a topic here.

I have followed ... Read more

Answer:Infected: New Variant of Zero Access, Sirefef.AG,Sirefef.I,Sirefef.P

Hi,

Do you have an empty USB flash drive?
We can try an alternative method.

Regards,
Georgi

more replies
Relevance 52.07%

My Windows 7 (32bit) machine is infected with both Sirefef-A(trj) and Sirefef-AO(rtk). I've attached my FRST logs. Any help is greatly appreciated.
 

Answer:Sirefef-A and Sirefef-AO Virus

Welcome to Major Geeks!

You did not run FRST properly!!!!! It must be run from the system recovery environment. You need to run those scans again but this time from the system recovery environment.

Notice the below error message that was in your log



ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.Click to expand...

The below explains the process.

Please do the below so that we can boot to System Recovery Options to run a scan.

For 32-bit (x86) systems download Farbar Recovery Scan Tool and save it to a flash drive.
For 64-bit (x64) systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

On the System Recovery Options menu you will get the following options:



Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command PromptClick to expand...


Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Com... Read more

12 more replies
Relevance 52.07%

Good evening,

Today I had downloaded several suspicious files, resulting in an infection on my computer.

I am running Windows 7 Enterprise on a laptop PC, and I use Google Chrome.

My description of the infection and my attempts to remedy the situation are as follows:

- Redirecting from any and all google search results begins (redirection is towards various advertisement sites).
- Redirection is accompanied with various detections of alleged threats by AVG anti-virus free edition 2011.
- Attempted to remedy the situation by running: AVG anti-virus free edition 2011 (several times), Spybot search & destroy (once).
- Redirecting seemed to had stopped.
- Redirecting continues once every half-hour or so for a few clicks, then stops for a while again.
- In addition, new tabs occasionally open when I click a link from a google search, or open a new tab and try to visit facebook, etc., and the new tab visits a website of a similar nature to the redirections.
- AVG detects infections in varying /system32/ files every 15 minutes or so. I used the "move to vault" option for the first 6 or 7 alerts before suspecting that these were false detections. I've had about 5 more alerts since then, all of which I have ignored.
- I attempted to follow the instructions on atechjourney.com for removing the "google redirect virus", all of which failed to identify any problematic files in the registry.

I await instructions. Thanks for reading.

Steve

Answer:Redirect virus + continual false alerts

Here is my DDS log. Attach.zip is attached.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Boy at 18:27:12 on 2012-03-27
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.2.1033.18.3046.1020 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32�... Read more

26 more replies
Relevance 51.25%

Earlier today, when I was in an adjacent room, my PC (which had been on all day) restarted itself without my assistance. I noticed this when I was watching TV and out of nowhere I heard the little jingle that plays everytime I log onto Windows. I'm not sure if it's related but I have my PC plugged into a UPS Power supply. I didn't have a power failure because none of my other electronics when off and back on like the PC did.

Is there something I can do (i.e. change the Power settings) to make sure that this doesn't happen again.

Thanks.

Answer:Why did my PC reboot itself? (Power supply possibly related)

It's most likely heat or failing power supply issue. I would check to see if all the fans are running and blow out the dust. I've seen cpu heatsinks that are totally plugged up with dust and lint. There are programs you can download to monitor temps. I think speedfan is one of them.

If the temps are ok, I would keep an eye on it. If it does it again, I would suspect the power supply...

1 more replies
Relevance 50.43%

[Please delete this thread it is no longer needed]

More replies
Relevance 50.02%

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:28:26 PM, on 4/25/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TiVo\Desktop\TranscodingService.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\TiVo Shared\Tr... Read more

Answer:Possibly Virus, Possibly Not Virus Unssure

We are in the process of researching and investigating your log. Please be patient as we do this and a Helper will respond as soon as possible.

4 more replies
Relevance 50.02%

How do i get rid of this virus (or any other virus that may be causing problems on my computer)? About 2-3 weeks ago, I keep receiving the message "Internet Explorer cannot display the webpage." I scanned my computer using Microsoft Security Essentials to see if there was a virus and found out that there was one by the name of win32/sirefef. I also needed to update Microsoft Security Essentials, but when i tried to do that, the update couldn't complete because I "wasn't connected to the Internet." I'm sure I'm connected because I'm sharing the connection with another computer and it works fine.

I went to Microsoft's article "prevent and remove viruses and other malware" (http://support.microsoft.com/kb/129972/en-us) and followed the steps. One of the steps was to reset the Internet Proxy settings in order for me to download/install things that I needed, and so I manually reset it myself (since I couldn't run the "fix it for me program"). After I did this, the message still pops up. What can I do now? Any help is appreciated. Thanks in advance!

The infected computer is a Windows XP, and I'm currently using another PC since the infected computer cannot access the Internet.

Answer:Internet Explorer not responding due to win32/sirefef virus (or another possible virus)??

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) DownloadFSS Checkmark all the boxesClick on "Scan".Please copy and paste the log to your reply.

35 more replies
Relevance 49.2%

Need help. I have 2 computers 1 active and other one is older. The one computer that is active family uses alot. This computer has a big issue.

When you start windows vista in safe mode or regular, it will shut down in 4 minutes when you see the desktop shown. I tried system restore on a 2 month date to hopefully to clean it up, but it did not work. Mircosoft security doesn't detect it until it reaches the 4 minute mark.

The computer gives a pop up window says "windows occurred a problem and will shut down." I tracked the problem and found win32/Sirefef.AB, Sirefef.r , Sirefef.AH.
All was detected on this computer. I tried to put in a malware detector on it, within the 2 minute mark before it shuts down, but it doesn't make it. So I am using my old computer for investigating. Files are backed up in full.

This old computer has Avast pro, Spybot, and malware bytes anti malware. I just recently took the hard drive out(from the infected computer) and placed it in a exo case to see if I can fix it that way with this old computer. Please help before I get deeper in a hole.
 

Answer:Never faced this issue before,can someone help.I have Sirefef.r sirefef.ah sirefef.ab

10 more replies
Relevance 47.56%
Question: Sirefef virus

Hello,

I have several versions of the sirefef virus (not sure which one) on a Samsung NP-RF710. I am running Windows 7 64-bit. It has shut down my Mircosoft Security Essentials and forced my laptop to constantly restart every one minute. I would appreciate any help with this problem.

I am curently downloading Farbar Recovery Scan Tool and will post my log shortly. If you need any other scans as well, I will be glad to get those started.
Thank you.

Answer:Sirefef virus

Scan result of Farbar Recovery Scan Tool Version: 24-07-2012 02
Ran by SYSTEM at 24-07-2012 16:07:54
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11106408 2010-08-03] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2893096 2011-12-28] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKU\Michael Fadaie\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
HKU\Michael Fadaie\...\Run: [tmikanp] rundll32 "C:\Users\Michael Fadaie\AppData\Local\tmikanp.dll",tmikanp [15872 2012-07-23] ()
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Ant... Read more

27 more replies
Relevance 47.56%

Hi anybody can help me?
 
 
 Results of screen317's Security Check version 0.99.63  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
AVG Internet Security 2013      
Microsoft Security Essentials   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 TuneUp 2.4.6.4    
 TuneUp Utilities Language Pack (en-US) 
 JavaFX 2.1.1    
 Java 7 Update 7  
 Java version out of Date! 
 Adobe Flash Player 11.6.602.180  
 Adobe Reader 10.1.6 Adobe Reader out of Date!  
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 
 

Answer:Virus Sirefef.gen!C

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 10.7.2
Run by Naz at 22:20:03 on 2013-05-19
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.60.1033.18.2009.935 [GMT 8:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* ::: FOOTER (Change skin, language, mark as read, etc) ::: 6
AV: Microsoft Security Essentials *Enabled/Updated* ::: FOOTER (Change skin, language, mark as read, etc) ::: 5
SP: Windows Defender *Disabled/Updated* ::: FOOTER (Change skin, language, mark as read, etc) ::: 4
SP: AVG Internet Security 2013 *Enabled/Updated* ::: FOOTER (Change skin, language, mark as read, etc) ::: 3
SP: Microsoft Security Essentials *Enabled/Updated* ::: FOOTER (Change skin, language, mark as read, etc) ::: 2
FW: AVG Internet Security 2013 *Disabled* ::: FOOTER (Change skin, language, mark as read, etc) ::: 1
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVG\AVG2013\avgfws.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2013\avgui.exe... Read more

11 more replies
Relevance 47.56%
Question: Sirefef virus?

I have a problem, my computer is in a constant restarting loop. I got a pop up for a fake antivirus called Live Security Platinum. I tried to run MSE but I couldn't find it, so I redownloaded it and tried to run it. Then I got a message saying that windows was going to shut down after one minute, I have tried Start Up repair but it hasn't worked and I don't have time to run anything else. I am running Vista 32bit and would really like to get this problem fixed asap. Thank you

Answer:Sirefef virus?

Sirefef is difficult rootkit and trojan to threat... If it's to difficult I will report the topic to the 'Malware respone team' to better assist you.1. Run a scan With MBAM:Download Malwarebytes' Anti-Malware free version (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.Double-click mbam-setup.exe and follow the prompts to install the program.At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select Perform quick scan, then click Scan.When the scan is complete, click OK, then Show Results to view the results.Be sure that everything is checked, and click Remove Selected, always try first Quarantine.When completed, a log will open in Notepad.Post the log back here.Be sure to restart the computer.The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt2. Download TDDSKillerLaunch it.Click on change parameters-Select TDLFS file system.Click on "Scan".Please post the LOG report(log file should be in your C drive).3. Download aswMBRLaunch it. Allow it to download latest Avast! virus definitions.Click the "Scan... Read more

19 more replies
Relevance 47.56%
Question: Sirefef virus

I have only been using my new Windows 8 computer for a couple of weeks and now it appears to have a very serious virus. Windows security essentials continually detects a problem which it says it quarantines and removes, but it doesn't seem to actually work as the alert keeps coming up every couple of minutes. I've tried running scans on Malwarebytes, and it finds the Sisrefef virus. It removes it then says it has to restart the computer. After I've restarted the virus appears to be back. It seems to be affecting my Internet connection as well. Sometimes it says I'm connected and Internet just doesn't work, other times it disconnects me frequently, other times it just says there are no networks. Or the Wi-Fi doesn't work at all.

I would use the recovery disks but all my files are on the computer and I'm afraid of losing them. I have them on a separate partition on the same laptop, but I'm not sure if it will be affected or not.

Please help!

Answer:Sirefef virus

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

2 more replies
Relevance 47.56%
Question: Sirefef Virus

Hello All,

I am infected with what was termed to me as a sirefef virus on my PC. I was at the point where my McAfee was finding it and telling me to reboot so that it could remove it which never occurred after countless reboots. The program would tell me to find it and delete it manually but it was never in the location McAfee said it was. Eventually, I couldn't get on the internet at all. A friend's son, who is a IT major at university and has a background in this from working on PC's for a long time, isolated the problem and told me that I have a sirefef virus. I am not able to get on the internet but he has disabled all virus protection because it will only start the cycle up again. He's told me that I am not secure right not either. I am still getting redirected during searches too, it' so annoying. How can I get rid of this thing? Any help would greatly be appreciated!

Answer:Sirefef Virus

Can you connect to internet in safemode with networking?If not ,copy these tools to the infected PCDownloadFarbar Service Scanner Checkmark all the boxesClick on "Scan".Please copy and paste the log to your reply.DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive)

13 more replies
Relevance 47.56%
Question: virus sirefef

hallo

My computer has the Win32/sirefef.R and Win32/sirefef.AH virus.

I will appreciate any help!

thank you
 FRST.txt   27.96KB
  5 downloads
 Search.txt   838bytes
  5 downloads

Answer:virus sirefef

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete ... Read more

14 more replies
Relevance 47.56%

Hello

Just recently I found my computer running slower than usual and tabs opening by themselves while using internet explorer. Then I suddenly started getting warnings from my antivirus AVG free 2013 that two threats had been found; one of them was called Sirefef.a, and the other was called trojan-something(guess I should have made a note of its whole name). Anyway, apparently they were successfully moved to the virus vault, where I deleted them. But after that I kept getting the same warning with the same two threats every couple of minutes, even though I kept on deleting them.

I read that the most effective method of removing this virus is by manually removing it by booting up in safe mode with networking. I have tried this, but it won't boot up in safe mode; it starts to, but then a blue sceen of death flashes on the screen and the computer restarts.

Next I tried running Malwarebytes, Spybot search & destroy, TDSSKiller, and my AVG antivirus scan. Malwarebytes, which I ran first, was the only scan to find anything, and it apparently successfully removed all threats(Spybot and AVG found nothing, and TDSSKiller found a few suspicious objects, but they were just unsigned files, which I have been told to ignore).

Since running Malwarebytes, I no longer get AVG threat warnings, but my computer is still unable to boot up in safe mode, and it's still running slowly(CPU usage is high even when I'm doing nothing). My computer is 32-bit Windows XP ... Read more

Answer:Sirefef.a virus please help

Hello Messengerrobo,

Please reread the instructions of the Malware Removal Guide which states to attach the logs regardless if they found anything or not.

Doesn't sound like you ran MGtools.exe either. Remember to attach c:\MGlogs.zip.
 

31 more replies
Relevance 47.56%
Question: sirefef virus

I'm running Windows 7 x64 Ultimate and I seem to have the sirefef virus. When windows boots up, a window pops up and says that windows has encountered a critical error and will shut down in one minute.

Answer:sirefef virus

please run the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

2 more replies
Relevance 47.56%
Question: Sirefef Virus

Hello All,My computer is infected with a sirefef virus. I was receiving help for it here: http://www.bleepingcomputer.com/forums/topic458946.html and it was recommended that advanced tools would be needed. I followed the instructions and backed-up my computer, however, I was not able to enable a firewall. My computer would not allow it. Logs are below and attached. Thanks in an advance for all you do and for your help, it is much appreciated. DDS Log.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24Run by ssmartinez55 at 18:45:49 on 2012-07-02Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.4084.2618 [GMT -5:00].SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\Dell\DellDock\DockLogin.exeC:\Windows\system32&... Read more

Answer:Sirefef Virus

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

30 more replies
Relevance 47.56%

I went to sign onto facebook earlier and this is the message i received from google chrome....
 
Special case exception found for received certificate.
The certificate received has been flagged as erroneous. Please see http://support.google.com/chrome/?p=e_malware_Sirefef&hl=en-US for more details.The certificate received indicates that this computer is infected with Sirefef.gen!C.
Sirefef.gen!C is a computer virus that intercepts secure web connections and can steal passwords and other sensitive data.
Chrome recognises this virus, but it affects all software on the computer. Other browsers and software may continue to work but they are also affected and rendered insecure.
Microsoft Security Essentials can reportedly remove this virus. When the virus is removed, the warnings in Chrome will stop.
Microsoft Security Essentials is freely available from Microsoft at http://windows.microsoft.com/en-US/windows/security-essentials-download

You should not proceed, especially if you have never seen this warning before for this site.
 
I tried everything.. I tried the registry and alt ctrl delete, nothing worked.. please help!!!
 
[Moderator edit and note: thread moved to more appropriate forum. jgw]

Answer:How can I get rid of this virus? sirefef.gen

Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

1 more replies
Relevance 47.56%

Hi everyone, I was looking for assistance with a Sirefef.gen!C virus. I got the first sign of it yesterday morning when I was on Google Chrome. I try and go to google.com and get this screen

Being handy enough to delete some files in a Registry I tried my hand at it with the few online articles I found on it. However, I got kinda stuck when none of the malicous registries that were supposed to be there were there. My theory about this is that my laptop only runs in safe mode. I probably got the virus when I was in safe mode, used the computer when it was in safe mode, and it probably hasn't been running in Windows normally since the virus (also, maybe some registries don't work in safe mode?). Hopefully this quarantined the thing a bit lol

The symptoms of it haven't been too severe. The only thing noticeable is that I get redirected whenever I try to access any search engine (Google, Yahoo, Bing, etc.) and the a redirect site usually opens in another tab when I start a browser.

Hijack This Log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:45:10 PM, on 5/13/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.ex... Read more

Answer:Sirefef.gen!C Virus

bump
 

2 more replies
Relevance 47.56%

Hello,
I dont know what this is and my VP is popping up every so often telling me to clean this out. It, the VP (MS Security Essentials) is telling me to remove the software....I dont know what that means, or how to do it to be more accurate.
Can someone help me. I really dont know anything about computers so I'm sure I'm asking alot and I'm sorry for that.
That you,
Matt

Answer:sirefef virus is in my PC

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

1 more replies
Relevance 47.56%

Hi, I dont know why and how this happened but any help is good! This is my work laptop and I'm unable to use it right now. Thanks in advance
 

Answer:Sirefef.Y Virus, Help please

Welcome to Major Geeks!

Boot to System Recovery Options and run FRST again.
Type the below bolded text in the edit box after "Search:".

services.exe

Then click the Search button.

It will make a log (Search.txt) on the flash drive. Please attach this log to your next reply. (How to attach)
 

14 more replies
Relevance 47.56%
Question: Sirefef Virus

Hello,

I have several versions of the sirefef virus (not sure which one) on a Samsung NP-RF710. I am running Windows 7 64-bit. It has shut down my Mircosoft Security Essentials and forced my laptop to constantly restart every one minute. I would appreciate any help with this problem.

I am curently downloading Farbar Recovery Scan Tool and will post my log shortly. If you need any other scans as well, I will be glad to get those started.
Thank you.

Answer:Sirefef Virus

Scan result of Farbar Recovery Scan Tool Version: 24-07-2012 02
Ran by SYSTEM at 24-07-2012 16:07:54
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11106408 2010-08-03] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2893096 2011-12-28] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKU\Michael Fadaie\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
HKU\Michael Fadaie\...\Run: [tmikanp] rundll32 "C:\Users\Michael Fadaie\AppData\Local\tmikanp.dll",tmikanp [15872 2012-07-23] ()
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1082440 2012-04-04] (Malwarebytes Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget... Read more

3 more replies
Relevance 47.56%
Question: Sirefef-PL virus

Hi there,
 
I believe my laptop is infected with the below threat:
 
Threat: Win32:Sirefef-PL [rtk]
 
Strangely, it started with a call from my internet provider saying that one of my home devices is infected and that they will disconnect my internet connection if I don't take action in 48 hrs. I came home, ran the avast and mbam scans and found that the laptop at home was infected with the above virus. Below is the sequence of events:
- Ran avast scan, tried to remove the threat
- Ram mbam scan, tried to remove threat, asked for a reboot
- At the start of the reboot, I got the virus threat notification
- I skipped 'scan' prior to/ during boot as I don't know how that will go
- Once in windows, ran mbam again. No threats found
- Ran avast scan again, same threat along with few others showed up
 
Any help getting rid of this would be greatly appreciated!
 
Thank you.
 
 
 

Answer:Sirefef-PL virus

Hello hailog

Lets do these.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Download TDSSKiller and save it to your desktop.
Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

Last run ESET.
Hold down Control and click on this link to open ESET OnlineScan in a new window.Click the button.For alternate browsers only: (Micro... Read more

14 more replies
Relevance 47.56%
Question: Sirefef Virus

The viruses disabled MSE, Windows firewall, Windows updates. Reinstalling MSE was successful and it caught a numerous sirefef viruses. Please help me to totally remove the viruses, and restore Windows firewall and Windows Updates. Thanks.

Answer:Sirefef Virus

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

11 more replies
Relevance 47.56%
Question: Sirefef Virus

Hello to all at Bleeping Computer. A friend referred this site to me so I figured I'd see if anyone here could help. Microsoft Security Essentials notified me the other day that I had been infected with the Sirefef virus.-I am running 64-bit Windows 7 Ultimate.-I uninstalled MSE which seems to have stopped the constant rebooting for the time being so I could attempt to troubleshoot the problem.-Noticed instructions from another post so figured I'd try to those to at least get the ball rolling-Downloaded FRST and ran the Scan option.-Also ran a search for "services.exe"-First displaying the FRST.txt file then the Search.txt fileFRST.txtScan result of Farbar Recovery Scan Tool Version: 15-07-2012Ran by SYSTEM at 15-07-2012 21:58:21Running from G:\Windows 7 Ultimate (X64) OS Language: English(US) The current controlset is ControlSet001========================== Registry (Whitelisted) =============HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2011-01-11] (LogMeIn, Inc.)HKLM\...\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe" [x]HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)HKLM-x32\...\Run: [HP ... Read more

Answer:Sirefef Virus

HiPlease do the following:Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt start
SubSystems: [Windows] ==> ZeroAccess
HKLM-x32\...\Run: [] [x]
1 nxkkbcmo; \??\C:\Windows\system32\drivers\nxkkbcmo.sys [x]
C:\Windows\Installer\{5d9a7601-0143-907e-fd6e-793d701f4b0b}
C:\Users\Dustin\AppData\Local\{5d9a7601-0143-907e-fd6e-793d701f4b0b}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
endNOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating systemNow please enter System Recovery Options then select Command PromptRun FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.Reboot Normally.NEXTRefer to the ComboFix User&... Read more

10 more replies
Relevance 47.56%
Question: Sirefef virus

Hello, I have several versions of the sirefef virus (not sure which one) on my Toshiba Satellite Windows 7, 32 bit laptop. It has shut down my Mircosoft Security Essentials and forced my laptop to constantly restart every one minute. I have been following most of the sirefef topics and have started using the Farbar Recovery Scan Tool that was recommended and already uploaded it to my USB stick and did my first scan, can anyone help me on this?

Here's my FRST.txt log:

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 10-07-2012
Ran by SYSTEM at 12-07-2012 20:33:19
Running from F:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet003

========================== Registry (Whitelisted) =============

HKLM\...\Run: [] [x]
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%&... Read more

Answer:Sirefef virus

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

22 more replies
Relevance 47.56%
Question: sirefef-pl virus

Every time I use an antivirus program such as MBAM, Avast or iobit malware fighter, my AVG resident shield pops up and says that my C:\Windows\assembly\GAC_64\Desktop.ini is infected, though it cannot quarantine or delete the file. Also after posting my aswmbr, avenger, tdsskiller etc. logs in the other forum I recently had an unexpected shutdown. aswmbr was able to find C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk] but it and and other programs like avenger were unable to remove it.

Answer:sirefef-pl virus

Please do the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

16 more replies
Relevance 47.56%

Help me! I got the Sirefef virus. Can someone help me remove it? Got this message when accessing google chrome
 
 
The certificate received has been flagged as erroneous. Please see http://support.google.com/chrome/?p=e_malware_Sirefef&hl=en-US for more details.The certificate received indicates that this computer is infected with Sirefef.gen!C.
Sirefef.gen!C is a computer virus that intercepts secure web connections and can steal passwords and other sensitive data.
Chrome recognises this virus, but it affects all software on the computer. Other browsers and software may continue to work but they are also affected and rendered insecure.
Microsoft Security Essentials can reportedly remove this virus. When the virus is removed, the warnings in Chrome will stop.
Microsoft Security Essentials is freely available from Microsoft at http://windows.microsoft.com/en-US/windows/security-essentials-download

You should not proceed, especially if you have never seen this warning before for this site
 

Answer:Help! Sirefef Virus!

Hello Skepz! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 
Please download RogueKiller and save to the desktop.
Close all windows and browsers
Right-click the program and select 'Run as Administrator'
Press the scan button.
A report opens on the desktop named - RKreport.txt
Please post it in your next reply.
 
 

 
Regards,
Georgi

24 more replies
Relevance 47.56%
Question: Sirefef Virus

Hello,

I have several versions of the sirefef virus (not sure which one) on a Samsung NP-RF710. I am running Windows 7 64-bit. It has shut down my Mircosoft Security Essentials and forced my laptop to constantly restart every one minute. I would appreciate any help with this problem.

I am curently downloading Farbar Recovery Scan Tool and will post my log shortly. If you need any other scans as well, I will be glad to get those started.
Thank you.
 

Answer:Sirefef Virus

Scan result of Farbar Recovery Scan Tool Version: 24-07-2012 02
Ran by SYSTEM at 24-07-2012 16:07:54
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11106408 2010-08-03] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2893096 2011-12-28] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKU\Michael Fadaie\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
HKU\Michael Fadaie\...\Run: [tmikanp] rundll32 "C:\Users\Michael Fadaie\AppData\Local\tmikanp.dll",tmikanp [15872 2012-07-23] ()
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1082440 2012-04-04] (Malwarebytes Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
... Read more

3 more replies
Relevance 47.56%

So I was told to post here..I have never had trouble with a virus before and I haven't even really had any viruses either, but I'm really having trouble with this one and I'm completely clueless on what to do...So I was googleing on my laptop when suddenly that one fake virus scan add popped up out of nowhere and gave me this stupid virus.Security Essentials saysWin32/Sirefef.AGWin32/Sirefef.ALWin32/SirefefIt cleans them but if I'm connected to the internet they come back minutes later.. I tried Malwarebytes and it took 12 hours but didn't find anything..Then today my C drive randomly starts filling up. I had 40GBs and now I have none which scares me..I'm clueless and would greatly appreciate help..I have been non-stop working with it for 3 days now.. I started backing up files but I can't move files to a usb since my C drive is now full.. and when I delete something it just fills back up so I can't really back up anything.Oh and I'm running Windows XPAnd since my hard drive is full and stays full I can't download anything so I don't know what to do.When I try to go into Safe Mode(any of them) I get a BSOD crash.Also I can't save the logs because the virus keeps filling up my C drive so I can't save anything.

Answer:Sirefef Virus Help.

Hi!This appears to be the same computer that you posted about here: http://www.bleepingcomputer.com/forums/topic457186.html/page__view__findpost__p__2732923__fromsearch__1To avoid any confusion, I'm going to close this thread up.Please respond to the thread above.This thread is now locked.-ST.

1 more replies
Relevance 47.56%

Looks like I'm another victim of the Sirefef virus. Microsoft Security Essentials tells me I'm infected with many variants of Sirefef, including Sirefef.R, Sirefef.AB, and Sirefef.AH

My PC is now stuck in the error loop of restarting every 60 seconds, even in safe mode. The error message I receive is: "Windows has encountered a critical problem and will restart automatically in one minute. Please save your work now."

I tried to abort the system shutdown via command prompt: "shutdown a/", but that didn't work. Therefore, I'm stuck in this restart loop and unable to troubleshoot/proceed further without assistance.

The infected PC is an older Acer, running Windows Vista, 32 bit.

I have read other threads and have already done the following:

1) Downloaded and ran Farbar Recovery Scan.
= = = = = = = = = = = = = = = = = = Here Are The Results = = = = = = = = = = = = = = = = = = = = = = = = = =

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 13-07-2012
Ran by Owner at 13-07-2012 14:13:32
Running from E:\
Service Pack 2 (X86) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.
============ One Month Created Files and Folders ==============

2012-07-13 14:13 - 2012-07-13 14:13 - 00000000 ____D C:\FRST
2012-0... Read more

Answer:Sirefef virus help please

To further help things along I went ahead and tried to run this:= = = = = = = = = = = = = = = = = = = = = = = services.exeIt then should look like:Search: services.exeClick Search button and post the log (Search.txt) it makes to your reply.= = = = = = = = = = = = = = = = = = = = = = = However, my system restarted before the search was completed.Here is a screen capture of what Security Essentials reported.

23 more replies
Relevance 47.56%

I tried signing into my facebook today, and this is the message I received from google chrome...
 
 
Special case exception found for received certificate.
The certificate received has been flagged as erroneous. Please see http://support.google.com/chrome/?p=e_malware_Sirefef&hl=en-US for more details.The certificate received indicates that this computer is infected with Sirefef.gen!C.
Sirefef.gen!C is a computer virus that intercepts secure web connections and can steal passwords and other sensitive data.
Chrome recognises this virus, but it affects all software on the computer. Other browsers and software may continue to work but they are also affected and rendered insecure.
Microsoft Security Essentials can reportedly remove this virus. When the virus is removed, the warnings in Chrome will stop.
Microsoft Security Essentials is freely available from Microsoft at http://windows.microsoft.com/en-US/windows/security-essentials-download

You should not proceed, especially if you have never seen this warning before for this site.
 
I tried the registry thing and alt ctrl delete, spybot, nothing will work... please help!!

Answer:How can I get rid of this virus? sirefef.gen

Hello felicia128xo I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the s... Read more

3 more replies
Relevance 47.56%
Question: Sirefef Virus

Hello, I recently encountered a problem with my computer where a critical error would occur every minute requiring an immediate restart. I couldn't run any scans because of this, I ran a system restore and was able to run scan programs as the error hasn't been popping up yet. I didn't complete the GMER scan as all the boxes above services was greyed out. Thank you very much appreciate any help.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Dan at 0:56:00 on 2012-08-03
.
============== Running Processes ===============
.
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXS... Read more

Answer:Sirefef Virus

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

3 more replies
Relevance 47.56%
Question: Sirefef virus

Not sure how I got this, I don't recall installing anything lately or visiting any out of the way websites but here it is!

I was websurfing and started getting notified that pages I was going had bad security certs and then I started getting redirected altogether.
MSE identified it as sirefef and claims it cleaned it but no such luck.

Within a few minutes of booting, I get an error saying "You are about to be logged off windows has encountered a critical problem and will restart in one minute please save your work." I'm usually a good Google DIYer but nothing I've come across has worked. Even Safe Mode is not free from this pest.
Tried System Repair. Says there is nothing to fix.
Unable to do a system restore
Tried using ESET fixes. Don't have enough time to run the scan before forced reboot.
I would have no problem nuking the whole thing and doing a new install but there are files I need to get off the PC and it won't stay running long enough to do that.

I'm running Vista 64-bit and thankfully have a laptop (XP) and flash drives.
I don't have a Vista DVD, thanks Gateway! I do have Gateway restore DVDs but don't know if that's the same thing as far as trying to boot from it (if needed)?
Thank you in advance for your help!

Answer:Sirefef virus

Does the RESTART happens in safemode?(not safemode with networking)If yesRestart the PCPress F8 on bootupSelect REPAIR YOUR COMPUTERClick on REPAIROn the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand PromptCan you get to this screen?

15 more replies
Relevance 47.56%

Hello all,

I'm a first time poster here and have come here looking for help in resolving my infection issue. I followed the directions in the read first thread and will post my logs. I am / was experiencing the following issues:


Firefox would redirect to various pages such as newsfudge.com. Since proceeding through the read first post, and also running goored? I have not noticed this recently.
Sometimes browsing seems to be incredibly slow, possibly related to the redirections.
Since attempting to troubleshoot this issue (Microsoft Security Essentials), it is believed that this is causing the following issue:

! You are about to be logged off
Windows has encountered a critical probelm and will restart automatically in one minute. Please save your work now.

If I let the computer restart itself, then this will keep happening. I have learned to "interrupt" it by running a normal restart after the message pops up. So far everytime the computer comes back I won't get the message. If I restart again, it will happen again. I haven't noticed anything in particular relating to this in the system log.

While not experiencing problems with the programs to resolve issues like this, I have noted that it has prevented me from patching games such as Rift. I believe this is related.
While working in safemode sometimes I noticed Adobe Flash 11.3 installer would frequently run trying to get me to install it. I do believe there was a massive security thr... Read more

Answer:Win32/Sirefef.AB & Win64/Sirefef.P; Browser Redirection, Windows Critical, Restarts

Re: Win32/Sirefef.AB & Win64/Sirefef.P; Browser Redirection, Windows Critical, Restar

Welcome to Major Geeks!


Rescan with HitmanPro, when it finds services.exe - Virus, allow it to Replace by clicking the down arrow next to the detection and choosing Replace.

Also allow Hitman to delete the C:\Windows\assembly\GAC_32\Desktop.ini piece of the infection
Afterwards, click the Next button.
HitmanPro may want to reboot the PC in order for the changes to take affect, please do so.
Reboot back into normal Windows and run another scan with HitmanPro and then attach the latest hitmanpro.zip log.
Also do the below:

Delete the below folders if found:
C:\Windows\installer\{5efa2d27-76c5-fff1-abd3-fdc5fc0c9d41}
C:\Users\Administrator\AppData\Local\{5efa2d27-76c5-fff1-abd3-fdc5fc0c9d41}


Download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista or Win7, make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )


Now attach the below log:

C:\MGlogs.zip
Make sure you tell me how things are working now!
 

1 more replies
Relevance 47.56%

Hello,

Yesterday my PC was infected with the Live Security Virus. It's an HP desktop running Win Vista Home Premium.

I was able to download AntiMalwarebytes and run it to remove the Live Security Virus.

Afterwards MSE would not run, so I uninstalled it, and reinstalled.

After rebooting, MSE detected the sirefef.ah and sirefef.r viruses, but before it can clean them the PC gives a warning that it had a critical error, and will restart in a minute. It then restarts.

I tried downloading TDSSkiller only a flash drive on this PC (my laptop), plugged it into the infected PC and ran it, but it didn't find anything. Sure enough, it then shut down again.

MSE will detect the viruses, but doesn't have enough time to deal with them.

I'd love some help! What should I try next?

Thanks!
Ian

Answer:Infected with sirefef.ah and sirefef.r after Live Security Update - reboots every minute

Ignore this for now, I've taken the PC into a local shop. I just don't have the time right now to figure this out on my own. I will post any solutions they tell me.

Thanks anyway, I'll be back for other issues I'm sure!

22 more replies
Relevance 47.15%

Went to a Bible site, Bible.org of all places and picked up this particularly pernicious virus, AVG nor Malwarebytes  can seem to get rid of it.*Moderator Edit: Moved topic from  to the appropriate forum. ~ Queen-Evie*

Answer:how to remove the sirefef.gen!c virus

Hello, It would be good if you can contact their Webmaster and advise them.EDIT:http://bible.org/article/contact-us  Now on to you. Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:•Link 1•Link 2•Link 3•Link 4•In order for Rkill to run properly you must disable your anti-malware software.  Please refer to this page if you are not sure how.•Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)?Note:  You may have to run Rkill a few times before it is successful.  You may also have to download Rkill from a different link which will save it as a different file name.•A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.•An Rkill.log will appear.  Please copy and paste the contents in your reply (file also located at c:\rkill.log)•Do not reboot your computer after running Rkill as the malware programs will start again.  If your computer reboots, run Rkill again before continuing on to the next step.•If nothing happens or if the tool does not run, please let me know in your next reply.  Please Download TDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C ... Read more

1 more replies
Relevance 47.15%
Question: Luhe.sirefef Virus

I really appreciate what you guys do here. Thank you very much in advance.

I was playing some online games, when I began having immensely trafficked internet connection. I began doing scans with AVG and Malwarebytes, and after I discovered I had traces of this virus on my PC, I did some google searches. Whenever I clicked on a link I got the infamous redirection to a rogue site. When I try turning on windows firewall I get the message "Windows Firewall can't change some of your settings. Error code 0x8007042c" I also noticed my user account was changed to standard, rather than it usually being administrator, and I cannot change administrator settings, even on the default administrator account.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.4.0
Run by Chris at 3:31:17 on 2012-07-28
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8175.5347 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\... Read more

Answer:Luhe.sirefef Virus

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/462827 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 47.15%

I've got the Sirefef.Y virus on my Win 7 x64 laptop like others have reported recently and would appreciate your help in getting rid of it.

The FRST Scan log and Search log are attached

thanks,

Aman
 

Answer:help to remove sirefef.y virus

Welcome to Major Geeks!

Please do not cross post to multiple malware removal forums as it wastes precious resources.

Since you are already receiving help at the below site/link, I'm closing this thread on Major Geeks.

http://www.techspot.com/community/topics/help-to-remove-sirefef-y-virus.181975/
 

1 more replies
Relevance 47.15%

Hi everyone

This seems to be one of the best computer experts sites on the web, I really hope you can help me with my problem. This morning I found my PC infected with this terrible Luhe.Sirefef.A backdoor virus. Services.exe is infected, and AVG detects that c:/windows/assembly/GAC_64/Desktop.ini is infected too. I tried running Malwarebytes Anti-Malware, founded some infected elements and eliminated them, but virus is still there. Maybe should I replace the infected services.exe with a clean copy of the file? (OS Windows 7 64 bit, service pack 1)
I don't know what I can do to eliminate the infection, I hope you can give me a hand with this.

Thanks everyone!

Answer:Luhe.Sirefef.A virus

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

16 more replies
Relevance 47.15%

hi i have no antivirus registered but i have the trial version or norton that came with this machine. there is a pop up from windows defender that shows i have some virus called sirfef.an. i select remove from the drop down menu and click remove and it shows that it does it. about 5-10 mins later the same thing comes up. my machine is not necessarily slow and the home page ... have not changed. however i do notice the analyze button on the hijackthis.de page does not show the analyze button and when i click on analyze from the client it says no internet connection available but here i am connected to your site. i had bittorent installed but as your instructions show it must be/reccomended to remove so i did it.

Note that when i did the analyze hjt log it showed svchosts.exe is running from C:\windows\SysWOW64\svchost.exe.

here is my HJT log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:21:46 AM, on 15/02/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Tencent\QQIntl\Bin\TXPlatform.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\P... Read more

Answer:sirefef.an virus how to remove

12 more replies
Relevance 47.15%

I have windows essentials security on my desktop and when I went to run it on my computer today I saw that it was out of date and needed to be reinstalled. I reinstalled it and thats when I start getting a pop up saying that three potential threats had been found on my computer. One being virus win32/sirefef.r and then two trojan Win32/Sirefef.AB and Win32/Sirefef.AH. I have tried to run my computer in safe mode with networking but I keep getting a pop window that says my computer has experienced an error and will restart in one minute. Please help

Answer:Help with virus win32/sirefef.r

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

2 more replies